Edit history is now a category-level privilege

Closes #6425
7 years ago · 99dc3feeb2
parent b2d7455f72
commit 99dc3feeb2
8 changed files with 44 additions and 5 deletions
--- a/public/language/en-GB/admin/manage/privileges.json
+++ b/public/language/en-GB/admin/manage/privileges.json
@ -18,6 +18,7 @@
 	"reply-to-topics": "Reply to Topics",
 	"tag-topics": "Tag Topics",
 	"edit-posts": "Edit Posts",
+	"view-edit-history": "View Edit History",
 	"delete-posts": "Delete Posts",
 	"upvote-posts": "Upvote Posts",
 	"downvote-posts": "Downvote Posts",
--- a/public/src/client/topic/postTools.js
+++ b/public/src/client/topic/postTools.js
@ -140,7 +140,7 @@ define('forum/topic/postTools', [
 			}
 		});

-		if (config.enablePostHistory) {
+		if (config.enablePostHistory && ajaxify.data.privileges['posts:history']) {
 			postContainer.on('click', '[component="post/view-history"], [component="post/edit-indicator"]', function () {
 				var btn = $(this);
 				diffs.open(getData(btn, 'data-pid'));
--- a/src/categories/create.js
+++ b/src/categories/create.js
@ -60,6 +60,7 @@ module.exports = function (Categories) {
 					'topics:reply',
 					'topics:tag',
 					'posts:edit',
+					'posts:history',
 					'posts:delete',
 					'posts:upvote',
 					'posts:downvote',
--- a/src/privileges.js
+++ b/src/privileges.js
@ -10,6 +10,7 @@ privileges.privilegeLabels = [
 	{ name: '[[admin/manage/privileges:reply-to-topics]]' },
 	{ name: '[[admin/manage/privileges:tag-topics]]' },
 	{ name: '[[admin/manage/privileges:edit-posts]]' },
+	{ name: '[[admin/manage/privileges:view-edit-history]]' },
 	{ name: '[[admin/manage/privileges:delete-posts]]' },
 	{ name: '[[admin/manage/privileges:upvote-posts]]' },
 	{ name: '[[admin/manage/privileges:downvote-posts]]' },
@ -26,6 +27,7 @@ privileges.userPrivilegeList = [
 	'topics:reply',
 	'topics:tag',
 	'posts:edit',
+	'posts:history',
 	'posts:delete',
 	'posts:upvote',
 	'posts:downvote',
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@ -16,7 +16,7 @@ module.exports = function (privileges) {

 	privileges.topics.get = function (tid, uid, callback) {
 		var topic;
-		var privs = ['topics:reply', 'topics:read', 'topics:tag', 'topics:delete', 'posts:edit', 'posts:delete', 'read'];
+		var privs = ['topics:reply', 'topics:read', 'topics:tag', 'topics:delete', 'posts:edit', 'posts:history', 'posts:delete', 'read'];
 		async.waterfall([
 			async.apply(topics.getTopicFields, tid, ['cid', 'uid', 'locked', 'deleted']),
 			function (_topic, next) {
@ -44,6 +44,7 @@ module.exports = function (privileges) {
 					'topics:tag': privData['topics:tag'] || isAdminOrMod,
 					'topics:delete': (isOwner && privData['topics:delete']) || isAdminOrMod,
 					'posts:edit': (privData['posts:edit'] && !locked) || isAdminOrMod,
+					'posts:history': privData['posts:history'] || isAdminOrMod,
 					'posts:delete': (privData['posts:delete'] && !locked) || isAdminOrMod,
 					read: privData.read || isAdminOrMod,
 					view_thread_tools: editable || deletable,
--- a/src/socket.io/posts/diffs.js
+++ b/src/socket.io/posts/diffs.js
@ -2,10 +2,16 @@

 var async = require('async');
 var posts = require('../../posts');
+var privileges = require('../../privileges');

 module.exports = function (SocketPosts) {
 	SocketPosts.getDiffs = function (socket, data, callback) {
 		async.waterfall([
+			function (next) {
+				privileges.posts.can('posts:history', data.pid, socket.uid, function (err, allowed) {
+					next(err || allowed ? null : new Error('[[error:no-privileges]]'));
+				});
+			},
 			function (next) {
 				posts.diffs.list(data.pid, next);
 			},
@ -17,6 +23,12 @@ module.exports = function (SocketPosts) {
 	};

 	SocketPosts.showPostAt = function (socket, data, callback) {
-		posts.diffs.load(data.pid, data.since, socket.uid, callback);
+		privileges.posts.can('posts:history', data.pid, socket.uid, function (err, allowed) {
+			if (err || !allowed) {
+				return callback(err || new Error('[[error:no-privileges]]'));
+			}
+
+			posts.diffs.load(data.pid, data.since, socket.uid, callback);
+		});
 	};
 };
--- a/src/upgrades/1.10.0/post_history_privilege.js
+++ b/src/upgrades/1.10.0/post_history_privilege.js
@ -0,0 +1,22 @@
+'use strict';
+
+
+var async = require('async');
+
+var privileges = require('../../privileges');
+var db = require('../../database');
+
+module.exports = {
+	name: 'Give post history viewing privilege to registered-users on all categories',
+	timestamp: Date.UTC(2018, 5, 7),
+	method: function (callback) {
+		db.getSortedSetRange('categories:cid', 0, -1, function (err, cids) {
+			if (err) {
+				return callback(err);
+			}
+			async.eachSeries(cids, function (cid, next) {
+				privileges.categories.give(['posts:history'], cid, 'registered-users', next);
+			}, callback);
+		});
+	},
+};
--- a/src/views/admin/partials/categories/privileges.tpl
+++ b/src/views/admin/partials/categories/privileges.tpl
@ -5,7 +5,7 @@
 								<th class="arrowed" colspan="3">
 									[[admin/manage/categories:privileges.section-viewing]]
 								</th>
-								<th class="arrowed" colspan="8">
+								<th class="arrowed" colspan="9">
 									[[admin/manage/categories:privileges.section-posting]]
 								</th>
 								<th class="arrowed" colspan="2">
@ -61,7 +61,7 @@
 								<th class="arrowed" colspan="3">
 									[[admin/manage/categories:privileges.section-viewing]]
 								</th>
-								<th class="arrowed" colspan="8">
+								<th class="arrowed" colspan="9">
 									[[admin/manage/categories:privileges.section-posting]]
 								</th>
 								<th class="arrowed" colspan="2">