nodebb/src/privileges/posts.js


'use strict';

var async = require('async'),
	winston = require('winston'),

	posts = require('../posts'),
	topics = require('../topics'),
	user = require('../user'),
	helpers = require('./helpers'),
	groups = require('../groups'),
	categories = require('../categories'),
	plugins = require('../plugins');

module.exports = function(privileges) {

	privileges.posts = {};

	privileges.posts.get = function(pids, uid, callback) {
		if (!Array.isArray(pids) || !pids.length) {
			return callback(null, []);
		}
		async.parallel({
			manage: function(next) {
				helpers.hasEnoughReputationFor(['privileges:manage_content', 'privileges:manage_topic'], uid, next);
			},
			isAdministrator: function(next) {
				user.isAdministrator(uid, next);
			},
		}, function(err, userResults) {
			if(err) {
				return callback(err);
			}

			var userPriv = userResults.isAdministrator || userResults.manage;

			async.parallel({
				isOwner: function(next) {
					posts.isOwner(pids, uid, next);
				},
				isModerator: function(next) {
					posts.isModerator(pids, uid, next);
				}
			}, function(err, postResults) {
				if (err) {
					return callback(err);
				}

				var privileges = [];

				for (var i=0; i<pids.length; ++i) {
					var editable = userPriv || postResults.isModerator[i] || postResults.isOwner[i];
					privileges.push({
						editable: editable,
						view_deleted: editable,
						move: userResults.isAdministrator || postResults.isModerator[i]
					});
				}

				callback(null, privileges);
			});
		});
	};

	privileges.posts.can = function(privilege, pid, uid, callback) {
		posts.getCidByPid(pid, function(err, cid) {
			if (err) {
				return callback(err);
			}

			privileges.categories.can(privilege, cid, uid, callback);
		});
	};

	privileges.posts.filter = function(privilege, pids, uid, callback) {
		if (!Array.isArray(pids) || !pids.length) {
			return callback(null, []);
		}
		posts.getCidsByPids(pids, function(err, cids) {
			if (err) {
				return callback(err);
			}

			pids = pids.map(function(pid, index) {
				return {pid: pid, cid: cids[index]};
			});

			privileges.categories.filterCids(privilege, cids, uid, function(err, cids) {
				if (err) {
					return callback(err);
				}

				pids = pids.filter(function(post) {
					return cids.indexOf(post.cid) !== -1;
				}).map(function(post) {
					return post.pid;
				});

				plugins.fireHook('filter:privileges.posts.filter', {
					privilege: privilege,
					uid: uid,
					pids: pids
				},  function(err, data) {
					callback(err, data ? data.pids : null);
				});
			});
		});
	};

	privileges.posts.canEdit = function(pid, uid, callback) {
		helpers.some([
			function(next) {
				isPostTopicLocked(pid, function(err, isLocked) {
					if (err || isLocked) {
						return next(err, false);
					}

					helpers.some([
						function(next) {
							posts.isOwner(pid, uid, next);
						},
						function(next) {
							helpers.hasEnoughReputationFor(['privileges:manage_content', 'privileges:manage_topic'], uid, next);
						}
					], next);
				});
			},
			function(next) {
				isAdminOrMod(pid, uid, next);
			}
		], callback);
	};

	privileges.posts.canMove = function(pid, uid, callback) {
		posts.isMain(pid, function(err, isMain) {
			if (err || isMain) {
				return callback(err || new Error('[[error:cant-move-mainpost]]'));
			}
			isAdminOrMod(pid, uid, callback);
		});
	};

	function isPostTopicLocked(pid, callback) {
		posts.getPostField(pid, 'tid', function(err, tid) {
			if (err) {
				return callback(err);
			}
			topics.isLocked(tid, callback);
		});
	}

	function isAdminOrMod(pid, uid, callback) {
		helpers.some([
			function(next) {
				posts.getCidByPid(pid, function(err, cid) {
					if (err) {
						return next(err);
					}
					user.isModerator(uid, cid, next);
				});
			},
			function(next) {
				user.isAdministrator(uid, next);
			}
		], callback);
	}
};
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
			`'use strict';`

			`var async = require('async'),`
check privs pids 11 years ago			`winston = require('winston'),`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
			`posts = require('../posts'),`
closes #1735 11 years ago			`topics = require('../topics'),`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`user = require('../user'),`
			`helpers = require('./helpers'),`
			`groups = require('../groups'),`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 10 years ago			`categories = require('../categories'),`
			`plugins = require('../plugins');`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
			`module.exports = function(privileges) {`

