public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Enforce manageReports global permission in reports model

Browse source
This commit is contained in:
joker-x 2020-08-29 23:30:57 +02:00
parent f1b45530ed
commit e0edcda3dd
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
server/models/reports.js
View file

@ -25,6 +25,7 @@ function hash(entity) {
} }
async function getByIdWithTemplate(context, id, withPermissions = true) { async function getByIdWithTemplate(context, id, withPermissions = true) {
shares.enforceGlobalPermission(context, 'manageReports');
return await knex.transaction(async tx => { return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'view'); await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'view');
@ -46,6 +47,7 @@ async function getByIdWithTemplate(context, id, withPermissions = true) {
} }
async function listDTAjax(context, params) { async function listDTAjax(context, params) {
shares.enforceGlobalPermission(context, 'manageReports');
return await dtHelpers.ajaxListWithPermissions( return await dtHelpers.ajaxListWithPermissions(
context, context,
[ [
@ -64,6 +66,7 @@ async function listDTAjax(context, params) {
} }
async function create(context, entity) { async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageReports');
let id; let id;
await knex.transaction(async tx => { await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createReport'); await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createReport');
@ -85,6 +88,7 @@ async function create(context, entity) {
} }
async function updateWithConsistencyCheck(context, entity) { async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageReports');
await knex.transaction(async tx => { await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'report', entity.id, 'edit'); await shares.enforceEntityPermissionTx(tx, context, 'report', entity.id, 'edit');
await shares.enforceEntityPermissionTx(tx, context, 'reportTemplate', entity.report_template, 'execute'); await shares.enforceEntityPermissionTx(tx, context, 'reportTemplate', entity.report_template, 'execute');
@ -120,6 +124,7 @@ async function updateWithConsistencyCheck(context, entity) {
} }
async function removeTx(tx, context, id) { async function removeTx(tx, context, id) {
shares.enforceGlobalPermission(context, 'manageReports');
await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'delete'); await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'delete');
const report = await tx('reports').where('id', id).first(); const report = await tx('reports').where('id', id).first();