privilege fixes

9 years ago · 56d325bd86
parent 73e19fa13a
commit 56d325bd86
8 changed files with 36 additions and 34 deletions
--- a/public/src/client/topic/posts.js
+++ b/public/src/client/topic/posts.js
@ -27,8 +27,8 @@ define('forum/topic/posts', [
 		data.privileges = ajaxify.data.privileges;
 		data.posts.forEach(function(post) {
 			post.selfPost = !!app.user.uid && parseInt(post.uid, 10) === parseInt(app.user.uid, 10);
-			post.display_edit_tools = (ajaxify.data.privileges.editOwnPosts && post.selfPost) || ajaxify.data.privileges.isAdminOrMod;
+			post.display_edit_tools = (ajaxify.data.privileges['posts:edit'] && post.selfPost) || ajaxify.data.privileges.isAdminOrMod;
-			post.display_delete_tools = (ajaxify.data.privileges.deleteOwnPosts && post.selfPost) || ajaxify.data.privileges.isAdminOrMod;
+			post.display_delete_tools = (ajaxify.data.privileges['posts:delete'] && post.selfPost) || ajaxify.data.privileges.isAdminOrMod;
 			post.display_moderator_tools = post.display_edit_tools || post.display_delete_tools;
 			post.display_move_tools = ajaxify.data.privileges.isAdminOrMod;
 			post.display_post_menu = ajaxify.data.privileges.isAdminOrMod || post.selfPost || ((app.user.uid || ajaxify.data.postSharing.length) && !post.deleted);
--- a/src/posts/edit.js
+++ b/src/posts/edit.js
@ -28,8 +28,8 @@ module.exports = function(Posts) {
 				privileges.posts.canEdit(data.pid, data.uid, next);
 			},
 			function (canEdit, next) {
-				if (!canEdit) {
+				if (!canEdit.flag) {
-					return next(new Error('[[error:no-privileges]]'));
+					return next(new Error(canEdit.message));
 				}
 				Posts.getPostData(data.pid, next);
 			},
--- a/src/posts/tools.js
+++ b/src/posts/tools.js
@ -37,8 +37,8 @@ module.exports = function(Posts) {
 				privileges.posts.canDelete(pid, uid, next);
 			},
 			function (canDelete, next) {
-				if (!canDelete) {
+				if (!canDelete.flag) {
-					return next(new Error('[[error:no-privileges]]'));
+					return next(new Error(canDelete.message));
 				}
 				if (isDelete) {
--- a/src/privileges/posts.js
+++ b/src/privileges/posts.js
@ -147,15 +147,10 @@ module.exports = function(privileges) {
 				return callback(err);
 			}
 			if (results.isAdminOrMod) {
-				return callback(null, true);
+				return callback(null, {flag: true});
 			}
-			if (results.isEditable.isLocked) {
+
-				return callback(new Error('[[error:topic-locked]]'));
+			callback(null, results.isEditable);
 			}
 			if (results.isEditable.isEditExpired) {
 				return callback(new Error('[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]'));
 			}
 			callback(null, results.isEditable.editable);
 		});
 	};
@ -178,20 +173,25 @@ module.exports = function(privileges) {
 			if (err) {
 				return callback(err);
 			}
 			if (results.isAdminOrMod) {
-				return callback(null, true);
+				return callback(null, {flag: true});
 			}
 			if (results.isLocked) {
-				return callback(new Error('[[error:topic-locked]]'));
+				return callback(null, {flag: false, message: '[[error:topic-locked]]'});
 			}
 			if (!results['posts:delete']) {
-				return callback(null, false);
+				return callback(null, {flag: false, message: '[[error:no-privileges]]'});
 			}
 			var postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10);
 			if (postDeleteDuration && (Date.now() - parseInt(postData.timestamp, 10) > postDeleteDuration * 1000)) {
-				return callback(new Error('[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]'));
+				return callback(null, {flag: false, message: '[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]'});
 			}
-			callback(null, results.isOwner);
+
 			callback(null, {flag: results.isOwner, message: '[[error:no-privileges]]'});
 		});
 	};
@ -223,20 +223,22 @@ module.exports = function(privileges) {
 	};
 	function isPostEditable(pid, uid, callback) {
 		var tid;
 		async.waterfall([
 			function(next) {
