public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge a180d49612 into c3b968aa10

Browse source
This commit is contained in:
Iván Eixarch 2020-09-14 22:12:39 -05:00 committed by GitHub
commit 7f84cb81b1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
38 changed files with 205 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

5
client/src/account/API.js
View file

@ -10,6 +10,7 @@ import {Button} from '../lib/bootstrap-components';
import {getUrl} from "../lib/urls";
import {withComponentMixins} from "../lib/decorator-helpers";
import styles from "./styles.scss"
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -35,6 +36,10 @@ export default class API extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageApi) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageApi');
}
// noinspection JSIgnoredPromiseFromCall
this.loadAccessToken();
}

7
client/src/blacklist/List.js
View file

@ -10,6 +10,7 @@ import {Button} from "../lib/bootstrap-components";
import {HTTPMethod} from "../lib/axios";
import {tableAddRestActionButton, tableRestActionDialogInit, tableRestActionDialogRender} from "../lib/modals";
import {withComponentMixins} from "../lib/decorator-helpers";
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -87,6 +88,10 @@ export default class List extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageBlacklist) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageBlacklist');
}
this.clearFields();
}
@ -139,4 +144,4 @@ export default class List extends Component {
</div>
);
}
}
}

4
client/src/campaigns/CUD.js
View file

@ -254,6 +254,10 @@ export default class CUD extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageCampaigns) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageCampaigns');
}
if (this.props.entity) {
this.getFormValuesFromEntity(this.props.entity);

8
client/src/campaigns/List.js
View file

@ -13,6 +13,7 @@ import {tableAddDeleteButton, tableRestActionDialogInit, tableRestActionDialogRe
import {withComponentMixins} from "../lib/decorator-helpers";
import styles from "./styles.scss";
import PropTypes from 'prop-types';
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -34,6 +35,13 @@ export default class List extends Component {
tableRestActionDialogInit(this);
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageCampaigns) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageCampaigns');
}
}
static propTypes = {
permissions: PropTypes.object,
channel: PropTypes.object

4
client/src/channels/CUD.js
View file

@ -254,6 +254,10 @@ export default class CUD extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageChannels) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageChannels');
}
if (this.props.entity) {
this.getFormValuesFromEntity(this.props.entity);

8
client/src/channels/List.js
View file

@ -10,6 +10,7 @@ import {tableAddDeleteButton, tableRestActionDialogInit, tableRestActionDialogRe
import {withComponentMixins} from "../lib/decorator-helpers";
import styles from "./styles.scss";
import PropTypes from 'prop-types';
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -31,6 +32,13 @@ export default class List extends Component {
permissions: PropTypes.object
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageChannels) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageChannels');
}
}
render() {
const t = this.props.t;

5
client/src/lists/CUD.js
View file

@ -27,6 +27,7 @@ import {FieldWizard, UnsubscriptionMode} from '../../../shared/lists';
import styles from "../lib/styles.scss";
import {getMailerTypes} from "../send-configurations/helpers";
import {withComponentMixins} from "../lib/decorator-helpers";
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -73,6 +74,10 @@ export default class CUD extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
if (this.props.entity) {
this.getFormValuesFromEntity(this.props.entity);

13
client/src/lists/List.js
View file

@ -10,6 +10,7 @@ import {tableAddDeleteButton, tableRestActionDialogInit, tableRestActionDialogRe
import {withComponentMixins} from "../lib/decorator-helpers";
import {withForm} from "../lib/form";
import PropTypes from 'prop-types';
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -26,6 +27,13 @@ export default class List extends Component {
tableRestActionDialogInit(this);
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
}
static propTypes = {
permissions: PropTypes.object
}
@ -132,6 +140,7 @@ export default class List extends Component {
<Table ref={node => this.table = node} withHeader dataUrl="rest/lists-table" columns={columns} />
</div>
);
)
}
}
}

5
client/src/lists/fields/CUD.js
View file

@ -32,6 +32,7 @@ import styles from "../../lib/styles.scss";
import 'ace-builds/src-noconflict/mode-json';
import 'ace-builds/src-noconflict/mode-handlebars';
import {withComponentMixins} from "../../lib/decorator-helpers";
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -178,6 +179,10 @@ export default class CUD extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
if (this.props.entity) {
this.getFormValuesFromEntity(this.props.entity);

