2019-05-02 18:17:27 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
class PostsController < ApplicationController
|
2022-03-21 10:28:52 -04:00
|
|
|
# Bug with Rails 7+
|
|
|
|
# see https://github.com/rails/rails/issues/44867
|
|
|
|
self._flash_types -= [:notice]
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2018-01-31 23:17:59 -05:00
|
|
|
requires_login except: %i[
|
2018-01-25 15:38:40 -05:00
|
|
|
show
|
|
|
|
replies
|
|
|
|
by_number
|
2018-07-19 10:00:13 -04:00
|
|
|
by_date
|
2018-01-25 15:38:40 -05:00
|
|
|
short_link
|
|
|
|
reply_history
|
2022-03-08 15:08:15 -05:00
|
|
|
reply_ids
|
2018-01-25 15:38:40 -05:00
|
|
|
revisions
|
|
|
|
latest_revision
|
|
|
|
expand_embed
|
|
|
|
markdown_id
|
|
|
|
markdown_num
|
|
|
|
cooked
|
|
|
|
latest
|
|
|
|
user_posts_feed
|
|
|
|
]
|
2023-01-09 07:20:10 -05:00
|
|
|
|
2018-01-25 15:38:40 -05:00
|
|
|
skip_before_action :preload_json,
|
|
|
|
:check_xhr,
|
|
|
|
only: %i[markdown_id markdown_num short_link latest user_posts_feed]
|
2013-04-30 02:29:57 -04:00
|
|
|
|
2022-01-17 16:05:14 -05:00
|
|
|
MARKDOWN_TOPIC_PAGE_SIZE ||= 100
|
|
|
|
|
2014-07-11 17:34:26 -04:00
|
|
|
def markdown_id
|
2022-03-08 11:42:07 -05:00
|
|
|
markdown Post.find_by(id: params[:id].to_i)
|
2014-07-11 17:34:26 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def markdown_num
|
2015-10-19 05:01:29 -04:00
|
|
|
if params[:revision].present?
|
|
|
|
post_revision = find_post_revision_from_topic_id
|
2017-04-10 08:01:25 -04:00
|
|
|
render plain: post_revision.modifications[:raw].last
|
2022-01-17 16:05:14 -05:00
|
|
|
elsif params[:post_number].present?
|
|
|
|
markdown Post.find_by(
|
|
|
|
topic_id: params[:topic_id].to_i,
|
|
|
|
post_number: params[:post_number].to_i,
|
|
|
|
)
|
2015-10-19 05:01:29 -04:00
|
|
|
else
|
2022-01-17 16:05:14 -05:00
|
|
|
opts = params.slice(:page)
|
|
|
|
opts[:limit] = MARKDOWN_TOPIC_PAGE_SIZE
|
|
|
|
topic_view = TopicView.new(params[:topic_id], current_user, opts)
|
|
|
|
content = topic_view.posts.map { |p| <<~MD }
|
|
|
|
#{p.user.username} | #{p.updated_at} | ##{p.post_number}
|
|
|
|
|
|
|
|
#{p.raw}
|
|
|
|
|
|
|
|
-------------------------
|
|
|
|
|
DEV: Correctly tag heredocs (#16061)
This allows text editors to use correct syntax coloring for the heredoc sections.
Heredoc tag names we use:
languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
2022-02-28 14:50:55 -05:00
|
|
|
MD
|
2022-01-17 16:05:14 -05:00
|
|
|
render plain: content.join
|
2015-10-19 05:01:29 -04:00
|
|
|
end
|
2014-07-11 17:34:26 -04:00
|
|
|
end
|
|
|
|
|
2015-01-24 00:04:14 -05:00
|
|
|
def latest
|
2015-01-24 00:22:19 -05:00
|
|
|
params.permit(:before)
|
|
|
|
last_post_id = params[:before].to_i
|
|
|
|
last_post_id = Post.last.id if last_post_id <= 0
|
|
|
|
|
2016-03-21 06:22:36 -04:00
|
|
|
if params[:id] == "private_posts"
|
|
|
|
raise Discourse::NotFound if current_user.nil?
|
|
|
|
posts =
|
|
|
|
Post
|
|
|
|
.private_posts
|
|
|
|
.order(created_at: :desc)
|
|
|
|
.where("posts.id <= ?", last_post_id)
|
|
|
|
.where("posts.id > ?", last_post_id - 50)
|
|
|
|
.includes(topic: :category)
|
2021-07-08 03:46:21 -04:00
|
|
|
.includes(user: %i[primary_group flair_group])
|
2016-03-21 06:22:36 -04:00
|
|
|
.includes(:reply_to_user)
|
|
|
|
.limit(50)
|
|
|
|
rss_description = I18n.t("rss_description.private_posts")
|
|
|
|
else
|
|
|
|
posts =
|
|
|
|
Post
|
|
|
|
.public_posts
|
2022-10-18 14:19:54 -04:00
|
|
|
.visible
|
|
|
|
.where(post_type: Post.types[:regular])
|
2016-03-21 06:22:36 -04:00
|
|
|
.order(created_at: :desc)
|
|
|
|
.where("posts.id <= ?", last_post_id)
|
|
|
|
.where("posts.id > ?", last_post_id - 50)
|
|
|
|
.includes(topic: :category)
|
2021-07-08 03:46:21 -04:00
|
|
|
.includes(user: %i[primary_group flair_group])
|
2016-03-21 06:22:36 -04:00
|
|
|
.includes(:reply_to_user)
|
|
|
|
.limit(50)
|
|
|
|
rss_description = I18n.t("rss_description.posts")
|
2022-03-15 05:17:06 -04:00
|
|
|
@use_canonical = true
|
2016-03-21 06:22:36 -04:00
|
|
|
end
|
|
|
|
|
2015-01-24 00:04:14 -05:00
|
|
|
# Remove posts the user doesn't have permission to see
|
|
|
|
# This isn't leaking any information we weren't already through the post ID numbers
|
2015-10-16 07:44:48 -04:00
|
|
|
posts = posts.reject { |post| !guardian.can_see?(post) || post.topic.blank? }
|
2015-01-24 00:04:14 -05:00
|
|
|
counts = PostAction.counts_for(posts, current_user)
|
|
|
|
|
2015-06-09 07:39:03 -04:00
|
|
|
respond_to do |format|
|
|
|
|
format.rss do
|
|
|
|
@posts = posts
|
2016-03-21 06:22:36 -04:00
|
|
|
@title = "#{SiteSetting.title} - #{rss_description}"
|
2015-06-09 07:39:03 -04:00
|
|
|
@link = Discourse.base_url
|
2016-03-21 09:15:16 -04:00
|
|
|
@description = rss_description
|
2015-06-09 07:39:03 -04:00
|
|
|
render "posts/latest", formats: [:rss]
|
|
|
|
end
|
|
|
|
format.json do
|
|
|
|
render_json_dump(
|
|
|
|
serialize_data(
|
|
|
|
posts,
|
|
|
|
PostSerializer,
|
|
|
|
scope: guardian,
|
2016-03-21 06:22:36 -04:00
|
|
|
root: params[:id],
|
2015-06-09 07:39:03 -04:00
|
|
|
add_raw: true,
|
2015-09-01 20:45:09 -04:00
|
|
|
add_title: true,
|
2015-06-09 07:39:03 -04:00
|
|
|
all_post_actions: counts,
|
2023-01-09 07:20:10 -05:00
|
|
|
),
|
2015-06-09 07:39:03 -04:00
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
