From c49541598f9a65afdfca5f95977caba99e0716b6 Mon Sep 17 00:00:00 2001 From: Thomas Lynch Date: Thu, 14 Jan 2021 07:52:25 +0000 Subject: [PATCH] config to change perm level to delete board, close #311 --- configs/main.js.example | 3 +++ controllers/forms.js | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/configs/main.js.example b/configs/main.js.example index 35cf224b..880dae63 100644 --- a/configs/main.js.example +++ b/configs/main.js.example @@ -95,6 +95,9 @@ module.exports = { // permission level required to see UNHASHED ips. -1 for ips to be hashed even for root user. not recommended to change after installation ipHashPermLevel: 0, + // permission level required to delete boards + deleteBoardPermLevel: 2, + /* delete files immediately rather than pruning later. usually disabled to prevent re-thumbnailing and processing commonly uploaded files, but deleting immediately is better if you are concerned about "deleted" content not being immediately removed */ pruneImmediately: false, diff --git a/controllers/forms.js b/controllers/forms.js index ef3bef2a..164b763d 100644 --- a/controllers/forms.js +++ b/controllers/forms.js @@ -3,6 +3,7 @@ const express = require('express') , router = express.Router({ caseSensitive: true }) , Boards = require(__dirname+'/../db/boards.js') + , { deleteBoardPermLevel } = require(__dirname+'/../configs/main.js') //middlewares , torPreBypassCheck = require(__dirname+'/../helpers/checks/torprebypass.js') , geoAndTor = require(__dirname+'/../helpers/geoip.js') @@ -75,13 +76,13 @@ router.post('/board/:board/addcustompages', /*geoAndTor, torPreBypassCheck, proc router.post('/board/:board/deletecustompages', /*geoAndTor, torPreBypassCheck, processIp,*/ useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), paramConverter, deleteCustomPageController); //delete banners //router.post('/board/:board/addban', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(3), paramConverter, addBanController); //add ban manually without post router.post('/board/:board/editbans', /*geoAndTor, torPreBypassCheck, processIp,*/ useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(3), paramConverter, editBansController); //edit bans -router.post('/board/:board/deleteboard', /*geoAndTor, torPreBypassCheck, processIp,*/ useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(2), deleteBoardController); //delete board +router.post('/board/:board/deleteboard', /*geoAndTor, torPreBypassCheck, processIp,*/ useSession, sessionRefresh, csrf, Boards.exists, calcPerms, isLoggedIn, hasPerms(deleteBoardPermLevel), deleteBoardController); //delete board //global management forms router.post('/global/editbans', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, editBansController); //remove bans //commented out for now, because we cant add a manual ban based on a non existing hash suffix (or fetch the full hash from a non existing post), and the user wouldnt know if it the post didn't exist so its pointless anyway. //router.post('/global/addban', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, addBanController); //add ban manually without post -router.post('/global/deleteboard', useSession, sessionRefresh, csrf, paramConverter, calcPerms, isLoggedIn, hasPerms(1), deleteBoardController); //delete board +router.post('/global/deleteboard', useSession, sessionRefresh, csrf, paramConverter, calcPerms, isLoggedIn, hasPerms(Math.min(deleteBoardPermLevel, 1)), deleteBoardController); //delete board from global management panel router.post('/global/addnews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), addNewsController); //add new newspost router.post('/global/editnews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, editNewsController); //add new newspost router.post('/global/deletenews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, deleteNewsController); //delete news