closes #2330

10 years ago · 11c70f3a28
parent f80a6350c4
commit 11c70f3a28
6 changed files with 70 additions and 13 deletions
--- a/public/src/client/topic/threadTools.js
+++ b/public/src/client/topic/threadTools.js
@ -94,9 +94,15 @@ define('forum/topic/threadTools', ['forum/topic/fork', 'forum/topic/move', 'comp
 	function topicCommand(command, tid) {
 		translator.translate('[[topic:thread_tools.' + command + '_confirm]]', function(msg) {
 			bootbox.confirm(msg, function(confirm) {
-				if (confirm) {
-					socket.emit('topics.' + command, {tids: [tid], cid: ajaxify.data.cid});
+				if (!confirm) {
+					return;
 				}
+
+				socket.emit('topics.' + command, {tids: [tid], cid: ajaxify.data.cid}, function(err) {
+					if (err) {
+						app.alertError(err.message);
+					}
+				});
 			});
 		});
 	}
--- a/src/postTools.js
+++ b/src/postTools.js
@ -56,13 +56,18 @@ var async = require('async'),
 	}

 	PostTools.purge = function(uid, pid, callback) {
-		privileges.posts.canEdit(pid, uid, function(err, canEdit) {
-			if (err || !canEdit) {
-				return callback(err || new Error('[[error:no-privileges]]'));
+		async.waterfall([
+			function (next) {
+				privileges.posts.canPurge(pid, uid, next);
+			},
+			function (canPurge, next) {
+				if (!canPurge) {
+					return callback(new Error('[[error:no-privileges]]'));
+				}
+				cache.del(pid);
+				posts.purge(pid, next);
 			}
-			cache.del(pid);
-			posts.purge(pid, callback);
-		});
+		], callback);
 	};


--- a/src/privileges/categories.js
+++ b/src/privileges/categories.js
@ -22,14 +22,15 @@ module.exports = function(privileges) {
 			{name: 'Access & Read'},
 			{name: 'Create Topics'},
 			{name: 'Reply to Topics'},
+			{name: 'Purge'},
 			{name: 'Moderate'}
 		];

 		var userPrivilegeList = [
-			'find', 'read', 'topics:create', 'topics:reply', 'mods'
+			'find', 'read', 'topics:create', 'topics:reply', 'purge', 'mods'
 		];
 		var groupPrivilegeList = [
-			'groups:find', 'groups:read', 'groups:topics:create', 'groups:topics:reply', 'groups:moderate'
+			'groups:find', 'groups:read', 'groups:topics:create', 'groups:topics:reply', 'groups:purge', 'groups:moderate'
 		];

 		async.parallel({
@ -194,6 +195,15 @@ module.exports = function(privileges) {
 		], callback);
 	};

+	privileges.categories.isUserAllowedTo = function(privilege, cid, uid, callback) {
+		if (!cid) {
+			return callback(null, false);
+		}
+		helpers.isUserAllowedTo(privilege, uid, [cid], function(err, results) {
+			callback(err, Array.isArray(results) && results.length ? results[0] : false);
+		});
+	};
+
 	privileges.categories.can = function(privilege, cid, uid, callback) {
 		if (!cid) {
 			return callback(null, false);
--- a/src/privileges/posts.js
+++ b/src/privileges/posts.js
@ -127,6 +127,24 @@ module.exports = function(privileges) {
 		});
 	};

+	privileges.posts.canPurge = function(pid, uid, callback) {
+		async.waterfall([
+			function (next) {
+				posts.getCidByPid(pid, next);
+			},
+			function (cid, next) {
+				async.parallel({
+					purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid),
+					owner: async.apply(posts.isOwner, pid, uid),
+					isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid)
+				}, next);
+			},
+			function (results, next) {
+				next(null, results.isAdminOrMod || (results.purge && results.owner));
+			}
+		], callback);
+	};
+
 	function isPostEditable(pid, uid, callback) {
 		async.waterfall([
 			function(next) {
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@ -170,6 +170,24 @@ module.exports = function(privileges) {
 		], callback);
 	};

+	privileges.topics.canPurge = function(tid, uid, callback) {
+		async.waterfall([
+			function (next) {
+				topics.getTopicField(tid, 'cid', next);
+			},
+			function (cid, next) {
+				async.parallel({
+					purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid),
+					owner: async.apply(topics.isOwner, tid, uid),
+					isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid)
+				}, next);
+			},
+			function (results, next) {
+				next(null, results.isAdminOrMod || (results.purge && results.owner));
+			}
+		], callback);
+	};
+
 	privileges.topics.canEdit = function(tid, uid, callback) {
 		winston.warn('[deprecated] please use privileges.topics.isOwnerOrAdminOrMod');
 		privileges.topics.isOwnerOrAdminOrMod(tid, uid, callback);
--- a/src/threadTools.js
+++ b/src/threadTools.js
@ -75,10 +75,10 @@ var async = require('async'),
 				if (!exists) {
 					return callback();
 				}
-				privileges.topics.isOwnerOrAdminOrMod(tid, uid, next);
+				privileges.topics.canPurge(tid, uid, next);
 			},
-			function (isOwnerOrAdminOrMod, next) {
-				if (!isOwnerOrAdminOrMod) {
+			function (canPurge, next) {
+				if (!canPurge) {
 					return next(new Error('[[error:no-privileges]]'));
 				}