 				posts.getPostFields(pid, ['tid', 'timestamp'], next);
 			},
 			function(postData, next) {
 				tid = postData.tid;
 				var postEditDuration = parseInt(meta.config.postEditDuration, 10);
 				if (postEditDuration && Date.now() - parseInt(postData.timestamp, 10) > postEditDuration * 1000) {
-					return callback(null, {isEditExpired: true});
+					return callback(null, {flag: false, message: '[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]'});
 				}
 				topics.isLocked(postData.tid, next);
 			},
 			function(isLocked, next) {
 				if (isLocked) {
-					return callback(null, {isLocked: true});
+					return callback(null, {flag: false, message: '[[error:topic-locked]]'});
 				}
 				async.parallel({
@ -245,7 +247,7 @@ module.exports = function(privileges) {
 				}, next);
 			},
 			function(result, next) {
-				next(null, {editable: result.owner && result.edit});
+				next(null, {flag: result.owner && result.edit, message: '[[error:no-privileges]]'});
 			}
 		], callback);
 	}
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@ -58,8 +58,8 @@ module.exports = function(privileges) {
 				disabled: disabled,
 				tid: tid,
 				uid: uid,
-				editOwnPosts: results['posts:edit'][0],
+				'posts:edit': (results['posts:edit'][0] && !locked) || isAdminOrMod,
-				deleteOwnPosts: results['posts:delete'][0]
+				'posts:delete': (results['posts:delete'][0] && !locked) || isAdminOrMod
 			}, callback);
 		});
 	};
--- a/src/socket.io/posts/tools.js
+++ b/src/socket.io/posts/tools.js
@ -47,12 +47,13 @@ module.exports = function(SocketPosts) {
 			if (err) {
 				return callback(err);
 			}
 			results.posts.tools = results.tools.tools;
 			results.posts.deleted = parseInt(results.posts.deleted, 10) === 1;
 			results.posts.favourited = results.favourited[0];
 			results.posts.selfPost = socket.uid && socket.uid === parseInt(results.posts.uid, 10);
-			results.posts.display_edit_tools = results.canEdit;
+			results.posts.display_edit_tools = results.canEdit.flag;
-			results.posts.display_delete_tools = results.canDelete;
+			results.posts.display_delete_tools = results.canDelete.flag;
 			results.posts.display_moderator_tools = results.posts.display_edit_tools || results.posts.display_delete_tools;
 			results.posts.display_move_tools = results.isAdminOrMod;
 			callback(null, results);
--- a/src/topics/create.js
+++ b/src/topics/create.js
@ -191,25 +191,24 @@ module.exports = function(Topics) {
 			function(_cid, next) {
 				cid = _cid;
 				async.parallel({
-					exists: async.apply(Topics.exists, tid),
+					topicData: async.apply(Topics.getTopicData, tid),
 					locked: async.apply(Topics.isLocked, tid),
 					canReply: async.apply(privileges.topics.can, 'topics:reply', tid, uid),
-					isAdmin: async.apply(user.isAdministrator, uid),
+					isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid),
 					isModerator: async.apply(user.isModerator, uid, cid)
 				}, next);
 			},
 			function(results, next) {
-				if (!results.exists) {
+				if (!results.topicData) {
 					return next(new Error('[[error:no-topic]]'));
 				}
-				if (results.locked && !results.isAdmin && !results.isModerator) {
+				if (parseInt(results.topicData.locked, 10) === 1 && !results.isAdminOrMod) {
 					return next(new Error('[[error:topic-locked]]'));
 				}
 				if (!results.canReply) {
 					return next(new Error('[[error:no-privileges]]'));
 				}
 				guestHandleValid(data, next);
 			},
 			function(next) {
--- a/src/topics/fork.js
+++ b/src/topics/fork.js
@ -61,8 +61,8 @@ module.exports = function(Topics) {
 			function(_tid, next) {
 				function move(pid, next) {
 					privileges.posts.canEdit(pid, uid, function(err, canEdit) {
-						if(err || !canEdit) {
+						if (err || !canEdit.flag) {
-							return next(err);
+							return next(err || new Error(canEdit.message));
 						}
 						Topics.movePostToTopic(pid, tid, next);