Add permission for whether role/user can view global bans on board

Change board query to prevent board staff unban/upgrade/delete/etc global bans Dont add modlog entry for 0 amount ban edits
2 weeks ago · 5ae7f6236d
parent 64df1dae12
commit 5ae7f6236d
10 changed files with 46 additions and 31 deletions
--- a/controllers/forms/editbans.js
+++ b/controllers/forms/editbans.js
@ -46,9 +46,12 @@ module.exports = {
 			});
 		}

+		const showGlobal = res.locals.permissions.get(Permissions.VIEW_BOARD_GLOBAL_BANS);
+		res.locals.bansBoard = req.params.board ? showGlobal ? req.parms.board : { '$eq': req.params.board } : null;
+
 		let bans = [];
 		try {
-			bans = await Bans.get(req.body.checkedbans, req.params.board ? req.params.board : null);
+			bans = await Bans.get(req.body.checkedbans, res.locals.bansBoard);
 		} catch (e) {
 			return next(e);
 		}
@ -81,23 +84,25 @@ module.exports = {
 					throw __('Invalid ban action'); //should never happen anyway
 			}

-			// inserting these into non-public modlogs
-			const modlogs = bans.map(b => ({
-				board: Array.isArray(b.board) ? b.board.find(bx => bx != null) : b.board, //TODO: if in future multiple are allowed, update this to use an array
-				showLinks: true,
-				postLinks: [],
-				actions: [ModlogActions.EDIT_BAN],
-				public: false,
-				date: new Date(),
-				showUser: true,
-				message: message,
-				user: req.session.user,
-				ip: {
-					cloak: res.locals.ip.cloak,
-					raw: res.locals.ip.raw,
-				}
-			}));
-			await Modlogs.insertMany(modlogs);
+			if (amount > 0) {
+				// inserting these into non-public modlogs
+				const modlogs = bans.map(b => ({
+					board: Array.isArray(b.board) ? b.board.find(bx => bx != null) : b.board, //TODO: if in future multiple are allowed, update this to use an array
+					showLinks: true,
+					postLinks: [],
+					actions: [ModlogActions.EDIT_BAN],
+					public: false,
+					date: new Date(),
+					showUser: true,
+					message: message,
+					user: req.session.user,
+					ip: {
+						cloak: res.locals.ip.cloak,
+						raw: res.locals.ip.raw,
+					}
+				}));
+				await Modlogs.insertMany(modlogs);
+			}

 		} catch (err) {
 			return next(err);
--- a/db/bans.js
+++ b/db/bans.js
@ -182,7 +182,7 @@ module.exports = {
 			'board': board,
 			'_id': {
 				'$in': ids
-			}
+			},
 		});
 	},

--- a/lib/permission/permission.js
+++ b/lib/permission/permission.js
@ -44,6 +44,9 @@ class Permission extends BigBitfield {
 		} else if (this.get(Permissions.MANAGE_BOARD_OWNER)) { //BOs and "global staff"
 			this.setAll(Permissions._MANAGE_BOARD_BITS);
 		}
+		if (this.get(Permissions.MANAGE_GLOBAL_BANS)) {
+			this.set(Permissions.VIEW_BOARD_GLOBAL_BANS);
+		}
 	}

 }
--- a/lib/permission/permissions.js
+++ b/lib/permission/permissions.js
@ -33,7 +33,9 @@ const Permissions = Object.seal(Object.freeze(Object.preventExtensions({
 	MANAGE_BOARD_SETTINGS: 24,
 	MANAGE_BOARD_CUSTOMISATION: 25,
 	MANAGE_BOARD_STAFF: 26,
-	_MANAGE_BOARD_BITS: [20,21,22,23,24,25,26],
+	_MANAGE_BOARD_BITS: [20,21,22,23,24,25,26], //bits that can be set by a BO and partial bitfield will be stored in board staff object
+
+	VIEW_BOARD_GLOBAL_BANS: 30,

