nodebb/src/privileges/categories.js


'use strict';

var async = require('async'),

	user = require('../user'),
	categories = require('../categories'),
	groups = require('../groups'),
	helpers = require('./helpers');


module.exports = function(privileges) {

	privileges.categories = {};

	privileges.categories.get = function(cid, uid, callback) {
		async.parallel({
			'topics:create': function(next) {
				helpers.isUserAllowedTo('topics:create', uid, [cid], next);
			},
			read: function(next) {
				helpers.isUserAllowedTo('read', uid, [cid], next);
			},
			isAdministrator: function(next) {
				user.isAdministrator(uid, next);
			},
			isModerator: function(next) {
				user.isModerator(uid, cid, next);
			}
		}, function(err, results) {
			if (err) {
				return callback(err);
			}

			var isAdminOrMod = results.isAdministrator || results.isModerator;

			callback(null, {
				'topics:create': results['topics:create'][0] || isAdminOrMod,
				editable: isAdminOrMod,
				view_deleted: isAdminOrMod,
				read: results.read[0] || isAdminOrMod
			});
		});
	};

	privileges.categories.can = function(privilege, cid, uid, callback) {
		categories.getCategoryField(cid, 'disabled', function(err, disabled) {
			if (err) {
				return callback(err);
			}

			if (parseInt(disabled, 10) === 1) {
				return callback(null, false);
			}

			helpers.some([
				function(next) {
					helpers.isUserAllowedTo(privilege, uid, [cid], function(err, results) {
						next(err, Array.isArray(results) && results.length ? results[0] : false);
					});
				},
				function(next) {
					user.isModerator(uid, cid, next);
				},
				function(next) {
					user.isAdministrator(uid, next);
				}
			], callback);
		});
	};

	privileges.categories.filterCids = function(privilege, cids, uid, callback) {
		if (!cids.length) {
			return callback(null, []);
		}

		cids = cids.filter(function(cid, index, array) {
			return array.indexOf(cid) === index;
		});

		async.parallel({
			allowedTo: function(next) {
				helpers.isUserAllowedTo(privilege, uid, cids, next);
			},
			isModerators: function(next) {
				user.isModerator(uid, cids, next);
			},
			isAdmin: function(next) {
				user.isAdministrator(uid, next);
			}
		}, function(err, results) {
			if (err) {
				return callback(err);
			}

			if (results.isAdmin) {
				return callback(null, cids);
			}

			cids = cids.filter(function(cid, index) {
				return results.allowedTo[index] || results.isModerators[index];
			});
			callback(null, cids);
		});
	};

	privileges.categories.filterUids = function(privilege, cid, uids, callback) {
		if (!uids.length) {
			return callback(null, []);
		}

		uids = uids.filter(function(uid, index, array) {
			return array.indexOf(uid) === index;
		});

		async.parallel({
			allowedTo: function(next) {
				helpers.isUsersAllowedTo(privilege, uids, cid, next);
			},
			isModerators: function(next) {
				user.isModerator(uids, cid, next);
			},
			isAdmin: function(next) {
				user.isAdministrator(uids, next);
			}
		}, function(err, results) {
			if (err) {
				return callback(err);
			}

			uids = uids.filter(function(uid, index) {
				return results.allowedTo[index] || results.isModerators[index] || results.isAdmin[index];
			});
			callback(null, uids);
		});
	};

	privileges.categories.isAdminOrMod = function(cids, uid, callback) {
		async.parallel({
			isModerators: function(next) {
				user.isModerator(uid, cids, next);
			},
			isAdmin: function(next) {
				user.isAdministrator(uid, next);
			}
		}, function(err, results) {
			if (err) {
				return callback(err);
			}

			var returnData = new Array(cids.length);
			for (var i=0; i<cids.length; ++i) {
				returnData[i] = results.isAdmin || results.isModerators[i];
			}

			callback(null, returnData);
		});
	};

	privileges.categories.canMoveAllTopics = function(currentCid, targetCid, uid, callback) {
		async.parallel({
			isAdministrator: function(next) {
				user.isAdministrator(uid, next);
			},
			moderatorOfCurrent: function(next) {
				user.isModerator(uid, currentCid, next);
			},
			moderatorOfTarget: function(next) {
				user.isModerator(uid, targetCid, next);
			}
		}, function(err, results) {
			if (err) {
				return callback(err);
			}

			callback(null, results.isAdministrator || (results.moderatorOfCurrent && results.moderatorOfTarget));
		});
	};