7
client/src/lists/fields/List.js
View file

@ -10,6 +10,7 @@ import {getFieldTypes} from './helpers';
import {Icon} from "../../lib/bootstrap-components";
import {tableAddDeleteButton, tableRestActionDialogInit, tableRestActionDialogRender} from "../../lib/modals";
import {withComponentMixins} from "../../lib/decorator-helpers";
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -32,6 +33,10 @@ export default class List extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
}
render() {
@ -77,4 +82,4 @@ export default class List extends Component {
</div>
);
}
}
}

7
client/src/lists/imports/CUD.js
View file

@ -30,6 +30,7 @@ import listStyles from "../styles.scss";
import styles from "../../lib/styles.scss";
import interoperableErrors from "../../../../shared/interoperable-errors";
import {withComponentMixins} from "../../lib/decorator-helpers";
import mailtrainConfig from 'mailtrainConfig';
function truncate(str, len, ending = '...') {
@ -209,6 +210,10 @@ export default class CUD extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
if (this.props.entity) {
this.initFromEntity(this.props.entity);
} else {
@ -469,4 +474,4 @@ export default class CUD extends Component {
</div>
);
}
}
}

6
client/src/lists/imports/List.js
View file

@ -37,6 +37,10 @@ export default class List extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
}
render() {
@ -95,4 +99,4 @@ export default class List extends Component {
</div>
);
}
}
}

7
client/src/lists/segments/CUD.js
View file

@ -28,6 +28,7 @@ import {getRuleHelpers} from "./helpers";
import RuleSettingsPane from "./RuleSettingsPane";
import {withComponentMixins} from "../../lib/decorator-helpers";
import clone from "clone";
import mailtrainConfig from 'mailtrainConfig';
// https://stackoverflow.com/a/4819886/1601953
const isTouchDevice = !!('ontouchstart' in window || navigator.maxTouchPoints);
@ -123,6 +124,10 @@ export default class CUD extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
if (this.props.entity) {
this.getFormValuesFromEntity(this.props.entity);
@ -401,4 +406,4 @@ export default class CUD extends Component {
</DndProvider>
);
}
}
}

7
client/src/lists/segments/List.js
View file

@ -9,6 +9,7 @@ import {Table} from '../../lib/table';
import {Icon} from "../../lib/bootstrap-components";
import {tableAddDeleteButton, tableRestActionDialogInit, tableRestActionDialogRender} from "../../lib/modals";
import {withComponentMixins} from "../../lib/decorator-helpers";
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -29,6 +30,10 @@ export default class List extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
}
render() {
@ -69,4 +74,4 @@ export default class List extends Component {
</div>
);
}
}
}

6
client/src/lists/subscriptions/CUD.js
View file

@ -25,6 +25,7 @@ import {getFieldColumn, SubscriptionStatus} from '../../../../shared/lists';
import {getFieldTypes, getSubscriptionStatusLabels} from './helpers';
import moment from 'moment-timezone';
import {withComponentMixins} from "../../lib/decorator-helpers";
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -89,6 +90,11 @@ export default class CUD extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
if (this.props.entity) {
this.getFormValuesFromEntity(this.props.entity);

7
client/src/lists/subscriptions/List.js
View file

@ -21,6 +21,7 @@ import {
} from "../../lib/modals";
import listStyles from "../styles.scss";
import {withComponentMixins} from "../../lib/decorator-helpers";
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -58,6 +59,10 @@ export default class List extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageLists) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageLists');
}
this.populateFormValues({
segment: this.props.segmentId || ''
});
@ -188,4 +193,4 @@ export default class List extends Component {
</div>
);
}
}
}

4
client/src/namespaces/CUD.js
View file

@ -93,6 +93,10 @@ export default class CUD extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageNamespaces) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageNamespaces');
}
if (this.props.entity) {
this.getFormValuesFromEntity(this.props.entity);
} else {

7
client/src/namespaces/List.js
View file

@ -29,7 +29,12 @@ export default class List extends Component {
static propTypes = {
permissions: PropTypes.object
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageNamespaces) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageNamespaces');
}
}
render() {
const t = this.props.t;

