Merge branch 'disco-improve-modlogs' into 'develop'

Draft: Add modlog on unban, and split concept of private/public modlog entries

See merge request fatchan/jschan!345

CHANGELOG.md

@@ -5,7 +5,7 @@
     - So far covers creating boards, changing board settings, and ban editing/unban/upgrade.
     - Modlog entries for e.g. board creation are global and not linked to the board and will not be deleted along with the board (duh).
     - Private modlogs for edited global bans will also be available from the originating board.
-  - Added a global setting that toggles whether board ban lists include global bans that originated from that board.
+  - Added a permission for whether board ban lists include global bans that originated from that board.
   - Global account management now has an option delete all boards owned by an account when deleting it.
   - Bugfix moving posts to non existing board not correctly returning an error sometimes.
 

controllers/forms/editbans.js

@@ -46,9 +46,12 @@ module.exports = {
 			});
 		}
 
+		const showGlobal = res.locals.permissions.get(Permissions.VIEW_BOARD_GLOBAL_BANS);
+		res.locals.bansBoard = req.params.board ? showGlobal ? req.parms.board : { '$eq': req.params.board } : null;
+
 		let bans = [];
 		try {
-			bans = await Bans.get(req.body.checkedbans, req.params.board ? req.params.board : null);
+			bans = await Bans.get(req.body.checkedbans, res.locals.bansBoard);
 		} catch (e) {
 			return next(e);
 		}
@@ -81,23 +84,25 @@ module.exports = {
 					throw __('Invalid ban action'); //should never happen anyway
 			}
 
-			// inserting these into non-public modlogs
-			const modlogs = bans.map(b => ({
-				board: Array.isArray(b.board) ? b.board.find(bx => bx != null) : b.board, //TODO: if in future multiple are allowed, update this to use an array
-				showLinks: true,
-				postLinks: [],
-				actions: [ModlogActions.EDIT_BAN],
-				public: false,
-				date: new Date(),
-				showUser: true,
-				message: message,
-				user: req.session.user,
-				ip: {
-					cloak: res.locals.ip.cloak,
-					raw: res.locals.ip.raw,
-				}
-			}));
-			await Modlogs.insertMany(modlogs);
+			if (amount > 0) {
+				// inserting these into non-public modlogs
+				const modlogs = bans.map(b => ({
+					board: Array.isArray(b.board) ? b.board.find(bx => bx != null) : b.board, //TODO: if in future multiple are allowed, update this to use an array
+					showLinks: true,
+					postLinks: [],
+					actions: [ModlogActions.EDIT_BAN],
+					public: false,
+					date: new Date(),
+					showUser: true,
+					message: message,
+					user: req.session.user,
+					ip: {
+						cloak: res.locals.ip.cloak,
+						raw: res.locals.ip.raw,
+					}
+				}));
+				await Modlogs.insertMany(modlogs);
+			}
 
 		} catch (err) {
 			return next(err);

db/bans.js

@@ -182,7 +182,7 @@ module.exports = {
 			'board': board,
 			'_id': {
 				'$in': ids
-			}
+			},
 		});
 	},
 

lib/permission/permission.js

@@ -44,6 +44,9 @@ class Permission extends BigBitfield {
 		} else if (this.get(Permissions.MANAGE_BOARD_OWNER)) { //BOs and "global staff"
 			this.setAll(Permissions._MANAGE_BOARD_BITS);
 		}
+		if (this.get(Permissions.MANAGE_GLOBAL_BANS)) {
+			this.set(Permissions.VIEW_BOARD_GLOBAL_BANS);
+		}
 	}
 
 }

lib/permission/permissions.js

@@ -33,7 +33,9 @@ const Permissions = Object.seal(Object.freeze(Object.preventExtensions({
 	MANAGE_BOARD_SETTINGS: 24,
 	MANAGE_BOARD_CUSTOMISATION: 25,
 	MANAGE_BOARD_STAFF: 26,
-	_MANAGE_BOARD_BITS: [20,21,22,23,24,25,26],
+	_MANAGE_BOARD_BITS: [20,21,22,23,24,25,26], //bits that can be set by a BO and partial bitfield will be stored in board staff object
+
+	VIEW_BOARD_GLOBAL_BANS: 30,
 
 	USE_MARKDOWN_PINKTEXT: 35,
 	USE_MARKDOWN_GREENTEXT: 36,
@@ -85,6 +87,7 @@ const Metadata = Object.seal(Object.freeze(Object.preventExtensions({
 	[Permissions.MANAGE_BOARD_SETTINGS]: { label: 'Settings', desc: 'Access board settings. Ability to change any settings. Settings page will show transfer/delete forms for those with "Board Owner" permission.' },
 	[Permissions.MANAGE_BOARD_CUSTOMISATION]: { label: 'Customisation', desc: 'Access to board assets and custompages. Ability to upload, create, edit, delete.' },
 	[Permissions.MANAGE_BOARD_STAFF]: { label: 'Staff', desc: 'Access to staff management, and ability to add or remove permissions from others. Can only be given by somebody else with "Board Owner" permission. Use with caution!', parent: Permissions.MANAGE_BOARD_OWNER },
+	[Permissions.VIEW_BOARD_GLOBAL_BANS]: { label: 'View Board Global Bans', desc: 'Ability to view global bans on board modlog pages if the banned post originated from that board.', parent: Permissions.ROOT },
 
