Change owner rest route (#13881)

* fix: dont use sass-embedded on freebsd, #13867

* fix: #13715, dont reduce hardcap if usersPerPage is < 50

* fix: closes #13872, use translator.compile for notification text

so commas don't cause issues

* fix: remove bidiControls from notification.bodyShort

* refactor: move change owner call to rest api

deprecate socket method

* fix spec

* test: one more fix

* test: add 404

* test: fix tests :rage1:

* test: update test to use new method

src/api/posts.js

@@ -665,3 +665,26 @@ async function sendQueueNotification(type, targetUid, path, notificationText) {
 	const notifObj = await notifications.create(notifData);
 	await notifications.push(notifObj, [targetUid]);
 }
+
+postsAPI.changeOwner = async function (caller, data) {
+	if (!data || !Array.isArray(data.pids) || !data.uid) {
+		throw new Error('[[error:invalid-data]]');
+	}
+	const isAdminOrGlobalMod = await user.isAdminOrGlobalMod(caller.uid);
+	if (!isAdminOrGlobalMod) {
+		throw new Error('[[error:no-privileges]]');
+	}
+
+	const postData = await posts.changeOwner(data.pids, data.uid);
+	const logs = postData.map(({ pid, uid, cid }) => (events.log({
+		type: 'post-change-owner',
+		uid: caller.uid,
+		ip: caller.ip,
+		targetUid: data.uid,
+		pid: pid,
+		originalUid: uid,
+		cid: cid,
+	})));
+
+	await Promise.all(logs);
+};

src/controllers/write/posts.js

@@ -209,4 +209,12 @@ Posts.notifyQueuedPostOwner = async (req, res) => {
 	const { id } = req.params;
 	await api.posts.notifyQueuedPostOwner(req, { id, message: req.body.message });
 	helpers.formatApiResponse(200, res);
+};
+
+Posts.changeOwner = async (req, res) => {
+	await api.posts.changeOwner(req, {
+		pids: req.body.pids || (req.params.pid ? [req.params.pid] : []),
+		uid: req.body.uid,
+	});
+	helpers.formatApiResponse(200, res);
 };

src/routes/write/posts.js

@@ -46,6 +46,8 @@ module.exports = function () {
 	setupApiRoute(router, 'put', '/queue/:id', controllers.write.posts.editQueuedPost);
 	setupApiRoute(router, 'post', '/queue/:id/notify', [middleware.checkRequired.bind(null, ['message'])], controllers.write.posts.notifyQueuedPostOwner);
 
+	setupApiRoute(router, 'put', '/:pid/owner', [middleware.ensureLoggedIn, middleware.assert.post, middleware.checkRequired.bind(null, ['uid'])], controllers.write.posts.changeOwner);
+	setupApiRoute(router, 'post', '/owner', [middleware.ensureLoggedIn, middleware.checkRequired.bind(null, ['pids', 'uid'])], controllers.write.posts.changeOwner);
 
 	// Shorthand route to access post routes by topic index
 	router.all('/+byIndex/:index*?', [middleware.checkRequired.bind(null, ['tid'])], controllers.write.posts.redirectByIndex);

src/socket.io/posts/tools.js

@@ -5,12 +5,13 @@ const nconf = require('nconf');
 const db = require('../../database');
 const posts = require('../../posts');
 const flags = require('../../flags');
-const events = require('../../events');
 const privileges = require('../../privileges');
 const plugins = require('../../plugins');
 const social = require('../../social');
 const user = require('../../user');
 const utils = require('../../utils');
+const sockets = require('../index');
+const api = require('../../api');
 
 module.exports = function (SocketPosts) {
 	SocketPosts.loadPostTools = async function (socket, data) {
@@ -77,23 +78,8 @@ module.exports = function (SocketPosts) {
 		if (!data || !Array.isArray(data.pids) || !data.toUid) {
 			throw new Error('[[error:invalid-data]]');
 		}
-		const isAdminOrGlobalMod = await user.isAdminOrGlobalMod(socket.uid);
-		if (!isAdminOrGlobalMod) {
-			throw new Error('[[error:no-privileges]]');
-		}
-
-		const postData = await posts.changeOwner(data.pids, data.toUid);
-		const logs = postData.map(({ pid, uid, cid }) => (events.log({
-			type: 'post-change-owner',
-			uid: socket.uid,
-			ip: socket.ip,
-			targetUid: data.toUid,
-			pid: pid,
-			originalUid: uid,
-			cid: cid,
-		})));
-
-		await Promise.all(logs);
+		sockets.warnDeprecated(socket, 'PUT /api/v3/posts/owner');
+		await api.posts.changeOwner(socket, { pids: data.pids, uid: data.toUid });
 	};
 
 	SocketPosts.getEditors = async function (socket, data) {