56
client/src/root.js
View file

@ -28,10 +28,10 @@ import {getUrl} from "./lib/urls";
import {withComponentMixins} from "./lib/decorator-helpers";
import Update from "./settings/Update";
const topLevelMenuKeys = ['lists', 'channels', 'templates', 'campaigns'];
const topLevelMenuKeys = ['Lists', 'Channels', 'Templates', 'Campaigns'];
if (mailtrainConfig.reportsEnabled) {
topLevelMenuKeys.push('reports');
topLevelMenuKeys.push('Reports');
}
@ -67,30 +67,43 @@ class Root extends Component {
const topLevelMenu = [];
for (const entryKey of topLevelMenuKeys) {
const entry = topLevelItems[entryKey];
const link = entry.link || entry.externalLink;
if (link && path.startsWith(link)) {
topLevelMenu.push(<NavLink key={entryKey} className="active" to={link}>{entry.title} <span className="sr-only">{t('current')}</span></NavLink>);
} else {
topLevelMenu.push(<NavLink key={entryKey} to={link}>{entry.title}</NavLink>);
}
}
if (mailtrainConfig.isAuthenticated) {
const gP = mailtrainConfig.globalPermissions;
for (const entryKey of topLevelMenuKeys) {
const entry = topLevelItems[entryKey.toLowerCase()];
const link = entry.link || entry.externalLink;
if (gP["manage"+entryKey]) {
if (link && path.startsWith(link)) {
topLevelMenu.push(<NavLink key={entryKey.toLowerCase()} className="active" to={link}>{entry.title} <span className="sr-only">{t('current')}</span></NavLink>);
} else {
topLevelMenu.push(<NavLink key={entryKey.toLowerCase()} to={link}>{entry.title}</NavLink>);
}
}
}
return (
<>
<ul className="navbar-nav mt-navbar-nav-left">
{topLevelMenu}
<NavDropdown label={t('administration')}>
{mailtrainConfig.globalPermissions.displayManageUsers && <DropdownLink to="/users">{t('users')}</DropdownLink>}
<DropdownLink to="/namespaces">{t('namespaces')}</DropdownLink>
{mailtrainConfig.globalPermissions.manageSettings && <DropdownLink to="/settings">{t('globalSettings')}</DropdownLink>}
<DropdownLink to="/send-configurations">{t('sendConfigurations')}</DropdownLink>
{mailtrainConfig.globalPermissions.manageBlacklist && <DropdownLink to="/blacklist">{t('blacklist')}</DropdownLink>}
<DropdownLink to="/account/api">{t('api')}</DropdownLink>
</NavDropdown>
{(gP.manageUsers || gP.manageNamespaces || gP.manageSettings ||
gP.manageSendConfigurations || gP.manageBlacklist || gP.manageApi) &&
<NavDropdown label={t('administration')}>
{(gP.manageUsers) &&
<DropdownLink to="/users">{t('users')}</DropdownLink>}
{(gP.manageNamespaces) &&
<DropdownLink to="/namespaces">{t('namespaces')}</DropdownLink>}
{(gP.manageSettings) &&
<DropdownLink to="/settings">{t('globalSettings')}</DropdownLink>}
{(gP.manageSendConfigurations) &&
<DropdownLink to="/send-configurations">{t('sendConfigurations')}</DropdownLink>}
{(gP.manageBlacklist) &&
<DropdownLink to="/blacklist">{t('blacklist')}</DropdownLink>}
{(gP.manageApi) &&
<DropdownLink to="/account/api">{t('api')}</DropdownLink>}
</NavDropdown>}
</ul>
<ul className="navbar-nav mt-navbar-nav-right">
{getLanguageChooser(t)}
@ -101,6 +114,7 @@ class Root extends Component {
</ul>
</>
);
} else {
return (
<>

4
client/src/send-configurations/CUD.js
View file

@ -91,6 +91,10 @@ export default class CUD extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageSendConfigurations) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageSendConfigurations');
}
if (this.props.entity) {
this.getFormValuesFromEntity(this.props.entity);
} else {

