nodebb/src/privileges/posts.js


'use strict';

var async = require('async');

var meta = require('../meta');
var posts = require('../posts');
var topics = require('../topics');
var user = require('../user');
var helpers = require('./helpers');
var plugins = require('../plugins');

module.exports = function (privileges) {

	privileges.posts = {};

	privileges.posts.get = function (pids, uid, callback) {
		if (!Array.isArray(pids) || !pids.length) {
			return callback(null, []);
		}

		async.waterfall([
			function (next) {
				posts.getCidsByPids(pids, next);
			},
			function (cids, next) {
				async.parallel({
					isAdmin: async.apply(user.isAdministrator, uid),
					isModerator: async.apply(posts.isModerator, pids, uid),
					isOwner: async.apply(posts.isOwner, pids, uid),
					'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, cids),
					read: async.apply(helpers.isUserAllowedTo, 'read', uid, cids),
					'posts:edit': async.apply(helpers.isUserAllowedTo, 'posts:edit', uid, cids),
				}, next);
			}
		], function (err, results) {
			if (err) {
				return callback(err);
			}

			var privileges = [];

			for (var i = 0; i < pids.length; ++i) {
				var isAdminOrMod = results.isAdmin || results.isModerator[i];
				var editable = isAdminOrMod || (results.isOwner[i] && results['posts:edit'][i]);

				privileges.push({
					editable: editable,
					view_deleted: editable,
					move: isAdminOrMod,
					isAdminOrMod: isAdminOrMod,
					'topics:read': results['topics:read'][i] || isAdminOrMod,
					read: results.read[i] || isAdminOrMod
				});
			}

			callback(null, privileges);
		});
	};

	privileges.posts.can = function (privilege, pid, uid, callback) {
		posts.getCidByPid(pid, function (err, cid) {
			if (err) {
				return callback(err);
			}

			privileges.categories.can(privilege, cid, uid, callback);
		});
	};

	privileges.posts.filter = function (privilege, pids, uid, callback) {
		if (!Array.isArray(pids) || !pids.length) {
			return callback(null, []);
		}
		var cids;
		var postData;
		var tids;
		var tidToTopic = {};

		async.waterfall([
			function (next) {
				posts.getPostsFields(pids, ['uid', 'tid', 'deleted'], next);
			},
			function (_posts, next) {
				postData = _posts;
				tids = _posts.map(function (post) {
					return post && post.tid;
				}).filter(function (tid, index, array) {
					return tid && array.indexOf(tid) === index;
				});
				topics.getTopicsFields(tids, ['deleted', 'cid'], next);
			},
			function (topicData, next) {

				topicData.forEach(function (topic, index) {
					if (topic) {
						tidToTopic[tids[index]] = topic;
					}
				});

				cids = postData.map(function (post, index) {
					if (post) {
						post.pid = pids[index];
						post.topic = tidToTopic[post.tid];
					}
					return tidToTopic[post.tid] && tidToTopic[post.tid].cid;
				}).filter(function (cid, index, array) {
					return cid && array.indexOf(cid) === index;
				});

				privileges.categories.getBase(privilege, cids, uid, next);
			},
			function (results, next) {

				var isModOf = {};
				cids = cids.filter(function (cid, index) {
					isModOf[cid] = results.isModerators[index];
					return !results.categories[index].disabled &&
						(results.allowedTo[index] || results.isAdmin || results.isModerators[index]);
				});


				pids = postData.filter(function (post) {
					return post.topic && cids.indexOf(post.topic.cid) !== -1 &&
						((parseInt(post.topic.deleted, 10) !== 1 && parseInt(post.deleted, 10) !== 1) || results.isAdmin || isModOf[post.cid]);
				}).map(function (post) {
					return post.pid;
				});

				plugins.fireHook('filter:privileges.posts.filter', {
					privilege: privilege,
					uid: uid,
					pids: pids
				}, function (err, data) {
					next(err, data ? data.pids : null);
				});
			}
		], callback);
	};

	privileges.posts.canEdit = function (pid, uid, callback) {
		async.parallel({
			isEditable: async.apply(isPostEditable, pid, uid),
			isAdminOrMod: async.apply(isAdminOrMod, pid, uid)
		}, function (err, results) {
			if (err) {
				return callback(err);
			}
			if (results.isAdminOrMod) {
				return callback(null, {flag: true});
			}

			callback(null, results.isEditable);
		});
	};

