public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Enforce manageReports global permission in reports model

Browse source
This commit is contained in:
joker-x 2020-08-29 23:30:57 +02:00
parent f1b45530ed
commit e0edcda3dd
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
server/models/reports.js
View file

@ -25,6 +25,7 @@ function hash(entity) {
}
async function getByIdWithTemplate(context, id, withPermissions = true) {
shares.enforceGlobalPermission(context, 'manageReports');
return await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'view');
@ -46,6 +47,7 @@ async function getByIdWithTemplate(context, id, withPermissions = true) {
}
async function listDTAjax(context, params) {
shares.enforceGlobalPermission(context, 'manageReports');
return await dtHelpers.ajaxListWithPermissions(
context,
[
@ -64,6 +66,7 @@ async function listDTAjax(context, params) {
}
async function create(context, entity) {
shares.enforceGlobalPermission(context, 'manageReports');
let id;
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createReport');
@ -85,6 +88,7 @@ async function create(context, entity) {
}
async function updateWithConsistencyCheck(context, entity) {
shares.enforceGlobalPermission(context, 'manageReports');
await knex.transaction(async tx => {
await shares.enforceEntityPermissionTx(tx, context, 'report', entity.id, 'edit');
await shares.enforceEntityPermissionTx(tx, context, 'reportTemplate', entity.report_template, 'execute');
@ -120,6 +124,7 @@ async function updateWithConsistencyCheck(context, entity) {
}
async function removeTx(tx, context, id) {
shares.enforceGlobalPermission(context, 'manageReports');
await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'delete');
const report = await tx('reports').where('id', id).first();