10
client/src/send-configurations/List.js
View file

@ -11,6 +11,7 @@ import {getMailerTypes} from './helpers';
import {tableAddDeleteButton, tableRestActionDialogInit, tableRestActionDialogRender} from "../lib/modals";
import {withComponentMixins} from "../lib/decorator-helpers";
import PropTypes from 'prop-types';
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
@ -33,6 +34,13 @@ export default class List extends Component {
permissions: PropTypes.object
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageSendConfigurations) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageSendConfigurations');
}
}
render() {
const t = this.props.t;
@ -87,4 +95,4 @@ export default class List extends Component {
</div>
);
}
}
}

7
client/src/settings/Update.js
View file

@ -19,6 +19,7 @@ import {
} from '../lib/form';
import {withErrorHandling} from '../lib/error-handling';
import {withComponentMixins} from "../lib/decorator-helpers";
import mailtrainConfig from 'mailtrainConfig';
@withComponentMixins([
withTranslation,
@ -45,6 +46,10 @@ export default class Update extends Component {
}
componentDidMount() {
const t = this.props.t;
if (!mailtrainConfig.globalPermissions.manageSettings) {
this.navigateToWithFlashMessage('/', 'danger', t('permissionDenied')+': manageSettings');
}
this.getFormValuesFromEntity(this.props.entity);
}
@ -102,4 +107,4 @@ export default class Update extends Component {
</div>
);
}
}
}

3
locales/de-DE/common.json
View file

@ -1065,5 +1065,6 @@
"channelName": "Channel \"{{name}}\"",
"cloneCampaign": "Clone Campaign",
"next": "Next",
"selectCampaignToBeCloned": "Select campaign to be cloned."
"selectCampaignToBeCloned": "Select campaign to be cloned.",
"permissionDenied": "Zugang verweigert"
}

3
locales/en-US/common.json
View file

@ -1071,5 +1071,6 @@
"channelName": "Channel \"{{name}}\"",
"cloneCampaign": "Clone Campaign",
"next": "Next",
"selectCampaignToBeCloned": "Select campaign to be cloned."
"selectCampaignToBeCloned": "Select campaign to be cloned.",
"permissionDenied": "Permission Denied"
}

3
locales/es-ES/common.json
View file

@ -1095,5 +1095,6 @@
"selectCampaignToBeCloned": "Elige la campaña que será clonada.",
"tagLanguage": "Lenguaje de marcado",
"tagLanguageMustBeSelected": "Debes seleccionar un lenguaje de marcado",
"helpText": "Texto de ayuda"
"helpText": "Texto de ayuda",
"permissionDenied": "Permiso denegado"
}

3
locales/fr-FR/common.json
View file

@ -1066,5 +1066,6 @@
"channelName": "Channel \"{{name}}\"",
"cloneCampaign": "Clone Campaign",
"next": "Next",
"selectCampaignToBeCloned": "Select campaign to be cloned."
"selectCampaignToBeCloned": "Select campaign to be cloned.",
"permissionDenied": "Permission refusée"
}

3
locales/pt-BR/common.json
View file

@ -1144,5 +1144,6 @@
"channelName": "Channel \"{{name}}\"",
"cloneCampaign": "Clone Campaign",
"next": "Next",
"selectCampaignToBeCloned": "Select campaign to be cloned."
"selectCampaignToBeCloned": "Select campaign to be cloned.",
"permissionDenied": "Permissão negada"
}

4
server/config/default.yaml
View file

@ -277,12 +277,12 @@ defaultRoles:
name: Global Master
admin: true
description: All permissions
permissions: [rebuildPermissions, createJavascriptWithROAccess, displayManageUsers, manageBlacklist, manageSettings, setupAutomation]
permissions: [rebuildPermissions, createJavascriptWithROAccess, manageBlacklist, manageSettings, manageUsers, manageLists, manageChannels, manageTemplates, manageCampaigns, manageReports, manageApi, manageSendConfigurations, manageNamespaces, setupAutomation]
rootNamespaceRole: master
campaignsAdmin:
name: Campaigns Admin
description: Under the namespace in which the user is located, the user has all permissions for managing lists, templates and campaigns and the permission to send to send configurations.
permissions: [setupAutomation]
permissions: [setupAutomation, manageLists, manageChannels, manageTemplates, manageCampaigns, manageReports, manageApi, manageSendConfigurations, manageNamespaces]
ownNamespaceRole: campaignsAdmin
campaignsAdminWithoutNamespace:
name: Campaigns Admin (multiple namespaces)