2015-01-24 00:04:14 -05:00
|
|
|
end
|
|
|
|
|
2016-03-31 09:10:50 -04:00
|
|
|
def user_posts_feed
|
|
|
|
params.require(:username)
|
|
|
|
user = fetch_user_from_params
|
2020-06-03 09:33:02 -04:00
|
|
|
raise Discourse::NotFound unless guardian.can_see_profile?(user)
|
2016-03-31 09:10:50 -04:00
|
|
|
|
|
|
|
posts =
|
|
|
|
Post
|
|
|
|
.public_posts
|
2022-10-18 14:19:54 -04:00
|
|
|
.visible
|
2016-03-31 09:10:50 -04:00
|
|
|
.where(user_id: user.id)
|
2016-03-31 12:04:53 -04:00
|
|
|
.where(post_type: Post.types[:regular])
|
2016-03-31 09:10:50 -04:00
|
|
|
.order(created_at: :desc)
|
|
|
|
.includes(:user)
|
|
|
|
.includes(topic: :category)
|
|
|
|
.limit(50)
|
|
|
|
|
|
|
|
posts = posts.reject { |post| !guardian.can_see?(post) || post.topic.blank? }
|
|
|
|
|
2018-10-09 10:21:41 -04:00
|
|
|
respond_to do |format|
|
|
|
|
format.rss do
|
|
|
|
@posts = posts
|
|
|
|
@title =
|
|
|
|
"#{SiteSetting.title} - #{I18n.t("rss_description.user_posts", username: user.username)}"
|
2022-04-13 09:52:56 -04:00
|
|
|
@link = "#{user.full_url}/activity"
|
2018-10-09 10:21:41 -04:00
|
|
|
@description = I18n.t("rss_description.user_posts", username: user.username)
|
|
|
|
render "posts/latest", formats: [:rss]
|
|
|
|
end
|
|
|
|
|
|
|
|
format.json do
|
|
|
|
render_json_dump(serialize_data(posts, PostSerializer, scope: guardian, add_excerpt: true))
|
|
|
|
end
|
|
|
|
end
|
2016-03-31 09:10:50 -04:00
|
|
|
end
|
|
|
|
|
2014-06-20 17:06:44 -04:00
|
|
|
def cooked
|
2017-03-08 17:15:42 -05:00
|
|
|
render json: { cooked: find_post_from_params.cooked }
|
2014-06-20 17:06:44 -04:00
|
|
|
end
|
|
|
|
|
2014-10-17 15:18:29 -04:00
|
|
|
def raw_email
|
2017-03-08 17:15:42 -05:00
|
|
|
params.require(:id)
|
2016-08-01 17:55:22 -04:00
|
|
|
post = Post.unscoped.find(params[:id].to_i)
|
2014-11-12 08:49:42 -05:00
|
|
|
guardian.ensure_can_view_raw_email!(post)
|
2017-03-08 17:15:42 -05:00
|
|
|
text, html = Email.extract_parts(post.raw_email)
|
|
|
|
render json: { raw_email: post.raw_email, text_part: text, html_part: html }
|
2014-10-17 15:18:29 -04:00
|
|
|
end
|
|
|
|
|
2013-04-24 04:05:35 -04:00
|
|
|
def short_link
|
2022-03-08 11:42:07 -05:00
|
|
|
post = Post.find_by(id: params[:post_id].to_i)
|
|
|
|
raise Discourse::NotFound unless post
|
|
|
|
|
2014-07-11 17:34:26 -04:00
|
|
|
# Stuff the user in the request object, because that's what IncomingLink wants
|
|
|
|
if params[:user_id]
|
2022-03-08 11:42:07 -05:00
|
|
|
user = User.find_by(id: params[:user_id].to_i)
|
2014-07-11 17:34:26 -04:00
|
|
|
request["u"] = user.username_lower if user
|
|
|
|
end
|
2015-02-04 14:49:05 -05:00
|
|
|
|
|
|
|
guardian.ensure_can_see!(post)
|
2016-11-01 15:20:04 -04:00
|
|
|
redirect_to path(post.url)
|
2013-04-24 04:05:35 -04:00
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
|
|
def create
|
2023-02-08 08:27:26 -05:00
|
|
|
manager_params = create_params
|
|
|
|
manager_params[:first_post_checks] = !is_api?
|
|
|
|
manager_params[:advance_draft] = !is_api?
|
|
|
|
|
|
|
|
manager = NewPostManager.new(current_user, manager_params)
|
|
|
|
|
|
|
|
json =
|
|
|
|
if is_api?
|
|
|
|
memoized_payload =
|
|
|
|
DistributedMemoizer.memoize(signature_for(manager_params), 120) do
|
|
|
|
MultiJson.dump(serialize_data(manager.perform, NewPostResultSerializer, root: false))
|
|
|
|
end
|
|
|
|
|
|
|
|
JSON.parse(memoized_payload)
|
|
|
|
else
|
|
|
|
serialize_data(manager.perform, NewPostResultSerializer, root: false)
|
|
|
|
end
|
2014-07-14 01:59:58 -04:00
|
|
|
|
2023-02-08 08:27:26 -05:00
|
|
|
backwards_compatible_json(json)
|
2014-07-14 01:59:58 -04:00
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
def update
|
2013-06-06 03:14:32 -04:00
|
|
|
params.require(:post)
|
2013-02-07 10:45:24 -05:00
|
|
|
|
2014-01-06 02:12:51 -05:00
|
|
|
post = Post.where(id: params[:id])
|
|
|
|
post = post.with_deleted if guardian.is_staff?
|
|
|
|
post = post.first
|
2015-11-13 11:35:04 -05:00
|
|
|
|
|
|
|
raise Discourse::NotFound if post.blank?
|
|
|
|
|
2013-02-21 18:09:56 -05:00
|
|
|
post.image_sizes = params[:image_sizes] if params[:image_sizes].present?
|
2014-01-07 10:32:09 -05:00
|
|
|
|
2019-05-06 21:27:05 -04:00
|
|
|
if !guardian.public_send("can_edit?", post) && post.user_id == current_user.id &&
|
2019-09-06 07:44:12 -04:00
|
|
|
post.edit_time_limit_expired?(current_user)
|
2018-10-17 09:35:32 -04:00
|
|
|
return render_json_error(I18n.t("too_late_to_edit"))
|
2014-01-07 10:32:09 -05:00
|
|
|
end
|
|
|
|
|
2013-02-21 18:09:56 -05:00
|
|
|
guardian.ensure_can_edit!(post)
|
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
changes = { raw: params[:post][:raw], edit_reason: params[:post][:edit_reason] }
|
2013-03-27 02:49:23 -04:00
|
|
|
|
2021-03-24 11:22:16 -04:00
|
|
|
Post.plugin_permitted_update_params.keys.each { |param| changes[param] = params[:post][param] }
|
|
|
|
|
2018-10-17 09:35:32 -04:00
|
|
|
raw_old = params[:post][:raw_old]
|
|
|
|
if raw_old.present? && raw_old != post.raw
|
|
|
|
return render_json_error(I18n.t("edit_conflict"), status: 409)
|
|
|
|
end
|
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
# to stay consistent with the create api, we allow for title & category changes here
|
2015-04-23 13:33:29 -04:00
|
|
|
if post.is_first_post?
