more flagged posts shenanigans

public/src/ajaxify.js

@@ -195,6 +195,9 @@ $(document).ready(function() {
 	ajaxify.loadScript = function(tpl_url, callback) {
 		var location = !app.inAdmin ? 'forum/' : '';
 
+		if (tpl_url.startsWith('admin')) {
+			location = '';
+		}
 		var data = {
 			tpl_url: tpl_url,
 			scripts: [location + tpl_url]

src/controllers/admin/flags.js

@@ -1,28 +1,31 @@
 "use strict";
 
+var async = require('async');
 var posts = require('../../posts');
 
 var flagsController = {};
 
 flagsController.get = function(req, res, next) {
-	function done(err, posts) {
-		if (err) {
-			return next(err);
-		}
-		res.render('admin/manage/flags', {posts: posts, next: stop + 1, byUsername: byUsername});
-	}
-
 	var sortBy = req.query.sortBy || 'count';
 	var byUsername = req.query.byUsername || '';
 	var start = 0;
 	var stop = 19;
 
-	if (byUsername) {
+	async.waterfall([
-		posts.getUserFlags(byUsername, sortBy, req.uid, start, stop, done);
+		function (next) {
-	} else {
+			if (byUsername) {
-		var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged';
+				posts.getUserFlags(byUsername, sortBy, req.uid, start, stop, next);
-		posts.getFlags(set, req.uid, start, stop, done);
+			} else {
-	}
+				var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged';
+				posts.getFlags(set, req.uid, start, stop, next);
+			}
+		}
+	], function (err, posts) {
+		if (err) {
+			return next(err);
+		}
+		res.render('admin/manage/flags', {posts: posts, next: stop + 1, byUsername: byUsername});
+	});
 };
 
 

src/controllers/posts.js

@@ -1,31 +1,18 @@
 "use strict";
 
-
+var user = require('../user');
-
+var adminFlagsController = require('./admin/flags');
-var posts = require('../posts');
-
 
 var postsController = {};
 
 postsController.flagged = function(req, res, next) {
-	function done(err, posts) {
+	user.isAdminOrGlobalMod(req.uid, function(err, isAdminOrGlobalMod) {
-		if (err) {
+		if (err || !isAdminOrGlobalMod) {
 			return next(err);
 		}
-		res.render('admin/manage/flags', {posts: posts, next: stop + 1, byUsername: byUsername});
-	}
-
-	var sortBy = req.query.sortBy || 'count';
-	var byUsername = req.query.byUsername || '';
-	var start = 0;
-	var stop = 19;
 
-	if (byUsername) {
+		adminFlagsController.get(req, res, next);
-		posts.getUserFlags(byUsername, sortBy, req.uid, start, stop, done);
+	});
-	} else {
-		var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged';
-		posts.getFlags(set, req.uid, start, stop, done);
-	}
 };
 
 

src/routes/index.js

@@ -37,7 +37,7 @@ function mainRoutes(app, middleware, controllers) {
 }
 
 function postRoutes(app, middleware, controllers) {
-	setupPageRoute(app, '/posts/flagged', middleware, [], controllers.posts.flagged);
+	setupPageRoute(app, '/posts/flags', middleware, [], controllers.posts.flagged);
 }
 
 function topicRoutes(app, middleware, controllers) {

src/socket.io/admin.js

@@ -39,12 +39,13 @@ SocketAdmin.before = function(socket, method, data, next) {
 	if (!socket.uid) {
 		return;
 	}
+
 	user.isAdministrator(socket.uid, function(err, isAdmin) {
-		if (!err && isAdmin) {
+		if (err || isAdmin) {
-			next();
+			return next(err);
-		} else {
-			winston.warn('[socket.io] Call to admin method ( ' + method + ' ) blocked (accessed by uid ' + socket.uid + ')');
 		}
+
+		winston.warn('[socket.io] Call to admin method ( ' + method + ' ) blocked (accessed by uid ' + socket.uid + ')');
 	});
 };
 
@@ -323,36 +324,5 @@ SocketAdmin.deleteAllEvents = function(socket, data, callback) {
 	events.deleteAll(callback);
 };
 
