nodebb/src/privileges/topics.js


'use strict';

var async = require('async'),
	winston = require('winston'),

	db = require('../database'),
	topics = require('../topics'),
	user = require('../user'),
	helpers = require('./helpers'),
	groups = require('../groups'),
	categories = require('../categories'),
	plugins = require('../plugins');

module.exports = function(privileges) {

	privileges.topics = {};

	privileges.topics.get = function(tid, uid, callback) {
		var topic;
		async.waterfall([
			async.apply(topics.getTopicFields, tid, ['cid', 'uid', 'locked']),
			function(_topic, next) {
				topic = _topic;
				async.parallel({
					'topics:reply': async.apply(helpers.isUserAllowedTo, 'topics:reply', uid, [topic.cid]),
					read: async.apply(helpers.isUserAllowedTo, 'read', uid, [topic.cid]),
					isOwner: function(next) {
						next(null, parseInt(uid, 10) === parseInt(topic.uid, 10));
					},
					isAdministrator: async.apply(user.isAdministrator, uid),
					isModerator: async.apply(user.isModerator, uid, topic.cid),
					disabled: async.apply(categories.getCategoryField, topic.cid, 'disabled')
				}, next);
			}
		], function(err, results) {
			if (err) {
				return callback(err);
			}

			var disabled = parseInt(results.disabled, 10) === 1;
			var locked = parseInt(topic.locked, 10) === 1;
			var	isAdminOrMod = results.isAdministrator || results.isModerator;
			var editable = isAdminOrMod;
			var deletable = isAdminOrMod || results.isOwner;

			plugins.fireHook('filter:privileges.topics.get', {
				'topics:reply': (results['topics:reply'][0] && !locked) || isAdminOrMod,
				read: results.read[0] || isAdminOrMod,
				view_thread_tools: editable || deletable,
				editable: editable,
				deletable: deletable,
				view_deleted: isAdminOrMod || results.isOwner,
				disabled: disabled,
				tid: tid,
				uid: uid
			}, callback);
		});
	};

	privileges.topics.can = function(privilege, tid, uid, callback) {
		topics.getTopicField(tid, 'cid', function(err, cid) {
			if (err) {
				return callback(err);
			}

			privileges.categories.can(privilege, cid, uid, callback);
		});
	};

	privileges.topics.filterTids = function(privilege, tids, uid, callback) {
		if (!Array.isArray(tids) || !tids.length) {
			return callback(null, []);
		}

		async.waterfall([
			function(next) {
				topics.getTopicsFields(tids, ['tid', 'cid', 'deleted'], next);
			},
			function(topicsData, next) {
				var cids = topicsData.map(function(topic) {
					return topic.cid;
				}).filter(function(cid, index, array) {
					return cid && array.indexOf(cid) === index;
				});

				async.parallel({
					categories: function(next) {
						categories.getCategoriesFields(cids, ['disabled'], next);
					},
					allowedTo: function(next) {
						helpers.isUserAllowedTo(privilege, uid, cids, next);
					},
					isModerators: function(next) {
						user.isModerator(uid, cids, next);
					},
					isAdmin: function(next) {
						user.isAdministrator(uid, next);
					}
				}, function(err, results) {
					if (err) {
						return next(err);
					}
					var isModOf = {};
					cids = cids.filter(function(cid, index) {
						isModOf[cid] = results.isModerators[index];
						return !results.categories[index].disabled &&
							(results.allowedTo[index] || results.isAdmin || results.isModerators[index]);
					});

					tids = topicsData.filter(function(topic) {
						return cids.indexOf(topic.cid) !== -1 &&
							(parseInt(topic.deleted, 10) !== 1 || results.isAdmin || isModOf[topic.cid]);
					}).map(function(topic) {
						return topic.tid;
					});

					plugins.fireHook('filter:privileges.topics.filter', {
						privilege: privilege,
						uid: uid,
						tids: tids
					}, function(err, data) {
						next(err, data ? data.tids : null);
					});
				});
			}
		], callback);
	};

