Basic support for Mosaico-based email templates.

2018-04-02 11:58:32 +02:00 · 2018-04-02 11:58:32 +02:00 · 7b5642e911
commit 7b5642e911
parent b5cdf57f72
38 changed files with 1271 additions and 751 deletions
--- a/models/users.js
+++ b/models/users.js
@ -8,7 +8,7 @@ const interoperableErrors = require('../shared/interoperable-errors');
 const passwordValidator = require('../shared/password-validator')();
 const dtHelpers = require('../lib/dt-helpers');
 const tools = require('../lib/tools-async');
-let crypto = require('crypto');
+const crypto = require('crypto');
 const settings = require('./settings');
 const urllib = require('url');
 const _ = require('../lib/translate')._;
@ -43,11 +43,7 @@ async function _getBy(context, key, value, extraColumns = []) {
    const user = await knex('users').select(columns).where(key, value).first();

    if (!user) {
-        if (context) {
-            shares.throwPermissionDenied();
-        } else {
-            throw new interoperableErrors.NotFoundError();
-        }
+        shares.throwPermissionDenied();
    }

    await shares.enforceEntityPermission(context, 'namespace', user.namespace, 'manageUsers');
@ -367,6 +363,50 @@ async function resetPassword(username, resetToken, password) {
 }


+
+const restrictedAccessTokenMethods = {};
+const restrictedAccessTokens = new Map();
+
+function registerRestrictedAccessTokenMethod(method, getHandlerFromParams) {
+    restrictedAccessTokenMethods[method] = getHandlerFromParams;
+}
+
+function getRestrictedAccessToken(context, method, params) {
+    const token = crypto.randomBytes(24).toString('hex').toLowerCase();
+    const tokenEntry = {
+        token,
+        userId: context.user.id,
+        handler: restrictedAccessTokenMethods[method](params),
+        expires: Date.now() + 120 * 1000
+    };
+
+    restrictedAccessTokens.set(token, tokenEntry);
+
+    return token;
+}
+
+async function getByRestrictedAccessToken(token) {
+    const now = Date.now();
+    for (const entry of restrictedAccessTokens.values()) {
+        if (entry.expires < now) {
+            restrictedAccessTokens.delete(entry.token);
+        }
+    }
+
+    const tokenEntry = restrictedAccessTokens.get(token);
+
+    if (tokenEntry) {
+        const user = await getById(contextHelpers.getAdminContext(), tokenEntry.userId);
+        user.restrictedAccessHandler = tokenEntry.handler;
+
+        return user;
+
+    } else {
+        shares.throwPermissionDenied();
+    }
+}
+
+
 module.exports = {
    listDTAjax,
    remove,
@ -382,5 +422,8 @@ module.exports = {
    resetAccessToken,
    sendPasswordReset,
    isPasswordResetTokenValid,
-    resetPassword
+    resetPassword,
+    getByRestrictedAccessToken,
+    getRestrictedAccessToken,
+    registerRestrictedAccessTokenMethod
 };