Work in progress on subscriptions
This commit is contained in:
Tomas Bures
parent
d9211377dd
commit
e73c0a8b28
42 changed files with 1558 additions and 678 deletions
|
|
@ -3,18 +3,27 @@
|
|||
const knex = require('../lib/knex');
|
||||
const dtHelpers = require('../lib/dt-helpers');
|
||||
const interoperableErrors = require('../shared/interoperable-errors');
|
||||
const shares = require('./shares');
|
||||
|
||||
async function listDTAjax(params) {
|
||||
return await dtHelpers.ajaxList(params, builder => builder.from('campaigns'), ['campaigns.id', 'campaigns.name', 'campaigns.description', 'campaigns.status', 'campaigns.created']);
|
||||
return await dtHelpers.ajaxListWithPermissions(
|
||||
context,
|
||||
[{ entityTypeId: 'campaign', requiredOperations: ['view'] }],
|
||||
params,
|
||||
builder => builder.from('campaigns')
|
||||
.innerJoin('namespaces', 'namespaces.id', 'campaigns.namespace'),
|
||||
['campaigns.id', 'campaigns.name', 'campaigns.description', 'campaigns.status', 'campaigns.created']
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
async function getById(id) {
|
||||
const entity = await knex('campaigns').where('id', id).first();
|
||||
if (!entity) {
|
||||
throw new interoperableErrors.NotFoundError();
|
||||
}
|
||||
|
||||
return entity;
|
||||
async function getById(context, id) {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'campaign', 'view');
|
||||
const entity = await tx('campaigns').where('id', id).first();
|
||||
entity.permissions = await shares.getPermissionsTx(tx, context, 'campaign', id);
|
||||
return entity;
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ const { enforce, filterObject } = require('../lib/helpers');
|
|||
const dtHelpers = require('../lib/dt-helpers');
|
||||
const interoperableErrors = require('../shared/interoperable-errors');
|
||||
const shares = require('./shares');
|
||||
const fieldsLegacy = require('../lib/models/fields');
|
||||
const bluebird = require('bluebird');
|
||||
const validators = require('../shared/validators');
|
||||
const shortid = require('shortid');
|
||||
|
|
@ -85,15 +84,10 @@ function hash(entity) {
|
|||
}
|
||||
|
||||
async function getById(context, listId, id) {
|
||||
let entity;
|
||||
|
||||
await knex.transaction(async tx => {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'list', listId, 'manageFields');
|
||||
|
||||
entity = await tx('custom_fields').where({list: listId, id}).first();
|
||||
if (!entity) {
|
||||
throw new interoperableErrors.NotFoundError();
|
||||
}
|
||||
const entity = await tx('custom_fields').where({list: listId, id}).first();
|
||||
|
||||
const orderFields = {
|
||||
order_list: 'orderListBefore',
|
||||
|
|
@ -113,20 +107,20 @@ async function getById(context, listId, id) {
|
|||
entity[orderFields[key]] = 'none';
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
return entity;
|
||||
return entity;
|
||||
});
|
||||
}
|
||||
|
||||
async function list(context, listId) {
|
||||
let rows;
|
||||
|
||||
await knex.transaction(async tx => {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'list', listId, 'manageFields');
|
||||
rows = await tx('custom_fields').where({list: listId}).select(['id', 'name', 'type', 'order_list', 'order_subscribe', 'order_manage']);
|
||||
return await tx('custom_fields').where({list: listId}).select(['id', 'name', 'type', 'key', 'column', 'order_list', 'order_subscribe', 'order_manage']).orderBy('id', 'asc');
|
||||
});
|
||||
}
|
||||
|
||||
return rows;
|
||||
async function listByOrderListTx(tx, listId, extraColumns = []) {
|
||||
return await tx('custom_fields').where({list: listId}).whereNotNull('order_list').select(['name', ...extraColumns]).orderBy('order_list', 'asc');
|
||||
}
|
||||
|
||||
async function listDTAjax(context, listId, params) {
|
||||
|
|
@ -199,9 +193,8 @@ async function listGroupedDTAjax(context, listId, params) {
|
|||
}
|
||||
|
||||
async function serverValidate(context, listId, data) {
|
||||
const result = {};
|
||||
|
||||
await knex.transaction(async tx => {
|
||||
return await knex.transaction(async tx => {
|
||||
const result = {};
