You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
163 lines
6.0 KiB
JavaScript
163 lines
6.0 KiB
JavaScript
|
|
'use strict';
|
|
|
|
const _ = require('lodash');
|
|
|
|
const meta = require('../meta');
|
|
const topics = require('../topics');
|
|
const user = require('../user');
|
|
const helpers = require('./helpers');
|
|
const categories = require('../categories');
|
|
const plugins = require('../plugins');
|
|
|
|
module.exports = function (privileges) {
|
|
privileges.topics = {};
|
|
|
|
privileges.topics.get = async function (tid, uid) {
|
|
uid = parseInt(uid, 10);
|
|
|
|
const privs = [
|
|
'topics:reply', 'topics:read', 'topics:tag',
|
|
'topics:delete', 'posts:edit', 'posts:history',
|
|
'posts:delete', 'posts:view_deleted', 'read', 'purge',
|
|
];
|
|
const topicData = await topics.getTopicFields(tid, ['cid', 'uid', 'locked', 'deleted']);
|
|
const [userPrivileges, isAdministrator, isModerator, disabled] = await Promise.all([
|
|
helpers.isUserAllowedTo(privs, uid, topicData.cid),
|
|
user.isAdministrator(uid),
|
|
user.isModerator(uid, topicData.cid),
|
|
categories.getCategoryField(topicData.cid, 'disabled'),
|
|
]);
|
|
const privData = _.zipObject(privs, userPrivileges);
|
|
const isOwner = uid > 0 && uid === topicData.uid;
|
|
const isAdminOrMod = isAdministrator || isModerator;
|
|
const editable = isAdminOrMod;
|
|
const deletable = (privData['topics:delete'] && (isOwner || isModerator)) || isAdministrator;
|
|
|
|
return await plugins.fireHook('filter:privileges.topics.get', {
|
|
'topics:reply': (privData['topics:reply'] && ((!topicData.locked && !topicData.deleted) || isModerator)) || isAdministrator,
|
|
'topics:read': privData['topics:read'] || isAdministrator,
|
|
'topics:tag': privData['topics:tag'] || isAdministrator,
|
|
'topics:delete': (privData['topics:delete'] && (isOwner || isModerator)) || isAdministrator,
|
|
'posts:edit': (privData['posts:edit'] && (!topicData.locked || isModerator)) || isAdministrator,
|
|
'posts:history': privData['posts:history'] || isAdministrator,
|
|
'posts:delete': (privData['posts:delete'] && (!topicData.locked || isModerator)) || isAdministrator,
|
|
'posts:view_deleted': privData['posts:view_deleted'] || isAdministrator,
|
|
read: privData.read || isAdministrator,
|
|
purge: (privData.purge && (isOwner || isModerator)) || isAdministrator,
|
|
|
|
view_thread_tools: editable || deletable,
|
|
editable: editable,
|
|
deletable: deletable,
|
|
view_deleted: isAdminOrMod || isOwner,
|
|
isAdminOrMod: isAdminOrMod,
|
|
disabled: disabled,
|
|
tid: tid,
|
|
uid: uid,
|
|
});
|
|
};
|
|
|
|
privileges.topics.can = async function (privilege, tid, uid) {
|
|
const cid = await topics.getTopicField(tid, 'cid');
|
|
return await privileges.categories.can(privilege, cid, uid);
|
|
};
|
|
|
|
privileges.topics.filterTids = async function (privilege, tids, uid) {
|
|
if (!Array.isArray(tids) || !tids.length) {
|
|
return [];
|
|
}
|
|
|
|
const topicsData = await topics.getTopicsFields(tids, ['tid', 'cid', 'deleted']);
|
|
const cids = _.uniq(topicsData.map(topic => topic.cid));
|
|
const results = await privileges.categories.getBase(privilege, cids, uid);
|
|
|
|
const allowedCids = cids.filter((cid, index) => !results.categories[index].disabled && (results.allowedTo[index] || results.isAdmin));