	privileges.categories.userPrivileges = function(cid, uid, callback) {
		async.parallel({
			find: async.apply(groups.isMember, uid, 'cid:' + cid + ':privileges:find'),
			read: function(next) {
				groups.isMember(uid, 'cid:' + cid + ':privileges:read', next);
			},
			'topics:create': function(next) {
				groups.isMember(uid, 'cid:' + cid + ':privileges:topics:create', next);
			},
			'topics:reply': function(next) {
				groups.isMember(uid, 'cid:' + cid + ':privileges:topics:reply', next);
			},
			mods: function(next) {
				user.isModerator(uid, cid, next);
			}
		}, callback);
	};

	privileges.categories.groupPrivileges = function(cid, groupName, callback) {
		async.parallel({
			'groups:find': async.apply(groups.isMember, groupName, 'cid:' + cid + ':privileges:groups:find'),
			'groups:read': function(next) {
				groups.isMember(groupName, 'cid:' + cid + ':privileges:groups:read', next);
			},
			'groups:topics:create': function(next) {
				groups.isMember(groupName, 'cid:' + cid + ':privileges:groups:topics:create', next);
			},
			'groups:topics:reply': function(next) {
				groups.isMember(groupName, 'cid:' + cid + ':privileges:groups:topics:reply', next);
			}
		}, callback);
	};

};
more work on #1518 still needs more work, category is next 11 years ago
			`'use strict';`

			`var async = require('async'),`

			`user = require('../user'),`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`categories = require('../categories'),`
closes #1518 11 years ago			`groups = require('../groups'),`
more work on #1518 still needs more work, category is next 11 years ago			`helpers = require('./helpers');`


			`module.exports = function(privileges) {`

			`privileges.categories = {};`

closes #1518 11 years ago			`privileges.categories.get = function(cid, uid, callback) {`
			`async.parallel({`
			`'topics:create': function(next) {`
added filterUids method to privileges used to filter uids on a single category 11 years ago			`helpers.isUserAllowedTo('topics:create', uid, [cid], next);`
closes #1518 11 years ago			`},`
			`read: function(next) {`
added filterUids method to privileges used to filter uids on a single category 11 years ago			`helpers.isUserAllowedTo('read', uid, [cid], next);`
closes #1518 11 years ago			`},`
			`isAdministrator: function(next) {`
			`user.isAdministrator(uid, next);`
			`},`
			`isModerator: function(next) {`
			`user.isModerator(uid, cid, next);`
			`}`
			`}, function(err, results) {`
fix typo in ajaxify, closes #2279 10 years ago			`if (err) {`
closes #1518 11 years ago			`return callback(err);`
			`}`

fix typo in ajaxify, closes #2279 10 years ago			`var isAdminOrMod = results.isAdministrator \|\| results.isModerator;`
closes #1518 11 years ago
			`callback(null, {`
only use multipart on upload routes, delete temp files if there is an error in admin, admin/mods should see topic reply 10 years ago			`'topics:create': results['topics:create'][0] \|\| isAdminOrMod,`
fix typo in ajaxify, closes #2279 10 years ago			`editable: isAdminOrMod,`
			`view_deleted: isAdminOrMod,`
			`read: results.read[0] \|\| isAdminOrMod`
closes #1518 11 years ago			`});`
			`});`
			`};`

added new privilege "find", added guest meta group, closed #1282 11 years ago			`privileges.categories.can = function(privilege, cid, uid, callback) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`categories.getCategoryField(cid, 'disabled', function(err, disabled) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`if (parseInt(disabled, 10) === 1) {`
			`return callback(null, false);`
			`}`

			`helpers.some([`
			`function(next) {`
added filterUids method to privileges used to filter uids on a single category 11 years ago			`helpers.isUserAllowedTo(privilege, uid, [cid], function(err, results) {`
privilege fix for single category check 11 years ago			`next(err, Array.isArray(results) && results.length ? results[0] : false);`
			`});`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`},`
			`function(next) {`
			`user.isModerator(uid, cid, next);`
			`},`
			`function(next) {`
			`user.isAdministrator(uid, next);`
			`}`
			`], callback);`
			`});`
			`};`

added filterUids method to privileges used to filter uids on a single category 11 years ago			`privileges.categories.filterCids = function(privilege, cids, uid, callback) {`
early outs for privs no need to check if empty array is passed in, happens if there are no unread topics remove dupe cids before checking for privileges 11 years ago			`if (!cids.length) {`
			`return callback(null, []);`
			`}`