 	[Permissions.USE_MARKDOWN_PINKTEXT]: { title: 'Post styling', label: 'Pinktext', desc: 'Use pinktext' },
 	[Permissions.USE_MARKDOWN_GREENTEXT]: { label: 'Greentext', desc: 'Use greentext' },

migrations/1.5.0.js

@@ -2,7 +2,7 @@
 
 module.exports = async(db) => {
 
-	console.log('Updating all bans with board: null to be global true');
+	console.log('Updating all bans to have new global true/false flag');
 	await db.collection('bans').updateMany({
 		board: null,
 	}, {
@@ -11,4 +11,14 @@ module.exports = async(db) => {
 		},
 	});
 
+	await db.collection('bans').updateMany({
+		board: {
+			'$ne': null,
+		},
+	}, {
+		'$set': {
+			'global': false,
+		},
+	});
+
 };

models/forms/denybanappeals.js

@@ -2,8 +2,8 @@
 
 const { Bans } = require(__dirname+'/../../db/');
 
-module.exports = async (req) => {
+module.exports = async (req, res) => {
 
-	return Bans.denyAppeal(req.params.board, req.body.checkedbans).then(result => result.modifiedCount);
+	return Bans.denyAppeal(res.locals.bansBoard, req.body.checkedbans).then(result => result.modifiedCount);
 
 };

models/forms/editbanduration.js

@@ -2,10 +2,10 @@
 
 const { Bans } = require(__dirname+'/../../db/');
 
-module.exports = async (req) => {
+module.exports = async (req, res) => {
 
 	//New ban expiry date is current date + ban_duration. Not based on the original ban issue date.
 	const newExpireAt = new Date(Date.now() + req.body.ban_duration);
-	return Bans.editDuration(req.params.board, req.body.checkedbans, newExpireAt).then(result => result.modifiedCount);
+	return Bans.editDuration(res.locals.bansBoard, req.body.checkedbans, newExpireAt).then(result => result.modifiedCount);
 
 };

models/forms/editbannote.js

@@ -2,9 +2,9 @@
 
 const { Bans } = require(__dirname+'/../../db/');
 
-module.exports = async (req) => {
+module.exports = async (req, res) => {
 
 	//New ban note.
-	return Bans.editNote(req.params.board, req.body.checkedbans, req.body.ban_note).then(result => result.modifiedCount);
+	return Bans.editNote(res.locals.bansBoard, req.body.checkedbans, req.body.ban_note).then(result => result.modifiedCount);
 
 };

models/forms/removebans.js

@@ -2,8 +2,10 @@
 
 const { Bans } = require(__dirname+'/../../db/');
 
-module.exports = async (req) => {
+module.exports = async (req, res) => {
 
-	return Bans.removeMany(req.params.board, req.body.checkedbans).then(result => result.deletedCount);
+	const showGlobal = res.locals.permissions.get(Permissions.VIEW_BOARD_GLOBAL_BANS);
+	const bansBoard = req.params.board ? showGlobal ? req.parms.board : { '$eq': req.params.board } : null;
+	return Bans.removeMany(bansBoard, req.body.checkedbans).then(result => result.deletedCount);
 
 };

models/forms/upgradebans.js

@@ -2,9 +2,9 @@
 
 const { Bans } = require(__dirname+'/../../db/');
 
-module.exports = async (req) => {
+module.exports = async (req, res) => {
 
-	const nReturned = await Bans.upgrade(req.params.board, req.body.checkedbans, req.body.upgrade)
+	const nReturned = await Bans.upgrade(res.locals.bansBoard, req.body.checkedbans, req.body.upgrade)
 		.then(explain => {
 			if (explain && explain.stages) {
 				return explain.stages[0].nReturned;

models/pages/manage/bans.js

@@ -7,7 +7,9 @@ module.exports = async (req, res, next) => {
 
 	let bans;
 	try {
-		bans = await Bans.getBoardBans(req.params.board);
+		const showGlobal = res.locals.permissions.get(Permissions.VIEW_BOARD_GLOBAL_BANS);
+		const bansBoard = showGlobal ? req.params.board : { '$eq': req.params.board };
+		bans = await Bans.getBoardBans(bansBoard);
 	} catch (err) {
 		return next(err);
 	}

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "jschan",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "jschan",
-      "version": "1.5.0",
+      "version": "1.6.0",
       "license": "AGPL-3.0-only",
       "dependencies": {
         "@fatchan/express-fileupload": "^1.4.5",

package.json

@@ -1,7 +1,7 @@
 {
   "name": "jschan",
-  "version": "1.5.0",
-  "migrateVersion": "1.4.1",
+  "version": "1.6.0",
+  "migrateVersion": "1.5.0",
   "description": "",
   "main": "server.js",
   "dependencies": {

views/includes/postform.pug

@@ -39,7 +39,7 @@ section.form-wrapper.flex-center
 						span.required *
 			- const minLength = (isThread ? board.settings.minReplyMessageLength : board.settings.minThreadMessageLength) || 0;
 			- const maxLength = Math.min((isThread ? board.settings.maxReplyMessageLength : board.settings.maxThreadMessageLength), globalLimits.fieldLength.message) || globalLimits.fieldLength.message;
-			textarea#message(name='message', rows='5', autocomplete='off' minlength=minLength maxlength=maxLength required=messageRequired)
+			textarea#message(name='message', rows='5', minlength=minLength maxlength=maxLength required=messageRequired)
 		if board.settings.maxFiles > 0 && Object.values(board.settings.allowedFileTypes).some(x => x === true)
 			- const maxFiles = board.settings.maxFiles;
 			section.row