public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Enforce manageLists global permission in lists model

Browse source
This commit is contained in:
joker-x 2020-08-29 23:46:04 +02:00
parent 16665536c0
commit 7aa7b1ac41
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/models/lists.js
View file

@ -27,6 +27,7 @@ function hash(entity) {
async function _listDTAjax(context, namespaceId, params) {
shares.enforceGlobalPermission(context, 'manageLists');
const campaignEntityType = entitySettings.getEntityType('campaign');
return await dtHelpers.ajaxListWithPermissions(
@ -68,6 +69,7 @@ async function listByNamespaceDTAjax(context, namespaceId, params) {
}
async function listWithSegmentByCampaignDTAjax(context, campaignId, params) {
shares.enforceGlobalPermission(context, 'manageLists');
return await dtHelpers.ajaxListWithPermissions(
context,
[{ entityTypeId: 'list', requiredOperations: ['view'] }],
@ -84,6 +86,7 @@ async function listWithSegmentByCampaignDTAjax(context, campaignId, params) {
}
async function getByIdTx(tx, context, id) {
shares.enforceGlobalPermission(context, 'manageLists');
await shares.enforceEntityPermissionTx(tx, context, 'list', id, 'view');
const entity = await tx('lists').where('id', id).first();
return entity;
@ -97,6 +100,7 @@ async function getById(context, id) {
}
async function getByIdWithListFields(context, id) {
shares.enforceGlobalPermission(context, 'manageLists');
return await knex.transaction(async tx => {
const entity = await getByIdTx(tx, context, id);
entity.permissions = await shares.getPermissionsTx(tx, context, 'list', id);
@ -106,6 +110,7 @@ async function getByIdWithListFields(context, id) {
}
async function getByCidTx(tx, context, cid) {
shares.enforceGlobalPermission(context, 'manageLists');
const entity = await tx('lists').where('cid', cid).first();
if (!entity) {
shares.throwPermissionDenied();
@ -122,6 +127,7 @@ async function getByCid(context, cid) {
}
async function getByNamespaceIdTx(tx, context, namespaceId) {
shares.enforceGlobalPermission(context, 'manageLists');
// FIXME - this methods is rather suboptimal if there are many lists. It quite needs permission caching in shares.js
const rows = await tx('lists').where('namespace', namespaceId);
@ -153,6 +159,7 @@ async function _validateAndPreprocess(tx, entity) {
}
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageLists');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createList');
@ -248,6 +255,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageLists');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'list', entity.id, 'edit');
@ -274,6 +282,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageLists');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'list', id, 'delete');