 	USE_MARKDOWN_PINKTEXT: 35,
 	USE_MARKDOWN_GREENTEXT: 36,
@ -85,6 +87,7 @@ const Metadata = Object.seal(Object.freeze(Object.preventExtensions({
 	[Permissions.MANAGE_BOARD_SETTINGS]: { label: 'Settings', desc: 'Access board settings. Ability to change any settings. Settings page will show transfer/delete forms for those with "Board Owner" permission.' },
 	[Permissions.MANAGE_BOARD_CUSTOMISATION]: { label: 'Customisation', desc: 'Access to board assets and custompages. Ability to upload, create, edit, delete.' },
 	[Permissions.MANAGE_BOARD_STAFF]: { label: 'Staff', desc: 'Access to staff management, and ability to add or remove permissions from others. Can only be given by somebody else with "Board Owner" permission. Use with caution!', parent: Permissions.MANAGE_BOARD_OWNER },
+	[Permissions.VIEW_BOARD_GLOBAL_BANS]: { label: 'View Board Global Bans', desc: 'Ability to view global bans on board modlog pages if the banned post originated from that board.', parent: Permissions.ROOT },

 	[Permissions.USE_MARKDOWN_PINKTEXT]: { title: 'Post styling', label: 'Pinktext', desc: 'Use pinktext' },
 	[Permissions.USE_MARKDOWN_GREENTEXT]: { label: 'Greentext', desc: 'Use greentext' },
--- a/models/forms/denybanappeals.js
+++ b/models/forms/denybanappeals.js
@ -2,8 +2,8 @@

 const { Bans } = require(__dirname+'/../../db/');

-module.exports = async (req) => {
+module.exports = async (req, res) => {

-	return Bans.denyAppeal(req.params.board, req.body.checkedbans).then(result => result.modifiedCount);
+	return Bans.denyAppeal(res.locals.bansBoard, req.body.checkedbans).then(result => result.modifiedCount);

 };
--- a/models/forms/editbanduration.js
+++ b/models/forms/editbanduration.js
@ -2,10 +2,10 @@

 const { Bans } = require(__dirname+'/../../db/');

-module.exports = async (req) => {
+module.exports = async (req, res) => {

 	//New ban expiry date is current date + ban_duration. Not based on the original ban issue date.
 	const newExpireAt = new Date(Date.now() + req.body.ban_duration);
-	return Bans.editDuration(req.params.board, req.body.checkedbans, newExpireAt).then(result => result.modifiedCount);
+	return Bans.editDuration(res.locals.bansBoard, req.body.checkedbans, newExpireAt).then(result => result.modifiedCount);

 };
--- a/models/forms/editbannote.js
+++ b/models/forms/editbannote.js
@ -2,9 +2,9 @@

 const { Bans } = require(__dirname+'/../../db/');

-module.exports = async (req) => {
+module.exports = async (req, res) => {

 	//New ban note.
-	return Bans.editNote(req.params.board, req.body.checkedbans, req.body.ban_note).then(result => result.modifiedCount);
+	return Bans.editNote(res.locals.bansBoard, req.body.checkedbans, req.body.ban_note).then(result => result.modifiedCount);

 };
--- a/models/forms/removebans.js
+++ b/models/forms/removebans.js
@ -2,8 +2,10 @@

 const { Bans } = require(__dirname+'/../../db/');

-module.exports = async (req) => {
+module.exports = async (req, res) => {

-	return Bans.removeMany(req.params.board, req.body.checkedbans).then(result => result.deletedCount);
+	const showGlobal = res.locals.permissions.get(Permissions.VIEW_BOARD_GLOBAL_BANS);
+	const bansBoard = req.params.board ? showGlobal ? req.parms.board : { '$eq': req.params.board } : null;
+	return Bans.removeMany(bansBoard, req.body.checkedbans).then(result => result.deletedCount);

 };
--- a/models/forms/upgradebans.js
+++ b/models/forms/upgradebans.js
@ -2,9 +2,9 @@

 const { Bans } = require(__dirname+'/../../db/');

-module.exports = async (req) => {
+module.exports = async (req, res) => {

-	const nReturned = await Bans.upgrade(req.params.board, req.body.checkedbans, req.body.upgrade)
+	const nReturned = await Bans.upgrade(res.locals.bansBoard, req.body.checkedbans, req.body.upgrade)
 		.then(explain => {
 			if (explain && explain.stages) {
 				return explain.stages[0].nReturned;
--- a/models/pages/manage/bans.js
+++ b/models/pages/manage/bans.js
@ -7,7 +7,9 @@ module.exports = async (req, res, next) => {

 	let bans;
 	try {
-		bans = await Bans.getBoardBans(req.params.board);
+		const showGlobal = res.locals.permissions.get(Permissions.VIEW_BOARD_GLOBAL_BANS);
+		const bansBoard = showGlobal ? req.params.board : { '$eq': req.params.board };
+		bans = await Bans.getBoardBans(bansBoard);
 	} catch (err) {
 		return next(err);
 	}