2
server/lib/translate.js
View file

@ -15,6 +15,8 @@ function loadLanguage(longCode) {
loadLanguage('en-US');
loadLanguage('es-ES');
loadLanguage('pt-BR');
loadLanguage('de-DE');
loadLanguage('fr-FR');
resourcesCommon['fk-FK'] = convertToFake(resourcesCommon['en-US']);
const resources = {};

6
server/models/campaigns.js
View file

@ -445,6 +445,7 @@ async function getByCid(context, cid) {
}
async function _validateAndPreprocess(tx, context, entity, isCreate, content) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
if (content === Content.ALL || content === Content.WITHOUT_SOURCE_CUSTOM || content === Content.RSS_ENTRY) {
await namespaceHelpers.validateEntity(tx, entity);
@ -481,6 +482,7 @@ async function _validateAndPreprocess(tx, context, entity, isCreate, content) {
}
async function _createTx(tx, context, entity, content) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createCampaign');
@ -579,6 +581,7 @@ async function createRssTx(tx, context, entity) {
}
async function _validateChannelMoveTx(tx, context, entity, existing) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
if (existing.channel !== entity.channel) {
await shares.enforceEntityPermission(context, 'channel', entity.channel, 'createCampaign');
await shares.enforceEntityPermission(context, 'campaign', entity.id, 'delete');
@ -637,6 +640,7 @@ async function updateWithConsistencyCheck(context, entity, content) {
}
async function _removeTx(tx, context, id, existing = null, overrideTypeCheck = false) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
await shares.enforceEntityPermissionTx(tx, context, 'campaign', id, 'delete');
if (!existing) {
@ -861,6 +865,7 @@ async function prepareCampaignMessages(campaignId) {
}
async function _changeStatus(context, campaignId, permittedCurrentStates, newState, invalidStateMessage, extraData) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
await knex.transaction(async tx => {
// This is quite inefficient because it selects the same row 3 times. However as status is changed
// rather infrequently, we keep it this way for simplicity
@ -925,6 +930,7 @@ async function stop(context, campaignId) {
}
async function reset(context, campaignId) {
shares.enforceGlobalPermission(context, 'manageCampaigns');
await knex.transaction(async tx => {
// This is quite inefficient because it selects the same row 3 times. However as RESET is
// going to be called rather infrequently, we keep it this way for simplicity

3
server/models/channels.js
View file

@ -140,6 +140,7 @@ async function _validateAndPreprocess(tx, context, entity, isCreate) {
}
async function _createTx(tx, context, entity, content) {
shares.enforceGlobalPermission(context, 'manageChannels');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createCampaign');
@ -169,6 +170,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageChannels');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'channel', entity.id, 'edit');
@ -198,6 +200,7 @@ async function updateWithConsistencyCheck(context, entity) {
async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageChannels');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'channel', id, 'delete');

5
server/models/lists.js
View file

@ -68,6 +68,7 @@ async function listByNamespaceDTAjax(context, namespaceId, params) {
}
async function listWithSegmentByCampaignDTAjax(context, campaignId, params) {
await shares.enforceEntityPermissionTx(tx, context, 'list', id, 'view');
return await dtHelpers.ajaxListWithPermissions(
context,
[{ entityTypeId: 'list', requiredOperations: ['view'] }],
@ -84,7 +85,6 @@ async function listWithSegmentByCampaignDTAjax(context, campaignId, params) {
}
async function getByIdTx(tx, context, id) {
await shares.enforceEntityPermissionTx(tx, context, 'list', id, 'view');
const entity = await tx('lists').where('id', id).first();
return entity;
}
@ -153,6 +153,7 @@ async function _validateAndPreprocess(tx, entity) {
}
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageLists');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createList');
@ -248,6 +249,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageLists');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'list', entity.id, 'edit');
@ -274,6 +276,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageLists');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'list', id, 'delete');