|
2014-10-27 17:06:43 -04:00
|
|
|
changes[:title] = params[:title] if params[:title]
|
|
|
|
changes[:category_id] = params[:post][:category_id] if params[:post][:category_id]
|
2018-03-01 20:13:04 -05:00
|
|
|
|
|
|
|
if changes[:category_id] && changes[:category_id].to_i != post.topic.category_id.to_i
|
|
|
|
category = Category.find_by(id: changes[:category_id])
|
|
|
|
if category || (changes[:category_id].to_i == 0)
|
2018-07-12 22:51:08 -04:00
|
|
|
guardian.ensure_can_move_topic_to_category!(category)
|
2018-03-01 20:13:04 -05:00
|
|
|
else
|
|
|
|
return render_json_error(I18n.t("category.errors.not_found"))
|
|
|
|
end
|
|
|
|
end
|
2013-03-27 02:49:23 -04:00
|
|
|
end
|
|
|
|
|
2015-07-28 16:58:56 -04:00
|
|
|
# We don't need to validate edits to small action posts by staff
|
|
|
|
opts = {}
|
|
|
|
if post.post_type == Post.types[:small_action] && current_user.staff?
|
|
|
|
opts[:skip_validations] = true
|
|
|
|
end
|
|
|
|
|
2015-11-13 11:35:04 -05:00
|
|
|
topic = post.topic
|
|
|
|
topic = Topic.with_deleted.find(post.topic_id) if guardian.is_staff?
|
|
|
|
|
|
|
|
revisor = PostRevisor.new(post, topic)
|
2015-08-14 13:33:32 -04:00
|
|
|
revisor.revise!(current_user, changes, opts)
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
return render_json_error(post) if post.errors.present?
|
2015-11-13 11:35:04 -05:00
|
|
|
return render_json_error(topic) if topic.errors.present?
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2021-06-17 04:53:29 -04:00
|
|
|
post_serializer = PostSerializer.new(post, scope: guardian, root: false, add_raw: true)
|
2015-11-13 11:35:04 -05:00
|
|
|
post_serializer.draft_sequence = DraftSequence.current(current_user, topic.draft_key)
|
|
|
|
link_counts = TopicLink.counts_for(guardian, topic, [post])
|
2013-02-21 18:09:56 -05:00
|
|
|
post_serializer.single_post_link_counts = link_counts[post.id] if link_counts.present?
|
|
|
|
|
2015-04-23 13:33:29 -04:00
|
|
|
result = { post: post_serializer.as_json }
|
2013-02-21 18:09:56 -05:00
|
|
|
if revisor.category_changed.present?
|
2013-05-10 02:47:47 -04:00
|
|
|
result[:category] = BasicCategorySerializer.new(
|
|
|
|
revisor.category_changed,
|
|
|
|
scope: guardian,
|
|
|
|
root: false,
|
|
|
|
).as_json
|
2013-02-21 18:09:56 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
render_json_dump(result)
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
def show
|
2014-02-24 12:03:29 -05:00
|
|
|
post = find_post_from_params
|
|
|
|
display_post(post)
|
2013-12-11 21:41:34 -05:00
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
def by_number
|
2014-02-24 12:03:29 -05:00
|
|
|
post = find_post_from_params_by_number
|
|
|
|
display_post(post)
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2018-07-19 10:00:13 -04:00
|
|
|
def by_date
|
|
|
|
post = find_post_from_params_by_date
|
|
|
|
display_post(post)
|
|
|
|
end
|
|
|
|
|
2013-08-06 17:42:36 -04:00
|
|
|
def reply_history
|
2014-02-20 11:38:13 -05:00
|
|
|
post = find_post_from_params
|
2018-11-13 12:16:50 -05:00
|
|
|
|
|
|
|
reply_history = post.reply_history(params[:max_replies].to_i, guardian)
|
|
|
|
user_custom_fields = {}
|
2020-07-26 20:23:54 -04:00
|
|
|
if (added_fields = User.allowed_user_custom_fields(guardian)).present?
|
2018-11-13 12:16:50 -05:00
|
|
|
user_custom_fields = User.custom_fields_for_ids(reply_history.pluck(:user_id), added_fields)
|
|
|
|
end
|
|
|
|
|
|
|
|
render_serialized(reply_history, PostSerializer, user_custom_fields: user_custom_fields)
|
2013-08-06 17:42:36 -04:00
|
|
|
end
|
|
|
|
|
2017-12-13 16:12:06 -05:00
|
|
|
def reply_ids
|
|
|
|
post = find_post_from_params
|
|
|
|
render json: post.reply_ids(guardian).to_json
|
|
|
|
end
|
|
|
|
|
2018-04-20 17:05:51 -04:00
|
|
|
def all_reply_ids
|
2022-03-14 10:13:26 -04:00
|
|
|
Discourse.deprecate("/posts/:id/reply-ids/all is deprecated.", drop_from: "3.0")
|
|
|
|
|
2018-04-20 17:05:51 -04:00
|
|
|
post = find_post_from_params
|
|
|
|
render json: post.reply_ids(guardian, only_replies_to_single_post: false).to_json
|
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
def destroy
|
2013-02-08 17:49:15 -05:00
|
|
|
post = find_post_from_params
|
2022-08-10 05:11:50 -04:00
|
|
|
force_destroy = ActiveModel::Type::Boolean.new.cast(params[:force_destroy])
|
2021-10-13 05:53:23 -04:00
|
|
|
|
2022-08-10 05:11:50 -04:00
|
|
|
if force_destroy
|
2021-10-13 05:53:23 -04:00
|
|
|
if !guardian.can_permanently_delete?(post)
|
|
|
|
return render_json_error post.cannot_permanently_delete_reason(current_user), status: 403
|
|
|
|
end
|
|
|
|
else
|
|
|
|
guardian.ensure_can_delete!(post)
|
|
|
|
end
|
2021-01-08 10:05:13 -05:00
|
|
|
|
2020-11-05 12:18:26 -05:00
|
|
|
unless guardian.can_moderate_topic?(post.topic)
|
2018-06-28 09:51:27 -04:00
|
|
|
RateLimiter.new(
|
|
|
|
current_user,
|
|
|
|
"delete_post_per_min",
|
|
|
|
SiteSetting.max_post_deletions_per_minute,
|
|
|
|
1.minute,
|
|
|
|
).performed!
|
|
|
|
RateLimiter.new(
|
|
|
|
current_user,
|
|
|
|
"delete_post_per_day",
|
|
|
|
SiteSetting.max_post_deletions_per_day,
|
|
|
|
1.day,
|
|
|
|
).performed!
