public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge a180d49612 into c3b968aa10

Browse source
This commit is contained in:
Iván Eixarch 2020-09-14 22:12:39 -05:00 committed by GitHub
commit 7f84cb81b1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
38 changed files with 205 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/models/campaigns.js
View file

@ -445,6 +445,7 @@ async function getByCid(context, cid) {
}
async function _validateAndPreprocess(tx, context, entity, isCreate, content) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
if (content === Content.ALL || content === Content.WITHOUT_SOURCE_CUSTOM || content === Content.RSS_ENTRY) {
await namespaceHelpers.validateEntity(tx, entity);
@ -481,6 +482,7 @@ async function _validateAndPreprocess(tx, context, entity, isCreate, content) {
}
async function _createTx(tx, context, entity, content) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createCampaign');
@ -579,6 +581,7 @@ async function createRssTx(tx, context, entity) {
}
async function _validateChannelMoveTx(tx, context, entity, existing) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
if (existing.channel !== entity.channel) {
await shares.enforceEntityPermission(context, 'channel', entity.channel, 'createCampaign');
await shares.enforceEntityPermission(context, 'campaign', entity.id, 'delete');
@ -637,6 +640,7 @@ async function updateWithConsistencyCheck(context, entity, content) {
}
async function _removeTx(tx, context, id, existing = null, overrideTypeCheck = false) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
await shares.enforceEntityPermissionTx(tx, context, 'campaign', id, 'delete');
if (!existing) {
@ -861,6 +865,7 @@ async function prepareCampaignMessages(campaignId) {
}
async function _changeStatus(context, campaignId, permittedCurrentStates, newState, invalidStateMessage, extraData) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
await knex.transaction(async tx => {
// This is quite inefficient because it selects the same row 3 times. However as status is changed
// rather infrequently, we keep it this way for simplicity
@ -925,6 +930,7 @@ async function stop(context, campaignId) {
}
async function reset(context, campaignId) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
await knex.transaction(async tx => {
// This is quite inefficient because it selects the same row 3 times. However as RESET is
// going to be called rather infrequently, we keep it this way for simplicity

3
server/models/channels.js
View file

@ -140,6 +140,7 @@ async function _validateAndPreprocess(tx, context, entity, isCreate) {
}
async function _createTx(tx, context, entity, content) {
shares.enforceGlobalPermission(context, 'manageChannels');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createCampaign');
@ -169,6 +170,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageChannels');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'channel', entity.id, 'edit');
@ -198,6 +200,7 @@ async function updateWithConsistencyCheck(context, entity) {
async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageChannels');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'channel', id, 'delete');

5
server/models/lists.js
View file

@ -68,6 +68,7 @@ async function listByNamespaceDTAjax(context, namespaceId, params) {
}
async function listWithSegmentByCampaignDTAjax(context, campaignId, params) {
await shares.enforceEntityPermissionTx(tx, context, 'list', id, 'view');
return await dtHelpers.ajaxListWithPermissions(
context,
[{ entityTypeId: 'list', requiredOperations: ['view'] }],
@ -84,7 +85,6 @@ async function listWithSegmentByCampaignDTAjax(context, campaignId, params) {
}
async function getByIdTx(tx, context, id) {
await shares.enforceEntityPermissionTx(tx, context, 'list', id, 'view');
const entity = await tx('lists').where('id', id).first();
return entity;
}
@ -153,6 +153,7 @@ async function _validateAndPreprocess(tx, entity) {
}
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageLists');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createList');
@ -248,6 +249,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageLists');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'list', entity.id, 'edit');
@ -274,6 +276,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageLists');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'list', id, 'delete');

