fixes for post privileges

11 years ago · 189e69284e
parent 1980e945da
commit 189e69284e
6 changed files with 44 additions and 14 deletions
--- a/public/templates/topic.tpl
+++ b/public/templates/topic.tpl
@ -106,9 +106,9 @@
 										<ul class="dropdown-menu text-center pull-right" role="menu" aria-labelledby="dLabel">
 											<button class="btn btn-sm btn-default edit" type="button" title="[[topic:edit]]"><i class="fa fa-pencil"></i></button>
 											<button class="btn btn-sm btn-default delete" type="button" title="[[topic:delete]]"><i class="fa fa-trash-o"></i></button>
-											<!-- IF !@first -->
+											<!-- IF posts.display_move_tools -->
 											<button class="btn btn-sm btn-default move" type="button" title="[[topic:move]]"><i class="fa fa-arrows"></i></button>
-											<!-- ENDIF !@first -->
+											<!-- ENDIF posts.display_move_tools -->
 										</ul>
 									</div>
 								</div>
--- a/src/categoryTools.js
+++ b/src/categoryTools.js
@ -116,7 +116,9 @@ CategoryTools.privileges = function(cid, uid, callback) {
 				privileges.admin
 			),
 			editable: privileges.moderator || privileges.admin,
-			view_deleted: privileges.moderator || privileges.admin
+			view_deleted: privileges.moderator || privileges.admin,
+			moderator: privileges.moderator,
+			admin: privileges.moderator
 		});
 	});
 };
--- a/src/postTools.js
+++ b/src/postTools.js
@ -58,7 +58,8 @@ var winston = require('winston'),
 			callback(null, {
 				read: results.topicPrivs.read,
 				editable: results.topicPrivs.editable || results.isOwner || results.hasEnoughRep,
-				view_deleted: results.topicPrivs.view_deleted || results.isOwner || results.hasEnoughRep
+				view_deleted: results.topicPrivs.view_deleted || results.isOwner || results.hasEnoughRep,
+				move: results.topicPrivs.admin || results.topicPrivs.moderator
 			});
 		});
 	}
--- a/src/socket.io/topics.js
+++ b/src/socket.io/topics.js
@ -170,7 +170,17 @@ SocketTopics.movePost = function(socket, data, callback) {
 		return callback(new Error('invalid data'));
 	}

-	topics.movePostToTopic(data.pid, data.tid, callback);
+	threadTools.privileges(data.tid, socket.uid, function(err, privileges) {
+		if(err) {
+			return callback(err);
+		}
+
+		if(!(privileges.admin || privileges.moderator)) {
+			return callback(new Error('not allowed'));
+		}
+
+		topics.movePostToTopic(data.pid, data.tid, callback);
+	});
 };

 SocketTopics.move = function(socket, data, callback) {
--- a/src/threadTools.js
+++ b/src/threadTools.js
@ -50,7 +50,9 @@ var winston = require('winston'),
 				read: results.categoryPrivs.read,
 				write: results.categoryPrivs.write,
 				editable: results.categoryPrivs.editable || results.hasEnoughRep,
-				view_deleted: results.categoryPrivs.view_deleted || results.hasEnoughRep
+				view_deleted: results.categoryPrivs.view_deleted || results.hasEnoughRep,
+				moderator: results.categoryPrivs.moderator,
+				admin: results.categoryPrivs.admin
 			});
 		});
 	}
--- a/src/topics.js
+++ b/src/topics.js
@ -211,6 +211,7 @@ var async = require('async'),

 						postData.favourited = false;
 						postData.display_moderator_tools = true;
+						postData.display_move_tools = privileges.admin || privileges.moderator;
 						postData.relativeTime = utils.toISOString(postData.timestamp);

 						callback(null, postData);
@ -358,12 +359,11 @@ var async = require('async'),
 				return parseInt(current_user, 10) !== 0 || parseInt(post.deleted, 10) === 0;
 			});

-			function getFavouritesData(next) {
-				var pids = [];
-				for (var i = 0; i < postData.length; ++i) {
-					pids.push(postData[i].pid);
-				}
+			pids = postData.map(function(post) {
+				return post.pid;
+			});

+			function getFavouritesData(next) {
 				favourites.getFavouritesByPostIDs(pids, current_user, function(fav_data) {
 					next(null, fav_data);
 				});
@ -382,7 +382,20 @@ var async = require('async'),
 			}

 			function getPrivileges(next) {
-				postTools.privileges(tid, current_user, next);
+				var privs = {};
+				async.each(pids, getPostPrivileges, function(err) {
+					next(err, privs);
+				});
+
+				function getPostPrivileges(pid, next) {
+					postTools.privileges(pid, current_user, function(err, postPrivileges) {
+						if(err) {
+							return next(err);
+						}
+						privs[pid] = postPrivileges;
+						next();
+					});
+				}
 			}

 			async.parallel([getFavouritesData, addUserInfoToPosts, getPrivileges], function(err, results) {
@ -394,8 +407,10 @@ var async = require('async'),
 					privileges = results[2];

 				for (var i = 0; i < postData.length; ++i) {
-					postData[i].favourited = fav_data[postData[i].pid];
-					postData[i].display_moderator_tools = ((current_user != 0) && (postData[i].uid == current_user || privileges.editable));
+					var pid = postData[i].pid;
+					postData[i].favourited = fav_data[pid];
+					postData[i].display_moderator_tools = (current_user != 0) && privileges[pid].editable;
+					postData[i].display_move_tools = privileges[pid].move;
 				}

 				callback(null, postData);