|
2018-06-28 07:08:58 -04:00
|
|
|
end
|
2014-01-07 10:32:09 -05:00
|
|
|
|
2022-08-10 05:11:50 -04:00
|
|
|
PostDestroyer.new(
|
|
|
|
current_user,
|
|
|
|
post,
|
|
|
|
context: params[:context],
|
|
|
|
force_destroy: force_destroy,
|
|
|
|
).destroy
|
2013-03-18 17:52:29 -04:00
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2013-02-07 15:12:55 -05:00
|
|
|
end
|
|
|
|
|
2014-04-01 17:45:16 -04:00
|
|
|
def expand_embed
|
2014-04-03 11:30:43 -04:00
|
|
|
render json: { cooked: TopicEmbed.expanded_for(find_post_from_params) }
|
2014-04-02 13:22:10 -04:00
|
|
|
rescue StandardError
|
|
|
|
render_json_error I18n.t("errors.embed.load_from_remote")
|
2014-04-01 17:45:16 -04:00
|
|
|
end
|
|
|
|
|
2013-02-07 15:12:55 -05:00
|
|
|
def recover
|
2013-02-08 17:49:15 -05:00
|
|
|
post = find_post_from_params
|
2021-01-08 10:05:13 -05:00
|
|
|
guardian.ensure_can_recover_post!(post)
|
|
|
|
|
2020-11-05 12:18:26 -05:00
|
|
|
unless guardian.can_moderate_topic?(post.topic)
|
2018-06-28 09:51:27 -04:00
|
|
|
RateLimiter.new(
|
|
|
|
current_user,
|
|
|
|
"delete_post_per_min",
|
|
|
|
SiteSetting.max_post_deletions_per_minute,
|
|
|
|
1.minute,
|
|
|
|
).performed!
|
|
|
|
RateLimiter.new(
|
|
|
|
current_user,
|
|
|
|
"delete_post_per_day",
|
|
|
|
SiteSetting.max_post_deletions_per_day,
|
|
|
|
1.day,
|
|
|
|
).performed!
|
|
|
|
end
|
2021-01-08 10:05:13 -05:00
|
|
|
|
2013-07-22 03:48:24 -04:00
|
|
|
destroyer = PostDestroyer.new(current_user, post)
|
|
|
|
destroyer.recover
|
|
|
|
post.reload
|
2013-07-09 12:15:55 -04:00
|
|
|
|
2013-07-22 03:48:24 -04:00
|
|
|
render_post_json(post)
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def destroy_many
|
2013-06-06 03:14:32 -04:00
|
|
|
params.require(:post_ids)
|
2019-03-06 04:02:25 -05:00
|
|
|
agree_with_first_reply_flag = (params[:agree_with_first_reply_flag] || true).to_s == "true"
|
2013-02-05 14:16:51 -05:00
|
|
|
|
2019-12-03 02:39:10 -05:00
|
|
|
posts = Post.where(id: post_ids_including_replies).order(:id)
|
2013-02-05 14:16:51 -05:00
|
|
|
raise Discourse::InvalidParameters.new(:post_ids) if posts.blank?
|
|
|
|
|
|
|
|
# Make sure we can delete the posts
|
|
|
|
posts.each { |p| guardian.ensure_can_delete!(p) }
|
|
|
|
|
|
|
|
Post.transaction do
|
2019-03-06 04:02:25 -05:00
|
|
|
posts.each_with_index do |p, i|
|
|
|
|
PostDestroyer.new(
|
|
|
|
current_user,
|
|
|
|
p,
|
|
|
|
defer_flags: !(agree_with_first_reply_flag && i == 0),
|
|
|
|
).destroy
|
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2016-03-21 19:31:56 -04:00
|
|
|
def merge_posts
|
|
|
|
params.require(:post_ids)
|
|
|
|
posts = Post.where(id: params[:post_ids]).order(:id)
|
|
|
|
raise Discourse::InvalidParameters.new(:post_ids) if posts.pluck(:id) == params[:post_ids]
|
|
|
|
PostMerger.new(current_user, posts).merge
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2021-03-31 21:16:18 -04:00
|
|
|
rescue PostMerger::CannotMergeError => e
|
|
|
|
render_json_error(e.message)
|
2016-03-21 19:31:56 -04:00
|
|
|
end
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
# Direct replies to this post
|
|
|
|
def replies
|
2013-02-08 17:49:15 -05:00
|
|
|
post = find_post_from_params
|
2015-09-24 20:15:58 -04:00
|
|
|
replies = post.replies.secured(guardian)
|
2018-11-13 12:16:50 -05:00
|
|
|
|
|
|
|
user_custom_fields = {}
|
2020-07-26 20:23:54 -04:00
|
|
|
if (added_fields = User.allowed_user_custom_fields(guardian)).present?
|
2018-11-13 12:16:50 -05:00
|
|
|
user_custom_fields = User.custom_fields_for_ids(replies.pluck(:user_id), added_fields)
|
|
|
|
end
|
|
|
|
|
|
|
|
render_serialized(replies, PostSerializer, user_custom_fields: user_custom_fields)
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
def revisions
|
2018-10-31 10:47:00 -04:00
|
|
|
post = find_post_from_params
|
|
|
|
raise Discourse::NotFound if post.hidden && !guardian.can_view_hidden_post_revisions?
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
post_revision = find_post_revision_from_params
|
|
|
|
post_revision_serializer =
|
|
|
|
PostRevisionSerializer.new(post_revision, scope: guardian, root: false)
|
|
|
|
render_json_dump(post_revision_serializer)
|
|
|
|
end
|
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
def latest_revision
|
2018-10-31 10:47:00 -04:00
|
|
|
post = find_post_from_params
|
|
|
|
raise Discourse::NotFound if post.hidden && !guardian.can_view_hidden_post_revisions?
|
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
post_revision = find_latest_post_revision_from_params
|
|
|
|
post_revision_serializer =
|
|
|
|
PostRevisionSerializer.new(post_revision, scope: guardian, root: false)
|
|
|
|
render_json_dump(post_revision_serializer)
|
|
|
|
end
|
|
|
|
|
2014-10-13 04:18:49 -04:00
|
|
|
def hide_revision
|
|
|
|
post_revision = find_post_revision_from_params
|
2014-10-27 17:06:43 -04:00
|
|
|
guardian.ensure_can_hide_post_revision!(post_revision)
|
|
|
|
|
2014-10-13 04:18:49 -04:00
|
|
|
post_revision.hide!
|
2014-10-27 17:06:43 -04:00
|
|
|
|
|
|
|
post = find_post_from_params
|
|
|
|
post.public_version -= 1
|
|
|
|
post.save
|
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2014-10-13 04:18:49 -04:00
|
|
|
end
|
|
|
|
|
2023-01-19 16:09:01 -05:00
|
|
|
def permanently_delete_revisions
|
|
|
|
guardian.ensure_can_permanently_delete_post_revisions!
|
|
|
|
|
|
|
|
post = find_post_from_params
|
|
|
|
raise Discourse::InvalidParameters.new(:post) if post.blank?
|
|
|
|
raise Discourse::NotFound unless post.revisions.present?
|
|
|
|
|
|
|
|
RateLimiter.new(
|
|
|
|
current_user,
|
|
|
|
"admin_permanently_delete_post_revisions",
|
|
|
|
20,
|
|
|
|
1.minute,
|
|
|
|
apply_limit_to_staff: true,
|
|
|
|
).performed!
|
|
|
|
|
|
|
|
ActiveRecord::Base.transaction do
|
|
|
|
updated_at = Time.zone.now
|
|
|
|
post.revisions.destroy_all
|
|
|
|
post.update(version: 1, public_version: 1, last_version_at: updated_at)
|
|
|
|
StaffActionLogger.new(current_user).log_permanently_delete_post_revisions(post)
|
|
|
|
end
|
|
|
|
|
|
|
|
post.rebake!