-SocketAdmin.dismissFlag = function(socket, pid, callback) {
-	if (!pid) {
-		return callback('[[error:invalid-data]]');
-	}
-
-	posts.dismissFlag(pid, callback);
-};
-
-SocketAdmin.dismissAllFlags = function(socket, data, callback) {
-	posts.dismissAllFlags(callback);
-};
-
-SocketAdmin.getMoreFlags = function(socket, data, callback) {
-	if (!data || !parseInt(data.after, 10)) {
-		return callback('[[error:invalid-data]]');
-	}
-	var sortBy = data.sortBy || 'count';
-	var byUsername = data.byUsername ||  '';
-	var start = parseInt(data.after, 10);
-	var stop = start + 19;
-	if (byUsername) {
-		posts.getUserFlags(byUsername, sortBy, socket.uid, start, stop, function(err, posts) {
-			callback(err, {posts: posts, next: stop + 1});
-		});
-	} else {
-		var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged';
-		posts.getFlags(set, socket.uid, start, stop, function(err, posts) {
-			callback(err, {posts: posts, next: stop + 1});
-		});
-	}
-};
 
 module.exports = SocketAdmin;

src/socket.io/posts/flag.js

@@ -98,4 +98,66 @@ module.exports = function(SocketPosts) {
 			}
 		], callback);
 	};
+
+	SocketPosts.dismissFlag = function(socket, pid, callback) {
+		if (!pid || !socket.uid) {
+			return callback('[[error:invalid-data]]');
+		}
+		async.waterfall([
+			function (next) {
+				user.isAdminOrGlobalModerator(socket.uid, next);
+			},
+			function (isAdminOrGlobalModerator, next) {
+				if (!isAdminOrGlobalModerator) {
+					return next(new Error('[[no-privileges]]'));
+				}
+				posts.dismissFlag(pid, next);
+			}
+		], callback);
+	};
+
+	SocketPosts.dismissAllFlags = function(socket, data, callback) {
+		async.waterfall([
+			function (next) {
+				user.isAdminOrGlobalModerator(socket.uid, next);
+			},
+			function (isAdminOrGlobalModerator, next) {
+				if (!isAdminOrGlobalModerator) {
+					return next(new Error('[[no-privileges]]'));
+				}
+				posts.dismissAllFlags(next);
+			}
+		], callback);
+	};
+
+	SocketPosts.getMoreFlags = function(socket, data, callback) {
+		if (!data || !parseInt(data.after, 10)) {
+			return callback('[[error:invalid-data]]');
+		}
+		var sortBy = data.sortBy || 'count';
+		var byUsername = data.byUsername ||  '';
+		var start = parseInt(data.after, 10);
+		var stop = start + 19;
+
+		async.waterfall([
+			function (next) {
+				user.isAdminOrGlobalModerator(socket.uid, next);
+			},
+			function (isAdminOrGlobalModerator, next) {
+				if (!isAdminOrGlobalModerator) {
+					return next(new Error('[[no-privileges]]'));
+				}
+
+				if (byUsername) {
+					posts.getUserFlags(byUsername, sortBy, socket.uid, start, stop, next);
+				} else {
+					var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged';
+					posts.getFlags(set, socket.uid, start, stop, next);
+				}
+			},
+			function (posts, next) {
+				next(null, {posts: posts, next: stop + 1});
+			},
+		], callback);
+	};
 };

src/socket.io/user/ban.js

@@ -34,13 +34,10 @@ module.exports = function(SocketUser) {
 
 		async.waterfall([
 			function (next) {
-				async.parallel({
+				user.isAdminOrGlobalMod(uid, next);
-					isAdmin: async.apply(user.isAdministrator, uid),
-					isGlobalMod: async.apply(user.isGlobalModerator, uid)
-				}, next);
 			},
-			function (results, next) {
+			function (isAdminOrGlobalMod, next) {
-				if (!results.isAdmin && !results.isGlobalMod) {
+				if (!isAdminOrGlobalMod) {
 					return next(new Error('[[error:no-privileges]]'));
 				}
 				async.each(uids, method, next);

src/user.js

@@ -234,6 +234,15 @@ var	async = require('async'),
 		privileges.users.isGlobalModerator(uid, callback);
 	};
 
+	User.isAdminOrGlobalMod = function(uid, callback) {
+		async.parallel({
+			isAdmin: async.apply(User.isAdministrator, uid),
+			isGlobalMod: async.apply(User.isGlobalModerator, uid)
+		}, function(err, results) {
+			callback(err, results ? (results.isAdmin || results.isGlobalMod) : false);
+		});
+	};
+
 	User.isAdminOrSelf = function(callerUid, uid, callback) {
 		if (parseInt(callerUid, 10) === parseInt(uid, 10)) {
 			return callback();