	privileges.topics.filterUids = function(privilege, tid, uids, callback) {
		if (!Array.isArray(uids) || !uids.length) {
			return callback(null, []);
		}

		uids = uids.filter(function(uid, index, array) {
			return array.indexOf(uid) === index;
		});

		async.waterfall([
			function(next) {
				topics.getTopicFields(tid, ['tid', 'cid', 'deleted'], next);
			},
			function(topicData, next) {
				async.parallel({
					disabled: function(next) {
						categories.getCategoryField(topicData.cid, 'disabled', next);
					},
					allowedTo: function(next) {
						helpers.isUsersAllowedTo(privilege, uids, topicData.cid, next);
					},
					isModerators: function(next) {
						user.isModerator(uids, topicData.cid, next);
					},
					isAdmins: function(next) {
						user.isAdministrator(uids, next);
					}
				}, function(err, results) {
					if (err) {
						return next(err);
					}

					uids = uids.filter(function(uid, index) {
						return parseInt(results.disabled, 10) !== 1 &&
							((results.allowedTo[index] && parseInt(topicData.deleted, 10) !== 1) || results.isAdmins[index] || results.isModerators[index]);
					});

					next(null, uids);
				});
			}
		], callback);
	};

	privileges.topics.canPurge = function(tid, uid, callback) {
		async.waterfall([
			function (next) {
				topics.getTopicField(tid, 'cid', next);
			},
			function (cid, next) {
				async.parallel({
					purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid),
					owner: async.apply(topics.isOwner, tid, uid),
					isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid)
				}, next);
			},
			function (results, next) {
				next(null, results.isAdminOrMod || (results.purge && results.owner));
			}
		], callback);
	};

	privileges.topics.isOwnerOrAdminOrMod = function(tid, uid, callback) {
		helpers.some([
			function(next) {
				topics.isOwner(tid, uid, next);
			},
			function(next) {
				privileges.topics.isAdminOrMod(tid, uid, next);
			}
		], callback);
	};


	privileges.topics.isAdminOrMod = function(tid, uid, callback) {
		helpers.some([
			function(next) {
				topics.getTopicField(tid, 'cid', function(err, cid) {
					if (err) {
						return next(err);
					}
					user.isModerator(uid, cid, next);
				});
			},
			function(next) {
				user.isAdministrator(uid, next);
			}
		], callback);
	};
};
more work on #1518 still needs more work, category is next 11 years ago
			`'use strict';`

			`var async = require('async'),`
privilege fixes 10 years ago			`winston = require('winston'),`
more work on #1518 still needs more work, category is next 11 years ago
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`db = require('../database'),`
more work on #1518 still needs more work, category is next 11 years ago			`topics = require('../topics'),`
			`user = require('../user'),`
			`helpers = require('./helpers'),`
			`groups = require('../groups'),`
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`categories = require('../categories'),`
			`plugins = require('../plugins');`
more work on #1518 still needs more work, category is next 11 years ago
			`module.exports = function(privileges) {`

			`privileges.topics = {};`

			`privileges.topics.get = function(tid, uid, callback) {`
components 10 years ago			`var topic;`
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`async.waterfall([`
components 10 years ago			`async.apply(topics.getTopicFields, tid, ['cid', 'uid', 'locked']),`
			`function(_topic, next) {`
			`topic = _topic;`
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`async.parallel({`
one less query in privileges.topics.get 10 years ago			`'topics:reply': async.apply(helpers.isUserAllowedTo, 'topics:reply', uid, [topic.cid]),`
			`read: async.apply(helpers.isUserAllowedTo, 'read', uid, [topic.cid]),`
			`isOwner: function(next) {`
			`next(null, parseInt(uid, 10) === parseInt(topic.uid, 10));`
			`},`
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`isAdministrator: async.apply(user.isAdministrator, uid),`
one less query in privileges.topics.get 10 years ago			`isModerator: async.apply(user.isModerator, uid, topic.cid),`
			`disabled: async.apply(categories.getCategoryField, topic.cid, 'disabled')`
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`}, next);`
			`}`
			`], function(err, results) {`
fixed indents 11 years ago			`if (err) {`
			`return callback(err);`
			`}`
more work on #1518 still needs more work, category is next 11 years ago
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`var disabled = parseInt(results.disabled, 10) === 1;`
components 10 years ago			`var locked = parseInt(topic.locked, 10) === 1;`
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`var isAdminOrMod = results.isAdministrator \|\| results.isModerator;`
closes #2904 10 years ago			`var editable = isAdminOrMod;`
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`var deletable = isAdminOrMod \|\| results.isOwner;`