|
|
|
|
|
|
|
|
render body: nil
|
|
|
|
end
|
|
|
|
|
2014-10-13 04:18:49 -04:00
|
|
|
def show_revision
|
|
|
|
post_revision = find_post_revision_from_params
|
2014-10-27 17:06:43 -04:00
|
|
|
guardian.ensure_can_show_post_revision!(post_revision)
|
|
|
|
|
2014-10-13 04:18:49 -04:00
|
|
|
post_revision.show!
|
2014-10-27 17:06:43 -04:00
|
|
|
|
|
|
|
post = find_post_from_params
|
|
|
|
post.public_version += 1
|
|
|
|
post.save
|
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2014-10-13 04:18:49 -04:00
|
|
|
end
|
|
|
|
|
2016-03-09 10:40:49 -05:00
|
|
|
def revert
|
|
|
|
raise Discourse::NotFound unless guardian.is_staff?
|
|
|
|
|
|
|
|
post_id = params[:id] || params[:post_id]
|
|
|
|
revision = params[:revision].to_i
|
|
|
|
raise Discourse::InvalidParameters.new(:revision) if revision < 2
|
|
|
|
|
|
|
|
post_revision = PostRevision.find_by(post_id: post_id, number: revision)
|
|
|
|
raise Discourse::NotFound unless post_revision
|
|
|
|
|
|
|
|
post = find_post_from_params
|
|
|
|
raise Discourse::NotFound if post.blank?
|
|
|
|
|
|
|
|
post_revision.post = post
|
|
|
|
guardian.ensure_can_see!(post_revision)
|
|
|
|
guardian.ensure_can_edit!(post)
|
|
|
|
if post_revision.modifications["raw"].blank? && post_revision.modifications["title"].blank? &&
|
|
|
|
post_revision.modifications["category_id"].blank?
|
|
|
|
return render_json_error(I18n.t("revert_version_same"))
|
2023-01-09 07:20:10 -05:00
|
|
|
end
|
2016-03-09 10:40:49 -05:00
|
|
|
|
|
|
|
topic = Topic.with_deleted.find(post.topic_id)
|
|
|
|
|
|
|
|
changes = {}
|
|
|
|
changes[:raw] = post_revision.modifications["raw"][0] if post_revision.modifications[
|
|
|
|
"raw"
|
|
|
|
].present? && post_revision.modifications["raw"][0] != post.raw
|
|
|
|
if post.is_first_post?
|
|
|
|
changes[:title] = post_revision.modifications["title"][0] if post_revision.modifications[
|
|
|
|
"title"
|
|
|
|
].present? && post_revision.modifications["title"][0] != topic.title
|
|
|
|
changes[:category_id] = post_revision.modifications["category_id"][
|
2023-01-09 07:20:10 -05:00
|
|
|
0
|
2016-03-09 10:40:49 -05:00
|
|
|
] if post_revision.modifications["category_id"].present? &&
|
|
|
|
post_revision.modifications["category_id"][0] != topic.category.id
|
|
|
|
end
|
2023-02-16 04:40:11 -05:00
|
|
|
return render_json_error(I18n.t("revert_version_same")) if changes.length <= 0
|
2023-02-11 08:50:53 -05:00
|
|
|
changes[:edit_reason] = I18n.with_locale(SiteSetting.default_locale) do
|
|
|
|
I18n.t("reverted_to_version", version: post_revision.number.to_i - 1)
|
|
|
|
end
|
2016-03-09 10:40:49 -05:00
|
|
|
|
|
|
|
revisor = PostRevisor.new(post, topic)
|
|
|
|
revisor.revise!(current_user, changes)
|
|
|
|
|
|
|
|
return render_json_error(post) if post.errors.present?
|
|
|
|
return render_json_error(topic) if topic.errors.present?
|
|
|
|
|
|
|
|
post_serializer = PostSerializer.new(post, scope: guardian, root: false)
|
|
|
|
post_serializer.draft_sequence = DraftSequence.current(current_user, topic.draft_key)
|
2017-08-31 00:06:56 -04:00
|
|
|
|
2016-03-09 10:40:49 -05:00
|
|
|
link_counts = TopicLink.counts_for(guardian, topic, [post])
|
|
|
|
post_serializer.single_post_link_counts = link_counts[post.id] if link_counts.present?
|
|
|
|
|
|
|
|
result = { post: post_serializer.as_json }
|
|
|
|
if post.is_first_post?
|
|
|
|
result[:topic] = BasicTopicSerializer.new(
|
|
|
|
topic,
|
|
|
|
scope: guardian,
|
|
|
|
root: false,
|
|
|
|
).as_json if post_revision.modifications["title"].present?
|
|
|
|
result[:category_id] = post_revision.modifications["category_id"][
|
2023-01-09 07:20:10 -05:00
|
|
|
0
|
2016-03-09 10:40:49 -05:00
|
|
|
] if post_revision.modifications["category_id"].present?
|
|
|
|
end
|
|
|
|
|
|
|
|
render_json_dump(result)
|
|
|
|
end
|
|
|
|
|
2018-01-25 15:38:40 -05:00
|
|
|
def locked
|
|
|
|
post = find_post_from_params
|
|
|
|
locker = PostLocker.new(post, current_user)
|
|
|
|
params[:locked] === "true" ? locker.lock : locker.unlock
|
|
|
|
render_json_dump(locked: post.locked?)
|
|
|
|
end
|
|
|
|
|
2019-04-19 10:53:58 -04:00
|
|
|
def notice
|
|
|
|
post = find_post_from_params
|
2020-07-20 15:53:47 -04:00
|
|
|
raise Discourse::NotFound unless guardian.can_edit_staff_notes?(post.topic)
|
2019-04-19 10:53:58 -04:00
|
|
|
|
2020-11-11 07:49:53 -05:00
|
|
|
old_notice = post.custom_fields[Post::NOTICE]
|
2020-07-21 14:29:02 -04:00
|
|
|
|
2019-04-19 10:53:58 -04:00
|
|
|
if params[:notice].present?
