Merge pull request #1001 from weseek/Function-to-prevent-complete-erasure

deny user without admin

resource/locales/en-US/translation.json

@@ -266,7 +266,8 @@
   "page_api_error": {
     "notfound_or_forbidden": "Original page is not found or forbidden.",
     "already_exists": "New page is already exists.",
-    "outdated": "Page is updated someone and now outdated. "
+    "outdated": "Page is updated someone and now outdated.",
+    "user_not_admin": "Only admin user can delete completely"
   },
 
   "modal_rename": {

resource/locales/ja/translation.json

@@ -266,7 +266,8 @@
   "page_api_error": {
     "notfound_or_forbidden": "元のページが見つからないか、アクセス権がありません。",
     "already_exists": "新しいページが既に存在しています。",
-    "outdated": "ページが他のユーザーによって更新されました。"
+    "outdated": "ページが他のユーザーによって更新されました。",
+    "user_not_admin": "権限のあるユーザーのみが完全削除できます"
   },
 
   "modal_rename": {

src/server/routes/page.js

@@ -939,6 +939,11 @@ module.exports = function(crowi, app) {
 
     try {
       if (isCompletely) {
+        // get useradmin flag
+        const isDeniedCompletelyDelete = !req.user.admin;
+        if (isDeniedCompletelyDelete) {
+          return res.json(ApiResponse.error('You can not delete completely', 'user_not_admin'));
+        }
         if (isRecursively) {
           page = await Page.completelyDeletePageRecursively(page, req.user, options);
         }

src/server/views/widget/modal/page-api-error-messages.html

@@ -2,6 +2,9 @@
   <span class="text-danger msg msg-notfound_or_forbidden">
     <strong><i class="icon-fw icon-ban"></i>{{ t('page_api_error.notfound_or_forbidden') }}</strong>
   </span>
+  <span class="text-danger msg msg-user_not_admin">
+    <strong><i class="icon-fw icon-ban"></i>{{ t('page_api_error.user_not_admin') }}</strong>
+  </span>
   <span class="text-danger msg msg-already_exists">
     <strong><i class="icon-fw icon-ban"></i>{{ t('page_api_error.already_exists') }}</strong>
     <small id="linkToNewPage"></small>