	privileges.posts.canDelete = function (pid, uid, callback) {
		var postData;
		async.waterfall([
			function (next) {
				posts.getPostFields(pid, ['tid', 'timestamp'], next);
			},
			function (_postData, next) {
				postData = _postData;
				async.parallel({
					isAdminOrMod: async.apply(isAdminOrMod, pid, uid),
					isLocked: async.apply(topics.isLocked, postData.tid),
					isOwner: async.apply(posts.isOwner, pid, uid),
					'posts:delete': async.apply(privileges.posts.can, 'posts:delete', pid, uid)
				}, next);
			}
		], function (err, results) {
			if (err) {
				return callback(err);
			}

			if (results.isAdminOrMod) {
				return callback(null, {flag: true});
			}

			if (results.isLocked) {
				return callback(null, {flag: false, message: '[[error:topic-locked]]'});
			}

			if (!results['posts:delete']) {
				return callback(null, {flag: false, message: '[[error:no-privileges]]'});
			}

			var postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10);
			if (postDeleteDuration && (Date.now() - parseInt(postData.timestamp, 10) > postDeleteDuration * 1000)) {
				return callback(null, {flag: false, message: '[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]'});
			}

			callback(null, {flag: results.isOwner, message: '[[error:no-privileges]]'});
		});
	};

	privileges.posts.canMove = function (pid, uid, callback) {
		posts.isMain(pid, function (err, isMain) {
			if (err || isMain) {
				return callback(err || new Error('[[error:cant-move-mainpost]]'));
			}
			isAdminOrMod(pid, uid, callback);
		});
	};

	privileges.posts.canPurge = function (pid, uid, callback) {
		async.waterfall([
			function (next) {
				posts.getCidByPid(pid, next);
			},
			function (cid, next) {
				async.parallel({
					purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid),
					owner: async.apply(posts.isOwner, pid, uid),
					isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid)
				}, next);
			},
			function (results, next) {
				next(null, results.isAdminOrMod || (results.purge && results.owner));
			}
		], callback);
	};

	function isPostEditable(pid, uid, callback) {
		var tid;
		async.waterfall([
			function (next) {
				posts.getPostFields(pid, ['tid', 'timestamp'], next);
			},
			function (postData, next) {
				tid = postData.tid;
				var postEditDuration = parseInt(meta.config.postEditDuration, 10);
				if (postEditDuration && Date.now() - parseInt(postData.timestamp, 10) > postEditDuration * 1000) {
					return callback(null, {flag: false, message: '[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]'});
				}
				topics.isLocked(postData.tid, next);
			},
			function (isLocked, next) {
				if (isLocked) {
					return callback(null, {flag: false, message: '[[error:topic-locked]]'});
				}

				async.parallel({
					owner: async.apply(posts.isOwner, pid, uid),
					edit: async.apply(privileges.posts.can, 'posts:edit', pid, uid)
				}, next);
			},
			function (result, next) {
				next(null, {flag: result.owner && result.edit, message: '[[error:no-privileges]]'});
			}
		], callback);
	}

	function isAdminOrMod(pid, uid, callback) {
		helpers.some([
			function (next) {
				posts.getCidByPid(pid, function (err, cid) {
					if (err || !cid) {
						return next(err, false);
					}

					user.isModerator(uid, cid, next);
				});
			},
			function (next) {
				user.isAdministrator(uid, next);
			}
		], callback);
	}
};
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
			`'use strict';`

remove unused code 9 years ago			`var async = require('async');`

partially revert https://github.com/NodeBB/NodeBB/commit/fa9f1ac7fe26462febda07189203365e984a146d extending module.exports instead of overwriting fixes the issue 9 years ago			`var meta = require('../meta');`
			`var posts = require('../posts');`
			`var topics = require('../topics');`
			`var user = require('../user');`
remove unused code 9 years ago			`var helpers = require('./helpers');`
partially revert https://github.com/NodeBB/NodeBB/commit/fa9f1ac7fe26462febda07189203365e984a146d extending module.exports instead of overwriting fixes the issue 9 years ago			`var plugins = require('../plugins');`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
Fix space-before-function-paren linter rule 8 years ago			`module.exports = function (privileges) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
			`privileges.posts = {};`