|
2020-11-11 07:49:53 -05:00
|
|
|
post.custom_fields[Post::NOTICE] = {
|
|
|
|
type: Post.notices[:custom],
|
|
|
|
raw: params[:notice],
|
|
|
|
cooked: PrettyText.cook(params[:notice], features: { onebox: false }),
|
|
|
|
}
|
2019-04-19 10:53:58 -04:00
|
|
|
else
|
2020-11-11 07:49:53 -05:00
|
|
|
post.custom_fields.delete(Post::NOTICE)
|
2019-04-19 10:53:58 -04:00
|
|
|
end
|
|
|
|
|
2020-11-11 07:49:53 -05:00
|
|
|
post.save_custom_fields
|
|
|
|
|
|
|
|
StaffActionLogger.new(current_user).log_post_staff_note(
|
|
|
|
post,
|
|
|
|
old_value: old_notice&.[]("raw"),
|
|
|
|
new_value: params[:notice],
|
|
|
|
)
|
2020-07-21 14:29:02 -04:00
|
|
|
|
2019-04-19 10:53:58 -04:00
|
|
|
render body: nil
|
|
|
|
end
|
|
|
|
|
2019-12-10 23:04:02 -05:00
|
|
|
def destroy_bookmark
|
|
|
|
params.require(:post_id)
|
|
|
|
|
2022-05-22 20:07:15 -04:00
|
|
|
bookmark_id =
|
|
|
|
Bookmark.where(
|
|
|
|
bookmarkable_id: params[:post_id],
|
|
|
|
bookmarkable_type: "Post",
|
|
|
|
user_id: current_user.id,
|
2023-02-12 23:39:45 -05:00
|
|
|
).pick(:id)
|
2022-03-29 22:43:11 -04:00
|
|
|
destroyed_bookmark = BookmarkManager.new(current_user).destroy(bookmark_id)
|
2020-03-11 20:52:15 -04:00
|
|
|
|
2022-03-29 22:43:11 -04:00
|
|
|
render json:
|
|
|
|
success_json.merge(BookmarkManager.bookmark_metadata(destroyed_bookmark, current_user))
|
2019-12-10 23:04:02 -05:00
|
|
|
end
|
|
|
|
|
2014-05-13 08:53:11 -04:00
|
|
|
def wiki
|
|
|
|
post = find_post_from_params
|
2022-01-24 02:56:18 -05:00
|
|
|
params.require(:wiki)
|
2016-01-11 10:26:00 -05:00
|
|
|
guardian.ensure_can_wiki!(post)
|
|
|
|
|
2017-01-25 00:34:55 -05:00
|
|
|
post.revise(current_user, wiki: params[:wiki])
|
2014-05-13 08:53:11 -04:00
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2014-05-13 08:53:11 -04:00
|
|
|
end
|
|
|
|
|
2014-09-10 17:08:33 -04:00
|
|
|
def post_type
|
|
|
|
guardian.ensure_can_change_post_type!
|
|
|
|
post = find_post_from_params
|
2022-01-24 02:56:18 -05:00
|
|
|
params.require(:post_type)
|
|
|
|
raise Discourse::InvalidParameters.new(:post_type) if Post.types[params[:post_type].to_i].blank?
|
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
post.revise(current_user, post_type: params[:post_type].to_i)
|
2014-09-10 17:08:33 -04:00
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2014-09-10 17:08:33 -04:00
|
|
|
end
|
|
|
|
|
2014-09-11 10:04:40 -04:00
|
|
|
def rebake
|
|
|
|
guardian.ensure_can_rebake!
|
|
|
|
|
|
|
|
post = find_post_from_params
|
2018-12-26 12:52:07 -05:00
|
|
|
post.rebake!(invalidate_oneboxes: true, invalidate_broken_images: true)
|
2014-09-11 10:04:40 -04:00
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2014-09-11 10:04:40 -04:00
|
|
|
end
|
|
|
|
|
2014-09-22 12:55:13 -04:00
|
|
|
def unhide
|
|
|
|
post = find_post_from_params
|
|
|
|
|
|
|
|
guardian.ensure_can_unhide!(post)
|
|
|
|
|
|
|
|
post.unhide!
|
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2014-09-22 12:55:13 -04:00
|
|
|
end
|
|
|
|
|
2014-07-16 15:04:55 -04:00
|
|
|
def deleted_posts
|
|
|
|
params.permit(:offset, :limit)
|
|
|
|
guardian.ensure_can_see_deleted_posts!
|
|
|
|
|
|
|
|
user = fetch_user_from_params
|
|
|
|
offset = [params[:offset].to_i, 0].max
|
|
|
|
limit = [(params[:limit] || 60).to_i, 100].min
|
|
|
|
|
2015-04-13 11:48:31 -04:00
|
|
|
posts = user_posts(guardian, user.id, offset: offset, limit: limit).where.not(deleted_at: nil)
|
2014-07-16 15:04:55 -04:00
|
|
|
|
2017-06-20 14:41:41 -04:00
|
|
|
render_serialized(posts, AdminUserActionSerializer)
|
2014-07-16 15:04:55 -04:00
|
|
|
end
|
|
|
|
|
2021-08-26 12:16:00 -04:00
|
|
|
def pending
|
|
|
|
params.require(:username)
|
|
|
|
user = fetch_user_from_params
|
|
|
|
raise Discourse::NotFound unless guardian.can_edit_user?(user)
|
|
|
|
|
|
|
|
render_serialized(
|
|
|
|
user.pending_posts.order(created_at: :desc),
|
|
|
|
PendingPostSerializer,
|
|
|
|
root: :pending_posts,
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2013-02-08 17:49:15 -05:00
|
|
|
protected
|
|
|
|
|
2022-03-08 11:42:07 -05:00
|
|
|
def markdown(post)
|
|
|
|
if post && guardian.can_see?(post)
|
|
|
|
render plain: post.raw
|
|
|
|
else
|
|
|
|
raise Discourse::NotFound
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-03-31 12:58:56 -04:00
|
|
|
# We can't break the API for making posts. The new, queue supporting API
|
|
|
|
# doesn't return the post as the root JSON object, but as a nested object.
|
|
|
|
# If a param is present it uses that result structure.
|
2023-02-08 08:27:26 -05:00
|
|
|
def backwards_compatible_json(json_obj)
|
2015-04-01 14:18:46 -04:00
|
|
|
json_obj.symbolize_keys!
|
2023-02-08 08:27:26 -05:00
|
|
|
|
|
|
|
success = json_obj[:success]
|
|
|
|
|
|
|
|
if params[:nested_post].blank? && json_obj[:errors].blank? &&
|
|
|
|
json_obj[:action].to_s != "enqueued"
|
2015-04-01 14:18:46 -04:00
|
|
|
json_obj = json_obj[:post]
|
|
|
|
end
|
|
|
|
|
2016-12-15 20:05:20 -05:00
|
|
|
if !success && GlobalSetting.try(:verbose_api_logging) && (is_api? || is_user_api?)
|
2016-04-12 12:10:23 -04:00
|
|
|
Rails.logger.error "Error creating post via API:\n\n#{json_obj.inspect}"
|
|
|
|
end
|
|
|
|
|
2015-03-31 12:58:56 -04:00
|
|
|
render json: json_obj, status: (!!success) ? 200 : 422
|
|
|
|
end
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
def find_post_revision_from_params
|
|
|
|
post_id = params[:id] || params[:post_id]
|
|
|
|
revision = params[:revision].to_i
|
|
|
|
raise Discourse::InvalidParameters.new(:revision) if revision < 2
|
|
|
|
|
2014-05-06 09:41:59 -04:00
|
|
|
post_revision = PostRevision.find_by(post_id: post_id, number: revision)
|
2014-10-27 17:06:43 -04:00
|
|
|
raise Discourse::NotFound unless post_revision
|
|
|
|
|
2014-02-04 14:05:50 -05:00
|
|
|
post_revision.post = find_post_from_params
|
2014-10-27 17:06:43 -04:00
|
|
|
guardian.ensure_can_see!(post_revision)
|
2014-02-04 14:05:50 -05:00
|
|
|
|
2014-10-27 17:06:43 -04:00
|
|
|
post_revision
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_latest_post_revision_from_params
|
|
|
|
post_id = params[:id] || params[:post_id]
|
|
|
|
|
|
|
|
finder = PostRevision.where(post_id: post_id).order(:number)
|
|
|
|
finder = finder.where(hidden: false) unless guardian.is_staff?
