From 87f59ed0513855d3cbbaa9e53d5c84d1a44a94a5 Mon Sep 17 00:00:00 2001 From: fatchan Date: Wed, 7 Aug 2019 08:46:17 +0000 Subject: [PATCH] board moderators can now be assigned/removed --- controllers/forms.js | 2 +- db/accounts.js | 8 ++++++++ gulpfile.js | 2 +- helpers/checks/hasperms.js | 4 ++-- helpers/paramconverter.js | 2 +- models/forms/changeboardsettings.js | 14 ++++++++++++++ models/forms/create.js | 2 +- views/pages/manage.pug | 3 +++ 8 files changed, 31 insertions(+), 6 deletions(-) diff --git a/controllers/forms.js b/controllers/forms.js index a347b9f3..8babe2b9 100644 --- a/controllers/forms.js +++ b/controllers/forms.js @@ -639,7 +639,7 @@ router.post('/board/:board/deleteboard', csrf, Boards.exists, banCheck, isLogged if (!req.body.confirm) { errors.push('Missing confirmation'); } - if (!req.body.uri | req.body.uri !== req.params.board) { + if (!req.body.uri || req.body.uri !== req.params.board) { errors.push('URI does not match') } diff --git a/db/accounts.js b/db/accounts.js index 9599136b..aff782b0 100644 --- a/db/accounts.js +++ b/db/accounts.js @@ -7,6 +7,14 @@ const Mongo = require(__dirname+'/db.js') module.exports = { + count: (usernames) => { + return db.countDocuments({ + '_id': { + '$in': usernames + } + }); + }, + findOne: (username) => { return db.findOne({ '_id': username }); }, diff --git a/gulpfile.js b/gulpfile.js index c5a5e383..8f4985fd 100644 --- a/gulpfile.js +++ b/gulpfile.js @@ -46,12 +46,12 @@ async function wipe() { Boards.insertOne({ '_id': 'test', 'owner': '', - 'moderators': [], 'banners': [], 'sequence_value': 1, 'settings': { 'name': 'test', 'description': 'testing board', + 'moderators': [], 'captchaMode': 0, 'locked': false, 'tphTrigger': 10, diff --git a/helpers/checks/hasperms.js b/helpers/checks/hasperms.js index 35665807..90aa4c48 100644 --- a/helpers/checks/hasperms.js +++ b/helpers/checks/hasperms.js @@ -9,10 +9,10 @@ module.exports = (req, res) => { if (res.locals.board != null) { if (res.locals.board.owner === user.username) { return 2; //board owner 2 - } else if (res.locals.board.moderators.includes(user.username) === true) { + } else if (res.locals.board.settings.moderators.includes(user.username) === true) { return 3; //board staff 3 } } } - return 4; //not logged in/too low level for anything atm + return 4; //not logged in, not staff or moderator } diff --git a/helpers/paramconverter.js b/helpers/paramconverter.js index d7059386..9fb480f8 100644 --- a/helpers/paramconverter.js +++ b/helpers/paramconverter.js @@ -2,7 +2,7 @@ const Mongo = require(__dirname+'/../db/db.js') , allowedArrays = new Set(['checkedposts', 'globalcheckedposts', 'checkedbans', 'checkedbanners']) //only these can be arrays, since express bodyparser will output arrays - , trimFields = ['uri', 'filters', 'announcement', 'description', 'message', 'name', 'subject', 'email', 'password', 'default_name', 'report_reason', 'ban_reason'] //trim if we dont want filed with whitespace + , trimFields = ['uri', 'moderators', 'filters', 'announcement', 'description', 'message', 'name', 'subject', 'email', 'password', 'default_name', 'report_reason', 'ban_reason'] //trim if we dont want filed with whitespace , numberFields = ['filter_mode', 'captcha_mode', 'tph_trigger', 'tph_trigger_action', 'reply_limit', 'max_files', 'thread_limit', 'thread', 'min_message_length'] //convert these to numbers before they hit our routes , banDurationRegex = /^(?[\d]+y)?(?[\d]+m)?(?[\d]+w)?(?[\d]+d)?(?[\d]+h)?$/ , msTime = require(__dirname+'/mstime.js') diff --git a/models/forms/changeboardsettings.js b/models/forms/changeboardsettings.js index 0e34676b..25372f0e 100644 --- a/models/forms/changeboardsettings.js +++ b/models/forms/changeboardsettings.js @@ -2,6 +2,7 @@ const Boards = require(__dirname+'/../../db/boards.js') , Posts = require(__dirname+'/../../db/posts.js') + , Accounts = require(__dirname+'/../../db/accounts.js') , uploadDirectory = require(__dirname+'/../../helpers/files/uploadDirectory.js') , { buildHomepage, buildCatalog, buildBoardMultiple } = require(__dirname+'/../../helpers/build.js') , { remove } = require('fs-extra') @@ -23,15 +24,28 @@ module.exports = async (req, res, next) => { let markdownAnnouncement; if (req.body.announcement !== oldSettings.announcement.raw) { + //remarkup the announcement if it changes const styled = simpleMarkdown(req.body.announcement); const quoted = (await linkQuotes(req.params.board, styled, null)).quotedMessage; const sanitized = sanitize(quoted, sanitizeOptions); markdownAnnouncement = sanitized; } + let moderators = req.body.moderators !== null ? req.body.moderators.split('\n').filter(n => n) : oldSettings.moderators + if (moderators !== oldSettings.moderators) { + //make sure moderators actually have existing accounts + if (moderators.length > 0) { + const validCount = await Accounts.count(moderators); + if (validCount !== moderators.length) { + moderators = oldSettings.moderators; + } + } + } + const newSettings = { name: req.body.name && req.body.name.trim().length > 0 ? req.body.name : oldSettings.name, description: req.body.description && req.body.description.trim().length > 0 ? req.body.description : oldSettings.description, + moderators, locked: req.body.locked ? true : false, ids: req.body.ids ? true : false, forceAnon: req.body.force_anon ? true : false, diff --git a/models/forms/create.js b/models/forms/create.js index 3cdcc0c4..4da56b79 100644 --- a/models/forms/create.js +++ b/models/forms/create.js @@ -27,12 +27,12 @@ module.exports = async (req, res, next) => { const newBoard = { '_id': uri, 'owner': req.session.user.username, - 'moderators': [], 'banners': [], 'sequence_value': 1, 'settings': { name, description, + 'moderators': [], 'locked': false, 'captchaMode': 0, 'tphTrigger': 0, diff --git a/views/pages/manage.pug b/views/pages/manage.pug index 0192b4dd..812331af 100644 --- a/views/pages/manage.pug +++ b/views/pages/manage.pug @@ -18,6 +18,9 @@ block content section.row .label Board Description input(type='text' name='description' value=board.settings.description) + section.row + .label Moderators + textarea(name='moderators' placeholder='newline separated') #{board.settings.moderators.join('\n')} section.row .label Board Locked label.postform-style.ph-5