Fix space-before-function-paren linter rule 8 years ago			`privileges.posts.get = function (pids, uid, callback) {`
crash fix 11 years ago			`if (!Array.isArray(pids) \|\| !pids.length) {`
			`return callback(null, []);`
			`}`
partially revert https://github.com/NodeBB/NodeBB/commit/fa9f1ac7fe26462febda07189203365e984a146d extending module.exports instead of overwriting fixes the issue 9 years ago
closes #4810 9 years ago			`async.waterfall([`
Fix space-before-function-paren linter rule 8 years ago			`function (next) {`
closes #4810 9 years ago			`posts.getCidsByPids(pids, next);`
closes #2904 10 years ago			`},`
Fix space-before-function-paren linter rule 8 years ago			`function (cids, next) {`
closes #4810 9 years ago			`async.parallel({`
			`isAdmin: async.apply(user.isAdministrator, uid),`
			`isModerator: async.apply(posts.isModerator, pids, uid),`
			`isOwner: async.apply(posts.isOwner, pids, uid),`
			`'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, cids),`
			`read: async.apply(helpers.isUserAllowedTo, 'read', uid, cids),`
see NodeBB/NodeBB#4909 9 years ago			`'posts:edit': async.apply(helpers.isUserAllowedTo, 'posts:edit', uid, cids),`
closes #4810 9 years ago			`}, next);`
closes #2904 10 years ago			`}`
Fix space-before-function-paren linter rule 8 years ago			`], function (err, results) {`
closes #2904 10 years ago			`if (err) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`return callback(err);`
			`}`

closes #2904 10 years ago			`var privileges = [];`
privileges.posts.get takes an array of pids now 11 years ago
Fix space-infix-ops linter rule 8 years ago			`for (var i = 0; i < pids.length; ++i) {`
closes #4810 9 years ago			`var isAdminOrMod = results.isAdmin \|\| results.isModerator[i];`
see NodeBB/NodeBB#4909 9 years ago			`var editable = isAdminOrMod \|\| (results.isOwner[i] && results['posts:edit'][i]);`
closes #4810 9 years ago
closes #2904 10 years ago			`privileges.push({`
			`editable: editable,`
			`view_deleted: editable,`
closes #4810 9 years ago			`move: isAdminOrMod,`
			`isAdminOrMod: isAdminOrMod,`
			`'topics:read': results['topics:read'][i] \|\| isAdminOrMod,`
			`read: results.read[i] \|\| isAdminOrMod`
closes #2904 10 years ago			`});`
			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
closes #2904 10 years ago			`callback(null, privileges);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`});`
			`};`

Fix space-before-function-paren linter rule 8 years ago			`privileges.posts.can = function (privilege, pid, uid, callback) {`
			`posts.getCidByPid(pid, function (err, cid) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`if (err) {`
			`return callback(err);`
			`}`

privilege cleanup 11 years ago			`privileges.categories.can(privilege, cid, uid, callback);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`});`
			`};`

Fix space-before-function-paren linter rule 8 years ago			`privileges.posts.filter = function (privilege, pids, uid, callback) {`
posts/recent.js refactor 10 years ago			`if (!Array.isArray(pids) \|\| !pids.length) {`
early outs for privs no need to check if empty array is passed in, happens if there are no unread topics remove dupe cids before checking for privileges 11 years ago			`return callback(null, []);`
			`}`
closes #4499 9 years ago			`var cids;`
			`var postData;`
			`var tids;`
			`var tidToTopic = {};`

			`async.waterfall([`
			`function (next) {`
			`posts.getPostsFields(pids, ['uid', 'tid', 'deleted'], next);`
			`},`
			`function (_posts, next) {`
			`postData = _posts;`
Fix space-before-function-paren linter rule 8 years ago			`tids = _posts.map(function (post) {`
closes #4499 9 years ago			`return post && post.tid;`
Fix space-before-function-paren linter rule 8 years ago			`}).filter(function (tid, index, array) {`
closes #4499 9 years ago			`return tid && array.indexOf(tid) === index;`
			`});`
			`topics.getTopicsFields(tids, ['deleted', 'cid'], next);`
			`},`
			`function (topicData, next) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago
Fix space-before-function-paren linter rule 8 years ago			`topicData.forEach(function (topic, index) {`
closes #4499 9 years ago			`if (topic) {`
			`tidToTopic[tids[index]] = topic;`
			`}`
			`});`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago
Fix space-before-function-paren linter rule 8 years ago			`cids = postData.map(function (post, index) {`
closes #4499 9 years ago			`if (post) {`
			`post.pid = pids[index];`
			`post.topic = tidToTopic[post.tid];`
			`}`
			`return tidToTopic[post.tid] && tidToTopic[post.tid].cid;`
Fix space-before-function-paren linter rule 8 years ago			`}).filter(function (cid, index, array) {`
closes #4499 9 years ago			`return cid && array.indexOf(cid) === index;`
			`});`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago
closes #4499 9 years ago			`privileges.categories.getBase(privilege, cids, uid, next);`
			`},`
			`function (results, next) {`