|
|
|
|
post_revision = finder.last
|
|
|
|
|
|
|
|
raise Discourse::NotFound unless post_revision
|
|
|
|
|
|
|
|
post_revision.post = find_post_from_params
|
2013-12-11 21:41:34 -05:00
|
|
|
guardian.ensure_can_see!(post_revision)
|
2014-10-27 17:06:43 -04:00
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
post_revision
|
|
|
|
end
|
2013-06-07 03:52:03 -04:00
|
|
|
|
2015-10-19 05:01:29 -04:00
|
|
|
def find_post_revision_from_topic_id
|
|
|
|
post =
|
|
|
|
Post.find_by(topic_id: params[:topic_id].to_i, post_number: (params[:post_number] || 1).to_i)
|
|
|
|
raise Discourse::NotFound unless guardian.can_see?(post)
|
|
|
|
|
|
|
|
revision = params[:revision].to_i
|
|
|
|
raise Discourse::NotFound if revision < 2
|
|
|
|
|
|
|
|
post_revision = PostRevision.find_by(post_id: post.id, number: revision)
|
|
|
|
raise Discourse::NotFound unless post_revision
|
|
|
|
|
|
|
|
post_revision.post = post
|
|
|
|
guardian.ensure_can_see!(post_revision)
|
|
|
|
|
|
|
|
post_revision
|
|
|
|
end
|
|
|
|
|
2013-06-07 03:52:03 -04:00
|
|
|
private
|
|
|
|
|
2015-04-13 11:48:31 -04:00
|
|
|
def user_posts(guardian, user_id, opts)
|
2022-07-05 03:51:21 -04:00
|
|
|
# Topic.unscoped is necessary to remove the default deleted_at: nil scope
|
|
|
|
posts =
|
|
|
|
Topic.unscoped do
|
|
|
|
Post
|
|
|
|
.includes(:user, :topic, :deleted_by, :user_actions)
|
|
|
|
.where(user_id: user_id)
|
|
|
|
.with_deleted
|
|
|
|
.order(created_at: :desc)
|
|
|
|
end
|
2015-04-13 11:48:31 -04:00
|
|
|
|
|
|
|
if guardian.user.moderator?
|
|
|
|
# Awful hack, but you can't seem to remove the `default_scope` when joining
|
|
|
|
# So instead I grab the topics separately
|
|
|
|
topic_ids = posts.dup.pluck(:topic_id)
|
|
|
|
topics = Topic.where(id: topic_ids).with_deleted.where.not(archetype: "private_message")
|
|
|
|
topics = topics.secured(guardian)
|
|
|
|
|
PERF: avoids eager pluck in posts controller (#21973)
Calling pluck is instantly making a SELECT, while passing the relationship allows rails to build a correct query.
Before (2 selects):
```
pry(main)> Post.where(topic_id: Topic.where(id: [1,3,4]).pluck(:id)).count
(1.3ms) SELECT "topics"."id" FROM "topics" WHERE "topics"."deleted_at" IS NULL AND "topics"."id" IN (1, 3, 4)
Post Count (0.5ms) SELECT COUNT(*) FROM "posts" WHERE "posts"."deleted_at" IS NULL AND "posts"."topic_id" IN (1, 3, 4)
```
After (1 select):
```
pry(main)> Post.where(topic_id: Topic.where(id: [1,3,4])).count
Post Count (2.7ms) SELECT COUNT(*) FROM "posts" WHERE "posts"."deleted_at" IS NULL AND "posts"."topic_id" IN (SELECT "topics"."id" FROM "topics" WHERE "topics"."deleted_at" IS NULL AND "topics"."id" IN (1, 3, 4))
```
2023-06-07 07:30:38 -04:00
|
|
|
posts = posts.where(topic_id: topics)
|
2015-04-13 11:48:31 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
posts.offset(opts[:offset]).limit(opts[:limit])
|
2014-07-16 15:04:55 -04:00
|
|
|
end
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
def create_params
|
|
|
|
permitted = [
|
|
|
|
:raw,
|
|
|
|
:topic_id,
|
|
|
|
:archetype,
|
|
|
|
:category,
|
2020-01-07 08:33:48 -05:00
|
|
|
# TODO remove together with 'targetUsername' deprecations
|
2013-12-11 21:41:34 -05:00
|
|
|
:target_usernames,
|
2020-01-07 08:33:48 -05:00
|
|
|
:target_recipients,
|
2013-12-11 21:41:34 -05:00
|
|
|
:reply_to_post_number,
|
2015-08-03 00:29:04 -04:00
|
|
|
:auto_track,
|
|
|
|
:typing_duration_msecs,
|
2016-05-22 04:54:03 -04:00
|
|
|
:composer_open_duration_msecs,
|
2019-11-26 02:23:10 -05:00
|
|
|
:visible,
|
|
|
|
:draft_key,
|
2013-12-11 21:41:34 -05:00
|
|
|
]
|
|
|
|
|
2019-12-20 11:37:12 -05:00
|
|
|
Post.plugin_permitted_create_params.each do |key, value|
|
|
|
|
if value[:plugin].enabled?
|
|
|
|
permitted << case value[:type]
|
|
|
|
when :string
|
|
|
|
key.to_sym
|
|
|
|
when :array
|
|
|
|
{ key => [] }
|
|
|
|
when :hash
|
|
|
|
{ key => {} }
|
|
|
|
end
|
|
|
|
end
|
2017-08-11 22:10:45 -04:00
|
|
|
end
|
|
|
|
|
2013-12-11 21:41:34 -05:00
|
|
|
# param munging for WordPress
|
|
|
|
params[:auto_track] = !(params[:auto_track].to_s == "false") if params[:auto_track]
|
2016-07-27 05:50:13 -04:00
|
|
|
params[:visible] = (params[:unlist_topic].to_s == "false") if params[:unlist_topic]
|
2013-12-11 21:41:34 -05:00
|
|
|
|
2016-08-25 20:58:34 -04:00
|
|
|
if is_api?
|
2013-12-11 21:41:34 -05:00
|
|
|
# php seems to be sending this incorrectly, don't fight with it
|
|
|
|
params[:skip_validations] = params[:skip_validations].to_s == "true"
|
|
|
|
permitted << :skip_validations
|
2014-04-03 14:42:26 -04:00
|
|
|
|
2017-08-17 07:53:04 -04:00
|
|
|
params[:import_mode] = params[:import_mode].to_s == "true"
|
|
|
|
permitted << :import_mode
|
|
|
|
|
2014-04-03 14:42:26 -04:00
|
|
|
# We allow `embed_url` via the API
|
|
|
|
permitted << :embed_url
|
2016-05-22 04:54:03 -04:00
|
|
|
|
|
|
|
# We allow `created_at` via the API
|
|
|
|
permitted << :created_at
|
|
|
|
|
2022-02-08 22:55:32 -05:00
|
|
|
# We allow `external_id` via the API
|
|
|
|
permitted << :external_id
|
2013-12-11 21:41:34 -05:00
|
|
|
end
|
2013-07-01 22:22:56 -04:00
|
|
|
|
2020-07-26 20:23:54 -04:00
|
|
|
result =
|
|
|
|
params
|
|
|
|
.permit(*permitted)
|
|
|
|
.tap do |allowed|
|
|
|
|
allowed[:image_sizes] = params[:image_sizes]
|
2014-09-08 11:11:56 -04:00
|
|
|
# TODO this does not feel right, we should name what meta_data is allowed
|
2020-07-26 20:23:54 -04:00
|
|
|
allowed[:meta_data] = params[:meta_data]
|
2014-09-08 11:11:56 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# Staff are allowed to pass `is_warning`
|
|
|
|
if current_user.staff?
