v1.18.x
Barış Soner Uşaklı 4 years ago
parent 7e6427bca7
commit 414caac01b

@ -19,6 +19,11 @@ module.exports = function (SocketPosts) {
throw new Error('[[error:invalid-data]]'); throw new Error('[[error:invalid-data]]');
} }
const canMove = await privileges.topics.isAdminOrMod(data.tid, socket.uid);
if (!canMove) {
throw new Error('[[error:no-privileges]]');
}
for (const pid of data.pids) { for (const pid of data.pids) {
/* eslint-disable no-await-in-loop */ /* eslint-disable no-await-in-loop */
const canMove = await privileges.posts.canMove(pid, socket.uid); const canMove = await privileges.posts.canMove(pid, socket.uid);

@ -721,6 +721,21 @@ describe('Post\'s', function () {
}); });
}); });
}); });
it('should fail to move post if not moderator of target category', async function () {
const cat1 = await categories.create({ name: 'Test Category', description: 'Test category created by testing script' });
const cat2 = await categories.create({ name: 'Test Category', description: 'Test category created by testing script' });
const result = await socketTopics.post({ uid: globalModUid }, { title: 'target topic', content: 'queued topic', cid: cat2.cid });
const modUid = await user.create({ username: 'modofcat1' });
await privileges.categories.give(privileges.userPrivilegeList, cat1.cid, modUid);
let err;
try {
await socketPosts.movePost({ uid: modUid }, { pid: replyPid, tid: result.tid });
} catch (_err) {
err = _err;
}
assert.strictEqual(err.message, '[[error:no-privileges]]');
});
}); });
describe('getPostSummaryByPids', function () { describe('getPostSummaryByPids', function () {

Loading…
Cancel
Save