			`var isModOf = {};`
Fix space-before-function-paren linter rule 8 years ago			`cids = cids.filter(function (cid, index) {`
closes #4499 9 years ago			`isModOf[cid] = results.isModerators[index];`
			`return !results.categories[index].disabled &&`
			`(results.allowedTo[index] \|\| results.isAdmin \|\| results.isModerators[index]);`
			`});`


Fix space-before-function-paren linter rule 8 years ago			`pids = postData.filter(function (post) {`
check for invalid topic 9 years ago			`return post.topic && cids.indexOf(post.topic.cid) !== -1 &&`
closes #4499 9 years ago			`((parseInt(post.topic.deleted, 10) !== 1 && parseInt(post.deleted, 10) !== 1) \|\| results.isAdmin \|\| isModOf[post.cid]);`
Fix space-before-function-paren linter rule 8 years ago			`}).map(function (post) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`return post.pid;`
			`});`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 10 years ago
			`plugins.fireHook('filter:privileges.posts.filter', {`
			`privilege: privilege,`
			`uid: uid,`
			`pids: pids`
Fix space-before-function-paren linter rule 8 years ago			`}, function (err, data) {`
closes #4499 9 years ago			`next(err, data ? data.pids : null);`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 10 years ago			`});`
closes #4499 9 years ago			`}`
			`], callback);`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`};`

Fix space-before-function-paren linter rule 8 years ago			`privileges.posts.canEdit = function (pid, uid, callback) {`
closes #2247 10 years ago			`async.parallel({`
			`isEditable: async.apply(isPostEditable, pid, uid),`
			`isAdminOrMod: async.apply(isAdminOrMod, pid, uid)`
Fix space-before-function-paren linter rule 8 years ago			`}, function (err, results) {`
closes #2247 10 years ago			`if (err) {`
			`return callback(err);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`}`
closes #2247 10 years ago			`if (results.isAdminOrMod) {`
privilege fixes 9 years ago			`return callback(null, {flag: true});`
closes #2247 10 years ago			`}`
privilege fixes 9 years ago
			`callback(null, results.isEditable);`
closes #2904 10 years ago			`});`
more work on #1518 still needs more work, category is next 11 years ago			`};`

Fix space-before-function-paren linter rule 8 years ago			`privileges.posts.canDelete = function (pid, uid, callback) {`
closes #4800 9 years ago			`var postData;`
			`async.waterfall([`
Fix space-before-function-paren linter rule 8 years ago			`function (next) {`
closes #4800 9 years ago			`posts.getPostFields(pid, ['tid', 'timestamp'], next);`
			`},`
Fix space-before-function-paren linter rule 8 years ago			`function (_postData, next) {`
closes #4800 9 years ago			`postData = _postData;`
			`async.parallel({`
			`isAdminOrMod: async.apply(isAdminOrMod, pid, uid),`
			`isLocked: async.apply(topics.isLocked, postData.tid),`
Add edit, delete, and topics:delete permissions for users acting on their own posts 9 years ago			`isOwner: async.apply(posts.isOwner, pid, uid),`
see NodeBB/NodeBB#4909 9 years ago			`'posts:delete': async.apply(privileges.posts.can, 'posts:delete', pid, uid)`
closes #4800 9 years ago			`}, next);`
			`}`
Fix space-before-function-paren linter rule 8 years ago			`], function (err, results) {`
closes #4800 9 years ago			`if (err) {`
			`return callback(err);`
			`}`
privilege fixes 9 years ago
closes #4800 9 years ago			`if (results.isAdminOrMod) {`
privilege fixes 9 years ago			`return callback(null, {flag: true});`
closes #4800 9 years ago			`}`
privilege fixes 9 years ago
closes #4800 9 years ago			`if (results.isLocked) {`
privilege fixes 9 years ago			`return callback(null, {flag: false, message: '[[error:topic-locked]]'});`
closes #4800 9 years ago			`}`
privilege fixes 9 years ago
see NodeBB/NodeBB#4909 9 years ago			`if (!results['posts:delete']) {`
privilege fixes 9 years ago			`return callback(null, {flag: false, message: '[[error:no-privileges]]'});`
Add edit, delete, and topics:delete permissions for users acting on their own posts 9 years ago			`}`
privilege fixes 9 years ago
closes #4800 9 years ago			`var postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10);`
			`if (postDeleteDuration && (Date.now() - parseInt(postData.timestamp, 10) > postDeleteDuration * 1000)) {`
privilege fixes 9 years ago			`return callback(null, {flag: false, message: '[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]'});`
closes #4800 9 years ago			`}`
privilege fixes 9 years ago
			`callback(null, {flag: results.isOwner, message: '[[error:no-privileges]]'});`
closes #4800 9 years ago			`});`
			`};`