|
|
|
|
const cidsSet = new Set(allowedCids);
|
|
const canViewDeleted = _.zipObject(cids, results.view_deleted);
|
|
|
|
tids = topicsData.filter(t => cidsSet.has(t.cid) && (!t.deleted || canViewDeleted[t.cid] || results.isAdmin)).map(t => t.tid);
|
|
|
|
const data = await plugins.fireHook('filter:privileges.topics.filter', {
|
|
privilege: privilege,
|
|
uid: uid,
|
|
tids: tids,
|
|
});
|
|
return data ? data.tids : [];
|
|
};
|
|
|
|
privileges.topics.filterUids = async function (privilege, tid, uids) {
|
|
if (!Array.isArray(uids) || !uids.length) {
|
|
return [];
|
|
}
|
|
|
|
uids = _.uniq(uids);
|
|
const topicData = await topics.getTopicFields(tid, ['tid', 'cid', 'deleted']);
|
|
const [disabled, allowedTo, isAdmins] = await Promise.all([
|
|
categories.getCategoryField(topicData.cid, 'disabled'),
|
|
helpers.isUsersAllowedTo(privilege, uids, topicData.cid),
|
|
user.isAdministrator(uids),
|
|
]);
|
|
return uids.filter(function (uid, index) {
|
|
return !disabled &&
|
|
((allowedTo[index] && !topicData.deleted) || isAdmins[index]);
|
|
});
|
|
};
|
|
|
|
privileges.topics.canPurge = async function (tid, uid) {
|
|
const cid = await topics.getTopicField(tid, 'cid');
|
|
const [purge, owner, isAdmin, isModerator] = await Promise.all([
|
|
privileges.categories.isUserAllowedTo('purge', cid, uid),
|
|
topics.isOwner(tid, uid),
|
|
privileges.users.isAdministrator(uid),
|
|
privileges.users.isModerator(uid, cid),
|
|
]);
|
|
return (purge && (owner || isModerator)) || isAdmin;
|
|
};
|
|
|
|
privileges.topics.canDelete = async function (tid, uid) {
|
|
const topicData = await topics.getTopicFields(tid, ['uid', 'cid', 'postcount', 'deleterUid']);
|
|
const [isModerator, isAdministrator, isOwner, allowedTo] = await Promise.all([
|
|
user.isModerator(uid, topicData.cid),
|
|
user.isAdministrator(uid),
|
|
topics.isOwner(tid, uid),
|
|
helpers.isUserAllowedTo('topics:delete', uid, [topicData.cid]),
|
|
]);
|
|
|
|
if (isAdministrator) {
|
|
return true;
|
|
}
|
|
|
|
const preventTopicDeleteAfterReplies = meta.config.preventTopicDeleteAfterReplies;
|
|
if (!isModerator && preventTopicDeleteAfterReplies && (topicData.postcount - 1) >= preventTopicDeleteAfterReplies) {
|
|
const langKey = preventTopicDeleteAfterReplies > 1 ?
|
|
'[[error:cant-delete-topic-has-replies, ' + meta.config.preventTopicDeleteAfterReplies + ']]' :
|
|
'[[error:cant-delete-topic-has-reply]]';
|
|
throw new Error(langKey);
|
|
}
|
|
|
|
const deleterUid = topicData.deleterUid;
|
|
return allowedTo[0] && ((isOwner && (deleterUid === 0 || deleterUid === topicData.uid)) || isModerator);
|
|
};
|
|
|
|
privileges.topics.canEdit = async function (tid, uid) {
|
|
return await privileges.topics.isOwnerOrAdminOrMod(tid, uid);
|
|
};
|
|
|
|
privileges.topics.isOwnerOrAdminOrMod = async function (tid, uid) {
|
|
const [isOwner, isAdminOrMod] = await Promise.all([
|
|
topics.isOwner(tid, uid),
|
|
privileges.topics.isAdminOrMod(tid, uid),
|
|
]);
|
|
return isOwner || isAdminOrMod;
|
|
};
|
|
|
|
privileges.topics.isAdminOrMod = async function (tid, uid) {
|
|
if (parseInt(uid, 10) <= 0) {
|
|
return false;
|
|
}
|
|
const cid = await topics.getTopicField(tid, 'cid');
|
|
return await privileges.categories.isAdminOrMod(cid, uid);
|
|
};
|
|
};
|