4
server/models/namespaces.js
View file

@ -120,7 +120,6 @@ async function getById(context, id) {
async function getChildrenTx(tx, context, id) {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', id, 'view');
const entityType = entitySettings.getEntityType('namespace');
const extraKeys = em.get('models.namespaces.extraKeys', []);
@ -162,6 +161,7 @@ async function getChildrenTx(tx, context, id) {
}
async function createTx(tx, context, entity) {
shares.enforceGlobalPermission(context, 'manageNamespaces');
enforce(entity.namespace, 'Parent namespace must be set');
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createNamespace');
@ -183,6 +183,7 @@ async function create(context, entity) {
async function updateWithConsistencyCheck(context, entity) {
enforce(entity.id !== 1 || entity.namespace === null, 'Cannot assign a parent to the root namespace.');
shares.enforceGlobalPermission(context, 'manageNamespaces');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.id, 'edit');
@ -221,6 +222,7 @@ async function updateWithConsistencyCheck(context, entity) {
async function remove(context, id) {
enforce(id !== 1, 'Cannot delete the root namespace.');
shares.enforceGlobalPermission(context, 'manageNamespaces');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', id, 'delete');

3
server/models/reports.js
View file

@ -64,6 +64,7 @@ async function listDTAjax(context, params) {
}
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageReports');
let id;
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createReport');
@ -85,6 +86,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageReports');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'report', entity.id, 'edit');
await shares.enforceEntityPermissionTx(tx, context, 'reportTemplate', entity.report_template, 'execute');
@ -120,6 +122,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function removeTx(tx, context, id) {
shares.enforceGlobalPermission(context, 'manageReports');
await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'delete');
const report = await tx('reports').where('id', id).first();

3
server/models/send-configurations.js
View file

@ -120,6 +120,7 @@ async function _validateAndPreprocess(tx, entity, isCreate) {
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageSendConfigurations');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createSendConfiguration');
@ -138,6 +139,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageSendConfigurations');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'sendConfiguration', entity.id, 'edit');
@ -167,6 +169,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageSendConfigurations');
if (id === getSystemSendConfigurationId()) {
shares.throwPermissionDenied();
}

3
server/models/shares.js
View file

@ -10,6 +10,7 @@ const log = require('../lib/log');
const {getGlobalNamespaceId} = require('../../shared/namespaces');
const {getAdminId} = require('../../shared/users');
// TODO: This would really benefit from some permission cache connected to rebuildPermissions
// A bit of the problem is that the cache would have to expunged as the result of other processes modifying entites/permissions
@ -726,4 +727,4 @@ module.exports.regenerateRoleNamesTable = regenerateRoleNamesTable;
module.exports.getGlobalPermissions = getGlobalPermissions;
module.exports.getPermissionsTx = getPermissionsTx;
module.exports.filterPermissionsByRestrictedAccessHandler = filterPermissionsByRestrictedAccessHandler;
module.exports.isAccessibleByRestrictedAccessHandler = isAccessibleByRestrictedAccessHandler;
module.exports.isAccessibleByRestrictedAccessHandler = isAccessibleByRestrictedAccessHandler;

3
server/models/templates.js
View file

@ -70,6 +70,7 @@ async function _validateAndPreprocess(tx, entity) {
}
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageTemplates');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createTemplate');
@ -114,6 +115,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageTemplates');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'template', entity.id, 'edit');
@ -143,6 +145,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function remove(context, id) {
shares.enforceGlobalPermission(context, 'manageTemplates');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'template', id, 'delete');

3
server/models/users.js
View file

@ -165,6 +165,7 @@ async function _validateAndPreprocess(tx, entity, isCreate, isOwnAccount) {
}
async function create(context, user) {
shares.enforceGlobalPermission(context, 'manageUsers');
let id;
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', user.namespace, 'manageUsers');
@ -192,6 +193,7 @@ async function create(context, user) {
}
async function updateWithConsistencyCheck(context, user, isOwnAccount) {
shares.enforceGlobalPermission(context, 'manageUsers');
await knex.transaction(async tx => {
const existing = await tx('users').where('id', user.id).first();
if (!existing) {
@ -240,6 +242,7 @@ async function updateWithConsistencyCheck(context, user, isOwnAccount) {
async function remove(context, userId) {
enforce(userId !== 1, 'Admin cannot be deleted');
enforce(context.user.id !== userId, 'User cannot delete himself/herself');
shares.enforceGlobalPermission(context, 'manageUsers');
await knex.transaction(async tx => {
const existing = await tx('users').where('id', userId).first();