Fix space-before-function-paren linter rule 8 years ago			`privileges.posts.canMove = function (pid, uid, callback) {`
			`posts.isMain(pid, function (err, isMain) {`
closes #1725 removed move button from main post, disable moving main post, fixed moving posts. 11 years ago			`if (err \|\| isMain) {`
			`return callback(err \|\| new Error('[[error:cant-move-mainpost]]'));`
			`}`
			`isAdminOrMod(pid, uid, callback);`
			`});`
closes #1731 11 years ago			`};`

Fix space-before-function-paren linter rule 8 years ago			`privileges.posts.canPurge = function (pid, uid, callback) {`
closes #2330 10 years ago			`async.waterfall([`
			`function (next) {`
			`posts.getCidByPid(pid, next);`
			`},`
			`function (cid, next) {`
			`async.parallel({`
			`purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid),`
			`owner: async.apply(posts.isOwner, pid, uid),`
			`isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid)`
			`}, next);`
			`},`
			`function (results, next) {`
			`next(null, results.isAdminOrMod \|\| (results.purge && results.owner));`
			`}`
			`], callback);`
			`};`

closes #2247 10 years ago			`function isPostEditable(pid, uid, callback) {`
privilege fixes 9 years ago			`var tid;`
closes #2247 10 years ago			`async.waterfall([`
Fix space-before-function-paren linter rule 8 years ago			`function (next) {`
closes #2247 10 years ago			`posts.getPostFields(pid, ['tid', 'timestamp'], next);`
			`},`
Fix space-before-function-paren linter rule 8 years ago			`function (postData, next) {`
privilege fixes 9 years ago			`tid = postData.tid;`
closes #2247 10 years ago			`var postEditDuration = parseInt(meta.config.postEditDuration, 10);`
			`if (postEditDuration && Date.now() - parseInt(postData.timestamp, 10) > postEditDuration * 1000) {`
privilege fixes 9 years ago			`return callback(null, {flag: false, message: '[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]'});`
closes #2247 10 years ago			`}`
			`topics.isLocked(postData.tid, next);`
			`},`
Fix space-before-function-paren linter rule 8 years ago			`function (isLocked, next) {`
closes #2247 10 years ago			`if (isLocked) {`
privilege fixes 9 years ago			`return callback(null, {flag: false, message: '[[error:topic-locked]]'});`
closes #2247 10 years ago			`}`
closes #2904 10 years ago
Add edit, delete, and topics:delete permissions for users acting on their own posts 9 years ago			`async.parallel({`
			`owner: async.apply(posts.isOwner, pid, uid),`
see NodeBB/NodeBB#4909 9 years ago			`edit: async.apply(privileges.posts.can, 'posts:edit', pid, uid)`
Add edit, delete, and topics:delete permissions for users acting on their own posts 9 years ago			`}, next);`
closes #2904 10 years ago			`},`
Fix space-before-function-paren linter rule 8 years ago			`function (result, next) {`
privilege fixes 9 years ago			`next(null, {flag: result.owner && result.edit, message: '[[error:no-privileges]]'});`
closes #2247 10 years ago			`}`
			`], callback);`
			`}`

closes #1731 11 years ago			`function isAdminOrMod(pid, uid, callback) {`
more work on #1518 still needs more work, category is next 11 years ago			`helpers.some([`
Fix space-before-function-paren linter rule 8 years ago			`function (next) {`
			`posts.getCidByPid(pid, function (err, cid) {`
api/post/pid route 10 years ago			`if (err \|\| !cid) {`
			`return next(err, false);`
more work on #1518 still needs more work, category is next 11 years ago			`}`
closes #2904 10 years ago
more work on #1518 still needs more work, category is next 11 years ago			`user.isModerator(uid, cid, next);`
			`});`
			`},`
Fix space-before-function-paren linter rule 8 years ago			`function (next) {`
more work on #1518 still needs more work, category is next 11 years ago			`user.isAdministrator(uid, next);`
			`}`
			`], callback);`
closes #1731 11 years ago			`}`
partially revert https://github.com/NodeBB/NodeBB/commit/fa9f1ac7fe26462febda07189203365e984a146d extending module.exports instead of overwriting fixes the issue 9 years ago			`};`