			`privileges.posts = {};`

privileges.posts.get takes an array of pids now 11 years ago			`privileges.posts.get = function(pids, uid, callback) {`
crash fix 11 years ago			`if (!Array.isArray(pids) \|\| !pids.length) {`
			`return callback(null, []);`
			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`async.parallel({`
hasEnoughRep can take an array user follow uid checks 10 years ago			`manage: function(next) {`
			`helpers.hasEnoughReputationFor(['privileges:manage_content', 'privileges:manage_topic'], uid, next);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`},`
			`isAdministrator: function(next) {`
			`user.isAdministrator(uid, next);`
			`},`
privileges.posts.get takes an array of pids now 11 years ago			`}, function(err, userResults) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`if(err) {`
			`return callback(err);`
			`}`

hasEnoughRep can take an array user follow uid checks 10 years ago			`var userPriv = userResults.isAdministrator \|\| userResults.manage;`
privileges.posts.get takes an array of pids now 11 years ago
			`async.parallel({`
			`isOwner: function(next) {`
			`posts.isOwner(pids, uid, next);`
			`},`
			`isModerator: function(next) {`
anon checks less db calls for uid 0 10 years ago			`posts.isModerator(pids, uid, next);`
privileges.posts.get takes an array of pids now 11 years ago			`}`
			`}, function(err, postResults) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`var privileges = [];`

			`for (var i=0; i<pids.length; ++i) {`
			`var editable = userPriv \|\| postResults.isModerator[i] \|\| postResults.isOwner[i];`
			`privileges.push({`
			`editable: editable,`
			`view_deleted: editable,`
			`move: userResults.isAdministrator \|\| postResults.isModerator[i]`
			`});`
			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
privileges.posts.get takes an array of pids now 11 years ago			`callback(null, privileges);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`});`
			`});`
			`};`

privilege cleanup 11 years ago			`privileges.posts.can = function(privilege, pid, uid, callback) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`posts.getCidByPid(pid, function(err, cid) {`
			`if (err) {`
			`return callback(err);`
			`}`

privilege cleanup 11 years ago			`privileges.categories.can(privilege, cid, uid, callback);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`});`
			`};`

optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`privileges.posts.filter = function(privilege, pids, uid, callback) {`
posts/recent.js refactor 10 years ago			`if (!Array.isArray(pids) \|\| !pids.length) {`
early outs for privs no need to check if empty array is passed in, happens if there are no unread topics remove dupe cids before checking for privileges 11 years ago			`return callback(null, []);`
			`}`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`posts.getCidsByPids(pids, function(err, cids) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`pids = pids.map(function(pid, index) {`
			`return {pid: pid, cid: cids[index]};`
			`});`

added filterUids method to privileges used to filter uids on a single category 11 years ago			`privileges.categories.filterCids(privilege, cids, uid, function(err, cids) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`if (err) {`
			`return callback(err);`
			`}`

			`pids = pids.filter(function(post) {`
			`return cids.indexOf(post.cid) !== -1;`
			`}).map(function(post) {`
			`return post.pid;`
			`});`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 10 years ago
			`plugins.fireHook('filter:privileges.posts.filter', {`
			`privilege: privilege,`
			`uid: uid,`
			`pids: pids`
properly handling error for hook filter:privileges.posts.filter 10 years ago			`}, function(err, data) {`
			`callback(err, data ? data.pids : null);`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 10 years ago			`});`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`});`
			`});`
			`};`

first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`privileges.posts.canEdit = function(pid, uid, callback) {`
more work on #1518 still needs more work, category is next 11 years ago			`helpers.some([`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`function(next) {`
closes #1735 11 years ago			`isPostTopicLocked(pid, function(err, isLocked) {`
			`if (err \|\| isLocked) {`
			`return next(err, false);`
			`}`

			`helpers.some([`
			`function(next) {`
			`posts.isOwner(pid, uid, next);`
			`},`
			`function(next) {`
hasEnoughRep can take an array user follow uid checks 10 years ago			`helpers.hasEnoughReputationFor(['privileges:manage_content', 'privileges:manage_topic'], uid, next);`
closes #1735 11 years ago			`}`
			`], next);`
			`});`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`},`
			`function(next) {`
closes #1731 11 years ago			`isAdminOrMod(pid, uid, next);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`}`
more work on #1518 still needs more work, category is next 11 years ago			`], callback);`
			`};`

			`privileges.posts.canMove = function(pid, uid, callback) {`
closes #1725 removed move button from main post, disable moving main post, fixed moving posts. 11 years ago			`posts.isMain(pid, function(err, isMain) {`
			`if (err \|\| isMain) {`
			`return callback(err \|\| new Error('[[error:cant-move-mainpost]]'));`
			`}`
			`isAdminOrMod(pid, uid, callback);`
			`});`
closes #1731 11 years ago			`};`

closes #1735 11 years ago			`function isPostTopicLocked(pid, callback) {`
			`posts.getPostField(pid, 'tid', function(err, tid) {`
			`if (err) {`
			`return callback(err);`
			`}`
			`topics.isLocked(tid, callback);`
			`});`
			`}`

closes #1731 11 years ago			`function isAdminOrMod(pid, uid, callback) {`
more work on #1518 still needs more work, category is next 11 years ago			`helpers.some([`
			`function(next) {`
			`posts.getCidByPid(pid, function(err, cid) {`
			`if (err) {`
			`return next(err);`
			`}`
			`user.isModerator(uid, cid, next);`
			`});`
			`},`
			`function(next) {`
			`user.isAdministrator(uid, next);`
			`}`
			`], callback);`
closes #1731 11 years ago			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`};`