|
|
|
|
params.permit(:is_warning)
|
|
|
|
result[:is_warning] = (params[:is_warning] == "true")
|
2015-03-31 12:58:56 -04:00
|
|
|
else
|
|
|
|
result[:is_warning] = false
|
2013-06-07 03:52:03 -04:00
|
|
|
end
|
2014-09-08 11:11:56 -04:00
|
|
|
|
2018-08-09 20:48:30 -04:00
|
|
|
if params[:no_bump] == "true"
|
|
|
|
raise Discourse::InvalidParameters.new(:no_bump) unless guardian.can_skip_bump?
|
|
|
|
result[:no_bump] = true
|
|
|
|
end
|
|
|
|
|
2018-03-13 15:59:12 -04:00
|
|
|
if params[:shared_draft] == "true"
|
|
|
|
raise Discourse::InvalidParameters.new(:shared_draft) unless guardian.can_create_shared_draft?
|
|
|
|
|
|
|
|
result[:shared_draft] = true
|
|
|
|
end
|
|
|
|
|
2019-05-07 13:34:15 -04:00
|
|
|
if params[:whisper] == "true"
|
|
|
|
unless guardian.can_create_whisper?
|
|
|
|
raise Discourse::InvalidAccess.new(
|
|
|
|
"invalid_whisper_access",
|
|
|
|
nil,
|
|
|
|
custom_message: "invalid_whisper_access",
|
|
|
|
)
|
2023-01-09 07:20:10 -05:00
|
|
|
end
|
2019-05-07 13:34:15 -04:00
|
|
|
|
2015-09-10 16:01:23 -04:00
|
|
|
result[:post_type] = Post.types[:whisper]
|
|
|
|
end
|
|
|
|
|
2015-04-18 07:53:53 -04:00
|
|
|
PostRevisor.tracked_topic_fields.each_key do |f|
|
2015-01-27 12:13:45 -05:00
|
|
|
params.permit(f => [])
|
|
|
|
result[f] = params[f] if params.has_key?(f)
|
|
|
|
end
|
2015-01-06 14:53:12 -05:00
|
|
|
|
2015-01-29 13:09:35 -05:00
|
|
|
# Stuff we can use in spam prevention plugins
|
|
|
|
result[:ip_address] = request.remote_ip
|
|
|
|
result[:user_agent] = request.user_agent
|
|
|
|
result[:referrer] = request.env["HTTP_REFERER"]
|
|
|
|
|
2020-01-07 08:33:48 -05:00
|
|
|
if recipients = result[:target_usernames]
|
2021-11-12 09:52:59 -05:00
|
|
|
Discourse.deprecate(
|
|
|
|
"`target_usernames` is deprecated, use `target_recipients` instead.",
|
|
|
|
output_in_test: true,
|
|
|
|
drop_from: "2.9.0",
|
|
|
|
)
|
2020-01-07 08:33:48 -05:00
|
|
|
else
|
|
|
|
recipients = result[:target_recipients]
|
|
|
|
end
|
|
|
|
|
|
|
|
if recipients
|
2020-05-25 12:04:05 -04:00
|
|
|
recipients = recipients.split(",").map(&:downcase)
|
2020-05-27 16:49:00 -04:00
|
|
|
groups =
|
|
|
|
Group.messageable(current_user).where("lower(name) in (?)", recipients).pluck("lower(name)")
|
2020-01-07 08:33:48 -05:00
|
|
|
recipients -= groups
|
|
|
|
emails = recipients.select { |user| user.match(/@/) }
|
|
|
|
recipients -= emails
|
|
|
|
result[:target_usernames] = recipients.join(",")
|
2017-08-28 12:07:30 -04:00
|
|
|
result[:target_emails] = emails.join(",")
|
2015-12-01 23:49:43 -05:00
|
|
|
result[:target_group_names] = groups.join(",")
|
|
|
|
end
|
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
result.permit!
|
|
|
|
result.to_h
|
2013-12-11 21:41:34 -05:00
|
|
|
end
|
|
|
|
|
2015-03-31 12:58:56 -04:00
|
|
|
def signature_for(args)
|
2019-05-02 18:17:27 -04:00
|
|
|
+"post##" << Digest::SHA1.hexdigest(
|
|
|
|
args
|
2017-08-31 00:06:56 -04:00
|
|
|
.to_h
|
2015-03-31 12:58:56 -04:00
|
|
|
.to_a
|
|
|
|
.concat([["user", current_user.id]])
|
|
|
|
.sort { |x, y| x[0] <=> y[0] }
|
|
|
|
.join { |x, y| "#{x}:#{y}" },
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2014-02-21 11:12:43 -05:00
|
|
|
def display_post(post)
|
|
|
|
post.revert_to(params[:version].to_i) if params[:version].present?
|
|
|
|
render_post_json(post)
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_post_from_params
|
|
|
|
by_id_finder = Post.where(id: params[:id] || params[:post_id])
|
|
|
|
find_post_using(by_id_finder)
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_post_from_params_by_number
|
|
|
|
by_number_finder = Post.where(topic_id: params[:topic_id], post_number: params[:post_number])
|
|
|
|
find_post_using(by_number_finder)
|
|
|
|
end
|
|
|
|
|
2018-07-19 10:00:13 -04:00
|
|
|
def find_post_from_params_by_date
|
|
|
|
by_date_finder =
|
|
|
|
TopicView
|
|
|
|
.new(params[:topic_id], current_user)
|
|
|
|
.filtered_posts
|
|
|
|
.where("created_at >= ?", Time.zone.parse(params[:date]))
|
|
|
|
.order("created_at ASC")
|
|
|
|
.limit(1)
|
|
|
|
|
|
|
|
find_post_using(by_date_finder)
|
|
|
|
end
|
|
|
|
|
2014-02-21 11:12:43 -05:00
|
|
|
def find_post_using(finder)
|
2020-11-05 12:18:26 -05:00
|
|
|
# A deleted post can be seen by staff or a category group moderator for the topic.
|
|
|
|
# But we must find the deleted post to determine which category it belongs to, so
|
|
|
|
# we must find.with_deleted
|
|
|
|
post = finder.with_deleted.first
|
2017-10-23 14:49:14 -04:00
|
|
|
raise Discourse::NotFound unless post
|
|
|
|
|
2022-03-08 11:39:52 -05:00
|
|
|
post.topic = Topic.with_deleted.find_by(id: post.topic_id)
|
2020-11-05 12:18:26 -05:00
|
|
|
|
|
|
|
if !post.topic ||
|
|
|
|
(
|
|
|
|
(post.deleted_at.present? || post.topic.deleted_at.present?) &&
|
|
|
|
!guardian.can_moderate_topic?(post.topic)
|
|
|
|
)
|
|
|
|
raise Discourse::NotFound
|
|
|
|
end
|
2017-10-23 13:41:41 -04:00
|
|
|
|
2014-02-21 11:12:43 -05:00
|
|
|
guardian.ensure_can_see!(post)
|
|
|
|
post
|
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|