public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Enforce manageTemplates global permission in templates model

Browse source
This commit is contained in:
joker-x 2020-08-29 23:50:38 +02:00
parent 7aa7b1ac41
commit 630ae7290a
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
server/models/templates.js
View file

@ -20,6 +20,7 @@ function hash(entity) {
} }
async function getByIdTx(tx, context, id, withPermissions = true) { async function getByIdTx(tx, context, id, withPermissions = true) {
shares.enforceGlobalPermission(context, 'manageTemplates');
await shares.enforceEntityPermissionTx(tx, context, 'template', id, 'view'); await shares.enforceEntityPermissionTx(tx, context, 'template', id, 'view');
const entity = await tx('templates').where('id', id).first(); const entity = await tx('templates').where('id', id).first();
entity.data = JSON.parse(entity.data); entity.data = JSON.parse(entity.data);
@ -38,6 +39,7 @@ async function getById(context, id, withPermissions = true) {
} }
async function _listDTAjax(context, namespaceId, params) { async function _listDTAjax(context, namespaceId, params) {
shares.enforceGlobalPermission(context, 'manageTemplates');
return await dtHelpers.ajaxListWithPermissions( return await dtHelpers.ajaxListWithPermissions(
context, context,
[{ entityTypeId: 'template', requiredOperations: ['view'] }], [{ entityTypeId: 'template', requiredOperations: ['view'] }],
@ -70,6 +72,7 @@ async function _validateAndPreprocess(tx, entity) {
} }
async function create(context, entity) { async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageTemplates');
return await knex.transaction(async tx => { return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createTemplate'); await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createTemplate');
@ -114,6 +117,7 @@ async function create(context, entity) {
} }
async function updateWithConsistencyCheck(context, entity) { async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageTemplates');
await knex.transaction(async tx => { await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'template', entity.id, 'edit'); await shares.enforceEntityPermissionTx(tx, context, 'template', entity.id, 'edit');
@ -143,6 +147,7 @@ async function updateWithConsistencyCheck(context, entity) {
} }
async function remove(context, id) { async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageTemplates');
await knex.transaction(async tx => { await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'template', id, 'delete'); await shares.enforceEntityPermissionTx(tx, context, 'template', id, 'delete');