config to change perm level to delete board, close #311

4 years ago · c49541598f
parent 1b4555c538
commit c49541598f
2 changed files with 6 additions and 2 deletions
--- a/configs/main.js.example
+++ b/configs/main.js.example
@ -95,6 +95,9 @@ module.exports = {
 	// permission level required to see UNHASHED ips. -1 for ips to be hashed even for root user. not recommended to change after installation
 	ipHashPermLevel: 0,

+	// permission level required to delete boards
+	deleteBoardPermLevel: 2,
+
 	/* delete files immediately rather than pruning later. usually disabled to prevent re-thumbnailing and processing commonly
 		uploaded files, but deleting immediately is better if you are concerned about "deleted" content not being immediately removed */
 	pruneImmediately: false,
--- a/controllers/forms.js
+++ b/controllers/forms.js
@ -3,6 +3,7 @@
 const express  = require('express')
 	, router = express.Router({ caseSensitive: true })
 	, Boards = require(__dirname+'/../db/boards.js')
+	, { deleteBoardPermLevel } = require(__dirname+'/../configs/main.js')
 	//middlewares
 	, torPreBypassCheck = require(__dirname+'/../helpers/checks/torprebypass.js')
 	, geoAndTor = require(__dirname+'/../helpers/geoip.js')
@ -75,13 +76,13 @@ router.post('/board/:board/addcustompages', /*geoAndTor, torPreBypassCheck, proc
 router.post('/board/:board/deletecustompages', /*geoAndTor, torPreBypassCheck, processIp,*/ useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, deleteCustomPageController); //delete banners
 //router.post('/board/:board/addban', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(3), paramConverter, addBanController); //add ban manually without post
 router.post('/board/:board/editbans', /*geoAndTor, torPreBypassCheck, processIp,*/ useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(3), paramConverter, editBansController); //edit bans
-router.post('/board/:board/deleteboard', /*geoAndTor, torPreBypassCheck, processIp,*/ useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), deleteBoardController); //delete board
+router.post('/board/:board/deleteboard', /*geoAndTor, torPreBypassCheck, processIp,*/ useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(deleteBoardPermLevel), deleteBoardController); //delete board

 //global management forms
 router.post('/global/editbans', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, editBansController); //remove bans
 //commented out for now, because we cant add a manual ban based on a non existing hash suffix (or fetch the full hash from a non existing post), and the user wouldnt know if it the post didn't exist so its pointless anyway. 
 //router.post('/global/addban', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, addBanController); //add ban manually without post
-router.post('/global/deleteboard', useSession, sessionRefresh, csrf, paramConverter, calcPerms, isLoggedIn, hasPerms(1), deleteBoardController); //delete board
+router.post('/global/deleteboard', useSession, sessionRefresh, csrf, paramConverter, calcPerms, isLoggedIn, hasPerms(Math.min(deleteBoardPermLevel, 1)), deleteBoardController); //delete board from global management panel
 router.post('/global/addnews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), addNewsController); //add new newspost
 router.post('/global/editnews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, editNewsController); //add new newspost
 router.post('/global/deletenews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, deleteNewsController); //delete news