Merge pull request #1046 from weseek/Internal-implementation

check config

src/server/form/admin/securityGeneral.js

@@ -12,5 +12,5 @@ module.exports = form(
   field('settingForm[security:registrationWhiteList]').custom(normalizeCRLF).custom(stringToArray),
   field('settingForm[security:list-policy:hideRestrictedByOwner]').trim().toBooleanStrict(),
   field('settingForm[security:list-policy:hideRestrictedByGroup]').trim().toBooleanStrict(),
-  field('settingForm[security:isEnabledDeleteCompletely]').trim().toBooleanStrict(),
+  field('settingForm[security:pageCompleteDeletionAuthority]'),
 );

src/server/models/config.js

@@ -64,7 +64,7 @@ module.exports = function(crowi) {
 
       'security:list-policy:hideRestrictedByOwner' : false,
       'security:list-policy:hideRestrictedByGroup' : false,
-      'security:isEnabledDeleteCompletely' : false,
+      'security:pageCompleteDeletionAuthority' : null,
 
       'security:isEnabledPassport' : false,
       'security:passport-ldap:isEnabled' : false,

src/server/models/user.js

@@ -199,10 +199,14 @@ module.exports = function(crowi) {
     });
   };
 
-  userSchema.methods.canDeleteCompletely = function(user) {
-    if (user.admin) {
+  userSchema.methods.canDeleteCompletely = function(creatorId) {
+    const pageCompleteDeletionAuthority = crowi.configManager.getConfig('crowi', 'security:pageCompleteDeletionAuthority');
+    if (pageCompleteDeletionAuthority == null || this.admin) {
       return true;
     }
+    if (pageCompleteDeletionAuthority === 'adminAndAuthor') {
+      return (this._id.equals(creatorId));
+    }
 
     return false;
   };

src/server/routes/page.js

@@ -939,9 +939,7 @@ module.exports = function(crowi, app) {
 
     try {
       if (isCompletely) {
-        // get useradmin flag
-        const isDeniedCompletelyDelete = !req.user.admin;
-        if (isDeniedCompletelyDelete) {
+        if (!req.user.canDeleteCompletely(page.creator)) {
           return res.json(ApiResponse.error('You can not delete completely', 'user_not_admin'));
         }
         if (isRecursively) {

src/server/views/admin/security.html

@@ -138,21 +138,18 @@
 
           <!-- GC-1755 Change Sentence -->
           <div class="form-group">
-            {% set configName = 'settingForm[security:isEnabledDeleteCompletely]' %}
-            {% set configValue = getConfig('crowi','security:isEnabledDeleteCompletely') %}
-            <label for="{{configName}}" class="col-xs-3 control-label">ページを完全削除できるユーザーを制限する</label>
-            <div class="col-xs-9">
-              <div class="btn-group btn-toggle" data-toggle="buttons">
-                <label class="btn btn-default btn-rounded btn-outline {% if configValue %}active{% endif %}" data-active-class="primary">
-                  <input name="{{configName}}" value="true" type="radio" {% if configValue %}checked{% endif %}> ON
-                </label>
-                <label class="btn btn-default btn-rounded btn-outline {% if !configValue %}active{% endif %}" data-active-class="default">
-                  <input name="{{configName}}" value="false" type="radio" {% if !configValue %}checked{% endif %}> OFF
-                </label>
-              </div>
+            {% set configName = 'settingForm[security:pageCompleteDeletionAuthority]' %}
+            {% set configValue = getConfig('crowi','security:pageCompleteDeletionAuthority') %}
+            <label for="{{configName}}" class="col-xs-3 control-label">Restrict Complete Deletion of Pages</label>
+            <div class="col-xs-6">
+              <select class="form-control selectpicker" name="settingForm[security:pageCompleteDeletionAuthority]" value="{{ configValue }}">
+                <option value="adminOnly" {% if configValue =="adiminOnly" %}selected{% endif %}>AdminOnly</option>
+                <option value="adminAndAuthor" {% if configValue == "adminAndAuthor" %}selected{% endif %}>AdminAndAuthor</option>
+                <option value=null {% if configValue == null  %}selected{% endif %}>Anyone</option>
+              </select>
 
               <p class="help-block small">
-                ページを完全削除できるユーザーを管理者のみに制限します。
+                Restricts users who can completely delete pages to only administrators.
               </p>
             </div>
           </div>

src/server/views/modal/delete.html

@@ -28,16 +28,18 @@
             <p class="help-block"> {{ t('modal_delete.help.recursively', page.path) }}
             </p>
           </div>
+          {% if not page.isDeleted() %}
           <div class="checkbox checkbox-danger">
-          <input name="completely" id="cbDeleteCompletely" {% if not page.isDeleted() and !user.canDeleteCompletely(user) %} disabled="disabled" {% endif %} value="1"  type="checkbox">
-              <label for="cbDeleteCompletely" class="text-danger">{{ t('modal_delete.label.Delete completely') }}</label>
-              <!-- GC-1755 Change Sentence -->
-              {% if not page.isDeleted() and !user.canDeleteCompletely(user) %}
-                <p class="bg-danger text-white p-2 mt-2"> <i class="icon-ban" ></i> 完全削除の権限がありません </p>
-              {% else %}
-                <p class="help-block"> {{ t('modal_delete.help.completely') }}</p>
-              {% endif %}
+          <input name="completely" id="cbDeleteCompletely" {% if !user.canDeleteCompletely(page.creator._id) %} disabled="disabled" {% endif %} value="1"  type="checkbox">
+            <label for="cbDeleteCompletely" class="text-danger">{{ t('modal_delete.label.Delete completely') }}</label>
+            <!-- GC-1755 Change Sentence -->
+            {% if !user.canDeleteCompletely(page.creator._id) %}
+              <p class="bg-danger text-white p-2 mt-2"> <i class="icon-ban" ></i> 完全削除の権限がありません </p>
+            {% else %}
+            <p class="help-block"> {{ t('modal_delete.help.completely') }}</p>
+            {% endif %}
           </div>
+          {% endif %}
         </div>
         <div class="modal-footer">
           <div class="d-flex justify-content-between">

src/server/views/widget/page_alerts.html

@@ -27,7 +27,7 @@
           <button href="#" class="btn btn-default btn-rounded btn-sm" data-target="#putBackPage" data-toggle="modal"><i class="icon-action-undo" aria-hidden="true"></i> {{ t('Put Back') }}</button>
         </li>
         <li>
-            <button href="#" class="btn btn-danger btn-rounded btn-sm" {% if !user.canDeleteCompletely(user) %} disabled="disabled" {% endif %} data-target="#deletePage" data-toggle="modal"><i class="icon-fire" aria-hidden="true"></i> {{ t('Delete Completely') }}</button>
+            <button href="#" class="btn btn-danger btn-rounded btn-sm" {% if !user.canDeleteCompletely(page.creator._id) %} disabled="disabled" {% endif %} data-target="#deletePage" data-toggle="modal"><i class="icon-fire" aria-hidden="true"></i> {{ t('Delete Completely') }}</button>
         </li>
       </ul>{# /.pull-right #}
       {% endif %}