			`cids = cids.filter(function(cid, index, array) {`
			`return array.indexOf(cid) === index;`
			`});`

optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`async.parallel({`
			`allowedTo: function(next) {`
added filterUids method to privileges used to filter uids on a single category 11 years ago			`helpers.isUserAllowedTo(privilege, uid, cids, next);`
added new privilege "find", added guest meta group, closed #1282 11 years ago			`},`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`isModerators: function(next) {`
			`user.isModerator(uid, cids, next);`
added new privilege "find", added guest meta group, closed #1282 11 years ago			`},`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`isAdmin: function(next) {`
added new privilege "find", added guest meta group, closed #1282 11 years ago			`user.isAdministrator(uid, next);`
			`}`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`}, function(err, results) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`if (results.isAdmin) {`
			`return callback(null, cids);`
			`}`

			`cids = cids.filter(function(cid, index) {`
			`return results.allowedTo[index] \|\| results.isModerators[index];`
			`});`
			`callback(null, cids);`
			`});`
added new privilege "find", added guest meta group, closed #1282 11 years ago			`};`

added filterUids method to privileges used to filter uids on a single category 11 years ago			`privileges.categories.filterUids = function(privilege, cid, uids, callback) {`
			`if (!uids.length) {`
			`return callback(null, []);`
			`}`

			`uids = uids.filter(function(uid, index, array) {`
			`return array.indexOf(uid) === index;`
			`});`

			`async.parallel({`
			`allowedTo: function(next) {`
			`helpers.isUsersAllowedTo(privilege, uids, cid, next);`
			`},`
			`isModerators: function(next) {`
			`user.isModerator(uids, cid, next);`
			`},`
			`isAdmin: function(next) {`
			`user.isAdministrator(uids, next);`
			`}`
			`}, function(err, results) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`uids = uids.filter(function(uid, index) {`
			`return results.allowedTo[index] \|\| results.isModerators[index] \|\| results.isAdmin[index];`
			`});`
			`callback(null, uids);`
			`});`
			`};`

optimize getTopicsByTids and getTeasers 11 years ago			`privileges.categories.isAdminOrMod = function(cids, uid, callback) {`
			`async.parallel({`
			`isModerators: function(next) {`
			`user.isModerator(uid, cids, next);`
			`},`
			`isAdmin: function(next) {`
			`user.isAdministrator(uid, next);`
			`}`
			`}, function(err, results) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`var returnData = new Array(cids.length);`
			`for (var i=0; i<cids.length; ++i) {`
			`returnData[i] = results.isAdmin \|\| results.isModerators[i];`
			`}`

			`callback(null, returnData);`
			`});`
			`};`

closes #1518 11 years ago			`privileges.categories.canMoveAllTopics = function(currentCid, targetCid, uid, callback) {`
			`async.parallel({`
			`isAdministrator: function(next) {`
			`user.isAdministrator(uid, next);`
			`},`
			`moderatorOfCurrent: function(next) {`
			`user.isModerator(uid, currentCid, next);`
			`},`
			`moderatorOfTarget: function(next) {`
			`user.isModerator(uid, targetCid, next);`
			`}`
			`}, function(err, results) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`callback(null, results.isAdministrator \|\| (results.moderatorOfCurrent && results.moderatorOfTarget));`
			`});`
			`};`

			`privileges.categories.userPrivileges = function(cid, uid, callback) {`
			`async.parallel({`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`find: async.apply(groups.isMember, uid, 'cid:' + cid + ':privileges:find'),`
closes #1518 11 years ago			`read: function(next) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`groups.isMember(uid, 'cid:' + cid + ':privileges:read', next);`
closes #1518 11 years ago			`},`
			`'topics:create': function(next) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`groups.isMember(uid, 'cid:' + cid + ':privileges:topics:create', next);`
closes #1518 11 years ago			`},`
			`'topics:reply': function(next) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`groups.isMember(uid, 'cid:' + cid + ':privileges:topics:reply', next);`
closes #1518 11 years ago			`},`
			`mods: function(next) {`
			`user.isModerator(uid, cid, next);`
			`}`
			`}, callback);`
			`};`

			`privileges.categories.groupPrivileges = function(cid, groupName, callback) {`
			`async.parallel({`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`'groups:find': async.apply(groups.isMember, groupName, 'cid:' + cid + ':privileges:groups:find'),`
closes #1518 11 years ago			`'groups:read': function(next) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`groups.isMember(groupName, 'cid:' + cid + ':privileges:groups:read', next);`
closes #1518 11 years ago			`},`
			`'groups:topics:create': function(next) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`groups.isMember(groupName, 'cid:' + cid + ':privileges:groups:topics:create', next);`
closes #1518 11 years ago			`},`
			`'groups:topics:reply': function(next) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`groups.isMember(groupName, 'cid:' + cid + ':privileges:groups:topics:reply', next);`
closes #1518 11 years ago			`}`
			`}, callback);`
			`};`

more work on #1518 still needs more work, category is next 11 years ago			`};`