4
server/models/namespaces.js
View file

@ -120,7 +120,6 @@ async function getById(context, id) {
async function getChildrenTx(tx, context, id) {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', id, 'view');
const entityType = entitySettings.getEntityType('namespace');
const extraKeys = em.get('models.namespaces.extraKeys', []);
@ -162,6 +161,7 @@ async function getChildrenTx(tx, context, id) {
}
async function createTx(tx, context, entity) {
shares.enforceGlobalPermission(context, 'manageNamespaces');
enforce(entity.namespace, 'Parent namespace must be set');
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createNamespace');
@ -183,6 +183,7 @@ async function create(context, entity) {
async function updateWithConsistencyCheck(context, entity) {
enforce(entity.id !== 1 || entity.namespace === null, 'Cannot assign a parent to the root namespace.');
shares.enforceGlobalPermission(context, 'manageNamespaces');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.id, 'edit');
@ -221,6 +222,7 @@ async function updateWithConsistencyCheck(context, entity) {
async function remove(context, id) {
enforce(id !== 1, 'Cannot delete the root namespace.');
shares.enforceGlobalPermission(context, 'manageNamespaces');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', id, 'delete');

3
server/models/reports.js
View file

@ -64,6 +64,7 @@ async function listDTAjax(context, params) {
}
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageReports');
let id;
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createReport');
@ -85,6 +86,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageReports');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'report', entity.id, 'edit');
await shares.enforceEntityPermissionTx(tx, context, 'reportTemplate', entity.report_template, 'execute');
@ -120,6 +122,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function removeTx(tx, context, id) {
shares.enforceGlobalPermission(context, 'manageReports');
await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'delete');
const report = await tx('reports').where('id', id).first();

3
server/models/send-configurations.js
View file

@ -120,6 +120,7 @@ async function _validateAndPreprocess(tx, entity, isCreate) {
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageSendConfigurations');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createSendConfiguration');
@ -138,6 +139,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageSendConfigurations');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'sendConfiguration', entity.id, 'edit');
@ -167,6 +169,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageSendConfigurations');
if (id === getSystemSendConfigurationId()) {
shares.throwPermissionDenied();
}

3
server/models/shares.js
View file

@ -10,6 +10,7 @@ const log = require('../lib/log');
const {getGlobalNamespaceId} = require('../../shared/namespaces');
const {getAdminId} = require('../../shared/users');
// TODO: This would really benefit from some permission cache connected to rebuildPermissions
// A bit of the problem is that the cache would have to expunged as the result of other processes modifying entites/permissions
@ -726,4 +727,4 @@ module.exports.regenerateRoleNamesTable = regenerateRoleNamesTable;
module.exports.getGlobalPermissions = getGlobalPermissions;
module.exports.getPermissionsTx = getPermissionsTx;
module.exports.filterPermissionsByRestrictedAccessHandler = filterPermissionsByRestrictedAccessHandler;
module.exports.isAccessibleByRestrictedAccessHandler = isAccessibleByRestrictedAccessHandler;
module.exports.isAccessibleByRestrictedAccessHandler = isAccessibleByRestrictedAccessHandler;

3
server/models/templates.js
View file

@ -70,6 +70,7 @@ async function _validateAndPreprocess(tx, entity) {
}
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageTemplates');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createTemplate');
@ -114,6 +115,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageTemplates');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'template', entity.id, 'edit');
@ -143,6 +145,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageTemplates');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'template', id, 'delete');

3
server/models/users.js
View file

@ -165,6 +165,7 @@ async function _validateAndPreprocess(tx, entity, isCreate, isOwnAccount) {
}
async function create(context, user) {
shares.enforceGlobalPermission(context, 'manageUsers');
let id;
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', user.namespace, 'manageUsers');
@ -192,6 +193,7 @@ async function create(context, user) {
}
async function updateWithConsistencyCheck(context, user, isOwnAccount) {
shares.enforceGlobalPermission(context, 'manageUsers');
await knex.transaction(async tx => {
const existing = await tx('users').where('id', user.id).first();
if (!existing) {
@ -240,6 +242,7 @@ async function updateWithConsistencyCheck(context, user, isOwnAccount) {
async function remove(context, userId) {
enforce(userId !== 1, 'Admin cannot be deleted');
enforce(context.user.id !== userId, 'User cannot delete himself/herself');
shares.enforceGlobalPermission(context, 'manageUsers');
await knex.transaction(async tx => {
const existing = await tx('users').where('id', userId).first();