			`plugins.fireHook('filter:privileges.topics.get', {`
components 10 years ago			`'topics:reply': (results['topics:reply'][0] && !locked) \|\| isAdminOrMod,`
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`read: results.read[0] \|\| isAdminOrMod,`
			`view_thread_tools: editable \|\| deletable,`
			`editable: editable,`
			`deletable: deletable,`
closes #2904 10 years ago			`view_deleted: isAdminOrMod \|\| results.isOwner,`
updating privilege handling to fire two new hooks, filter:privileges.topics.get and filter:category.topics.get 10 years ago			`disabled: disabled,`
			`tid: tid,`
			`uid: uid`
			`}, callback);`
more work on #1518 still needs more work, category is next 11 years ago			`});`
			`};`

removing allowGuestPosting logic in NodeBB 11 years ago			`privileges.topics.can = function(privilege, tid, uid, callback) {`
			`topics.getTopicField(tid, 'cid', function(err, cid) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`privileges.categories.can(privilege, cid, uid, callback);`
			`});`
			`};`

added privileges.topics.filterUids if a topic is deleted and user doesn't have permissions/admin/mod dont send notifs 10 years ago			`privileges.topics.filterTids = function(privilege, tids, uid, callback) {`
src/topics.js cleanup 10 years ago			`if (!Array.isArray(tids) \|\| !tids.length) {`
early outs for privs no need to check if empty array is passed in, happens if there are no unread topics remove dupe cids before checking for privileges 11 years ago			`return callback(null, []);`
			`}`

closes #2995 10 years ago			`async.waterfall([`
			`function(next) {`
			`topics.getTopicsFields(tids, ['tid', 'cid', 'deleted'], next);`
			`},`
			`function(topicsData, next) {`
			`var cids = topicsData.map(function(topic) {`
			`return topic.cid;`
			`}).filter(function(cid, index, array) {`
missing lines 10 years ago			`return cid && array.indexOf(cid) === index;`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`});`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 10 years ago
closes #2995 10 years ago			`async.parallel({`
			`categories: function(next) {`
more refactors 10 years ago			`categories.getCategoriesFields(cids, ['disabled'], next);`
closes #2995 10 years ago			`},`
			`allowedTo: function(next) {`
			`helpers.isUserAllowedTo(privilege, uid, cids, next);`
			`},`
			`isModerators: function(next) {`
			`user.isModerator(uid, cids, next);`
			`},`
			`isAdmin: function(next) {`
			`user.isAdministrator(uid, next);`
			`}`
			`}, function(err, results) {`
			`if (err) {`
added privileges.topics.filterUids if a topic is deleted and user doesn't have permissions/admin/mod dont send notifs 10 years ago			`return next(err);`
closes #2995 10 years ago			`}`
			`var isModOf = {};`
			`cids = cids.filter(function(cid, index) {`
			`isModOf[cid] = results.isModerators[index];`
missing lines 10 years ago			`return !results.categories[index].disabled &&`
closes #2995 10 years ago			`(results.allowedTo[index] \|\| results.isAdmin \|\| results.isModerators[index]);`
			`});`

