fixes for post privileges

11 years ago · 189e69284e
parent 1980e945da
commit 189e69284e
6 changed files with 44 additions and 14 deletions
--- a/public/templates/topic.tpl
+++ b/public/templates/topic.tpl
@ -106,9 +106,9 @@
 										<ul class="dropdown-menu text-center pull-right" role="menu" aria-labelledby="dLabel">
 											<button class="btn btn-sm btn-default edit" type="button" title="[[topic:edit]]"><i class="fa fa-pencil"></i></button>
 											<button class="btn btn-sm btn-default delete" type="button" title="[[topic:delete]]"><i class="fa fa-trash-o"></i></button>
-											<!-- IF !@first -->
+											<!-- IF posts.display_move_tools -->
 											<button class="btn btn-sm btn-default move" type="button" title="[[topic:move]]"><i class="fa fa-arrows"></i></button>
-											<!-- ENDIF !@first -->
+											<!-- ENDIF posts.display_move_tools -->
 										</ul>
 									</div>
 								</div>
--- a/src/categoryTools.js
+++ b/src/categoryTools.js
@ -116,7 +116,9 @@ CategoryTools.privileges = function(cid, uid, callback) {
 				privileges.admin
 			),
 			editable: privileges.moderator || privileges.admin,
-			view_deleted: privileges.moderator || privileges.admin
+			view_deleted: privileges.moderator || privileges.admin,
 			moderator: privileges.moderator,
 			admin: privileges.moderator
 		});
 	});
 };
--- a/src/postTools.js
+++ b/src/postTools.js
@ -58,7 +58,8 @@ var winston = require('winston'),
 			callback(null, {
 				read: results.topicPrivs.read,
 				editable: results.topicPrivs.editable || results.isOwner || results.hasEnoughRep,
-				view_deleted: results.topicPrivs.view_deleted || results.isOwner || results.hasEnoughRep
+				view_deleted: results.topicPrivs.view_deleted || results.isOwner || results.hasEnoughRep,
 				move: results.topicPrivs.admin || results.topicPrivs.moderator
 			});
 		});
 	}
--- a/src/socket.io/topics.js
+++ b/src/socket.io/topics.js
@ -170,7 +170,17 @@ SocketTopics.movePost = function(socket, data, callback) {
 		return callback(new Error('invalid data'));
 	}
-	topics.movePostToTopic(data.pid, data.tid, callback);
+	threadTools.privileges(data.tid, socket.uid, function(err, privileges) {
 		if(err) {
 			return callback(err);
 		}
 		if(!(privileges.admin || privileges.moderator)) {
 			return callback(new Error('not allowed'));
 		}
 		topics.movePostToTopic(data.pid, data.tid, callback);
 	});
 };
 SocketTopics.move = function(socket, data, callback) {
--- a/src/threadTools.js
+++ b/src/threadTools.js
@ -50,7 +50,9 @@ var winston = require('winston'),
 				read: results.categoryPrivs.read,
 				write: results.categoryPrivs.write,
 				editable: results.categoryPrivs.editable || results.hasEnoughRep,
-				view_deleted: results.categoryPrivs.view_deleted || results.hasEnoughRep
+				view_deleted: results.categoryPrivs.view_deleted || results.hasEnoughRep,
 				moderator: results.categoryPrivs.moderator,
 				admin: results.categoryPrivs.admin
 			});
 		});
 	}
--- a/src/topics.js
+++ b/src/topics.js
@ -211,6 +211,7 @@ var async = require('async'),
 						postData.favourited = false;
 						postData.display_moderator_tools = true;
 						postData.display_move_tools = privileges.admin || privileges.moderator;
 						postData.relativeTime = utils.toISOString(postData.timestamp);
 						callback(null, postData);
@ -358,12 +359,11 @@ var async = require('async'),
 				return parseInt(current_user, 10) !== 0 || parseInt(post.deleted, 10) === 0;
 			});
-			function getFavouritesData(next) {
+			pids = postData.map(function(post) {
-				var pids = [];
+				return post.pid;
-				for (var i = 0; i < postData.length; ++i) {
+			});
 					pids.push(postData[i].pid);
 				}
 			function getFavouritesData(next) {
 				favourites.getFavouritesByPostIDs(pids, current_user, function(fav_data) {
 					next(null, fav_data);
 				});
@ -382,7 +382,20 @@ var async = require('async'),
 			}
 			function getPrivileges(next) {
-				postTools.privileges(tid, current_user, next);
+				var privs = {};
 				async.each(pids, getPostPrivileges, function(err) {
 					next(err, privs);
 				});
 				function getPostPrivileges(pid, next) {
 					postTools.privileges(pid, current_user, function(err, postPrivileges) {
 						if(err) {
 							return next(err);
 						}
 						privs[pid] = postPrivileges;
 						next();
 					});
 				}
 			}
 			async.parallel([getFavouritesData, addUserInfoToPosts, getPrivileges], function(err, results) {
@ -394,8 +407,10 @@ var async = require('async'),
 					privileges = results[2];
 				for (var i = 0; i < postData.length; ++i) {
-					postData[i].favourited = fav_data[postData[i].pid];
+					var pid = postData[i].pid;
-					postData[i].display_moderator_tools = ((current_user != 0) && (postData[i].uid == current_user || privileges.editable));
+					postData[i].favourited = fav_data[pid];
 					postData[i].display_moderator_tools = (current_user != 0) && privileges[pid].editable;
 					postData[i].display_move_tools = privileges[pid].move;
 				}
 				callback(null, postData);