			`tids = topicsData.filter(function(topic) {`
			`return cids.indexOf(topic.cid) !== -1 &&`
			`(parseInt(topic.deleted, 10) !== 1 \|\| results.isAdmin \|\| isModOf[topic.cid]);`
			`}).map(function(topic) {`
			`return topic.tid;`
			`});`

			`plugins.fireHook('filter:privileges.topics.filter', {`
			`privilege: privilege,`
			`uid: uid,`
			`tids: tids`
			`}, function(err, data) {`
			`next(err, data ? data.tids : null);`
			`});`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 10 years ago			`});`
closes #2995 10 years ago			`}`
			`], callback);`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`};`

added privileges.topics.filterUids if a topic is deleted and user doesn't have permissions/admin/mod dont send notifs 10 years ago			`privileges.topics.filterUids = function(privilege, tid, uids, callback) {`
			`if (!Array.isArray(uids) \|\| !uids.length) {`
			`return callback(null, []);`
			`}`

			`uids = uids.filter(function(uid, index, array) {`
			`return array.indexOf(uid) === index;`
			`});`

			`async.waterfall([`
			`function(next) {`
			`topics.getTopicFields(tid, ['tid', 'cid', 'deleted'], next);`
			`},`
			`function(topicData, next) {`
			`async.parallel({`
			`disabled: function(next) {`
			`categories.getCategoryField(topicData.cid, 'disabled', next);`
			`},`
			`allowedTo: function(next) {`
			`helpers.isUsersAllowedTo(privilege, uids, topicData.cid, next);`
			`},`
			`isModerators: function(next) {`
			`user.isModerator(uids, topicData.cid, next);`
			`},`
			`isAdmins: function(next) {`
			`user.isAdministrator(uids, next);`
			`}`
			`}, function(err, results) {`
			`if (err) {`
			`return next(err);`
			`}`

			`uids = uids.filter(function(uid, index) {`
			`return parseInt(results.disabled, 10) !== 1 &&`
			`((results.allowedTo[index] && parseInt(topicData.deleted, 10) !== 1) \|\| results.isAdmins[index] \|\| results.isModerators[index]);`
			`});`

			`next(null, uids);`
			`});`
			`}`
			`], callback);`
			`};`

closes #2330 10 years ago			`privileges.topics.canPurge = function(tid, uid, callback) {`
			`async.waterfall([`
			`function (next) {`
			`topics.getTopicField(tid, 'cid', next);`
			`},`
			`function (cid, next) {`
			`async.parallel({`
			`purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid),`
			`owner: async.apply(topics.isOwner, tid, uid),`
			`isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid)`
			`}, next);`
			`},`
			`function (results, next) {`
			`next(null, results.isAdminOrMod \|\| (results.purge && results.owner));`
			`}`
			`], callback);`
			`};`

privilege fixes 10 years ago			`privileges.topics.isOwnerOrAdminOrMod = function(tid, uid, callback) {`
more work on #1518 still needs more work, category is next 11 years ago			`helpers.some([`
			`function(next) {`
closes #1731 11 years ago			`topics.isOwner(tid, uid, next);`
more work on #1518 still needs more work, category is next 11 years ago			`},`
			`function(next) {`
privilege fixes 10 years ago			`privileges.topics.isAdminOrMod(tid, uid, next);`
more work on #1518 still needs more work, category is next 11 years ago			`}`
			`], callback);`
			`};`

closes #1731 11 years ago
privilege fixes 10 years ago			`privileges.topics.isAdminOrMod = function(tid, uid, callback) {`
more work on #1518 still needs more work, category is next 11 years ago			`helpers.some([`
			`function(next) {`
			`topics.getTopicField(tid, 'cid', function(err, cid) {`
			`if (err) {`
			`return next(err);`
			`}`
			`user.isModerator(uid, cid, next);`
			`});`
			`},`
			`function(next) {`
			`user.isAdministrator(uid, next);`
			`}`
			`], callback);`
privilege fixes 10 years ago			`};`
more work on #1518 still needs more work, category is next 11 years ago			`};`