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'list', listId, 'manageFields');
|
||||
|
||||
if (data.key) {
|
||||
|
|
@ -219,9 +212,9 @@ async function serverValidate(context, listId, data) {
|
|||
exists: !!existingKey
|
||||
};
|
||||
}
|
||||
});
|
||||
|
||||
return result;
|
||||
return result;
|
||||
});
|
||||
}
|
||||
|
||||
async function _validateAndPreprocess(tx, listId, entity, isCreate) {
|
||||
|
|
@ -304,8 +297,7 @@ async function _sortIn(tx, listId, entityId, orderListBefore, orderSubscribeBefo
|
|||
}
|
||||
|
||||
async function create(context, listId, entity) {
|
||||
let id;
|
||||
await knex.transaction(async tx => {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'list', listId, 'manageFields');
|
||||
|
||||
await _validateAndPreprocess(tx, listId, entity, true);
|
||||
|
|
@ -322,8 +314,7 @@ async function create(context, listId, entity) {
|
|||
filteredEntity.column = columnName;
|
||||
|
||||
const ids = await tx('custom_fields').insert(filteredEntity);
|
||||
id = ids[0];
|
||||
|
||||
const id = ids[0];
|
||||
|
||||
await _sortIn(tx, listId, id, entity.orderListBefore, entity.orderSubscribeBefore, entity.orderManageBefore);
|
||||
|
||||
|
|
@ -335,9 +326,9 @@ async function create(context, listId, entity) {
|
|||
}
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
return id;
|
||||
return id;
|
||||
});
|
||||
}
|
||||
|
||||
async function updateWithConsistencyCheck(context, listId, entity) {
|
||||
|
|
@ -392,6 +383,7 @@ module.exports = {
|
|||
hash,
|
||||
getById,
|
||||
list,
|
||||
listByOrderListTx,
|
||||
listDTAjax,
|
||||
listGroupedDTAjax,
|
||||
create,
|
||||
|
|
|
|||
|
|
@ -85,14 +85,12 @@ async function _getById(tx, id) {
|
|||
|
||||
|
||||
async function getById(context, id) {
|
||||
let entity;
|
||||
await knex.transaction(async tx => {
|
||||
return await knex.transaction(async tx => {
|
||||
shares.enforceEntityPermissionTx(tx, context, 'customForm', id, 'view');
|
||||
entity = await _getById(tx, id);
|
||||
entity.permissions = await shares.getPermissions(tx, context, 'customForm', id);
|
||||
const entity = await _getById(tx, id);
|
||||
entity.permissions = await shares.getPermissionsTx(tx, context, 'customForm', id);
|
||||
return entity;
|
||||
});
|
||||
|
||||
return entity;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -114,8 +112,7 @@ async function serverValidate(context, data) {
|
|||
|
||||
|
||||
async function create(context, entity) {
|
||||
let id;
|
||||
await knex.transaction(async tx => {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createCustomForm');
|
||||
|
||||
await namespaceHelpers.validateEntity(tx, entity);
|
||||
|
|
@ -124,7 +121,7 @@ async function create(context, entity) {
|
|||
enforce(!Object.keys(checkForMjmlErrors(form)).length, 'Error(s) in form templates');
|
||||
|
||||
const ids = await tx('custom_forms').insert(filterObject(entity, formAllowedKeys));
|
||||
id = ids[0];
|
||||
const id = ids[0];
|
||||
|
||||
for (const formKey in form) {
|
||||
await tx('custom_forms_data').insert({
|
||||
|
|
@ -135,9 +132,8 @@ async function create(context, entity) {
|
|||
}
|
||||
|
||||
await shares.rebuildPermissions(tx, { entityTypeId: 'customForm', entityId: id });
|
||||
return id;
|
||||
});
|
||||
|
||||
return id;
|
||||
}
|
||||
|
||||
async function updateWithConsistencyCheck(context, entity) {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ const { enforce, filterObject } = require('../lib/helpers');
|
|||
const interoperableErrors = require('../shared/interoperable-errors');
|
||||
const shares = require('./shares');
|
||||
const namespaceHelpers = require('../lib/namespace-helpers');
|
||||
const fields = require('./fields');
|
||||
|
||||
const UnsubscriptionMode = require('../shared/lists').UnsubscriptionMode;
|
||||
|
||||
|
|
@ -31,26 +32,17 @@ async function listDTAjax(context, params) {
|
|||
}
|
||||
|
||||
async function getById(context, id) {
|
||||
let entity;
|
||||
|
||||
await knex.transaction(async tx => {
|
||||
|
||||
return await knex.transaction(async tx => {
|
||||
shares.enforceEntityPermissionTx(tx, context, 'list', id, 'view');
|
||||
|
||||
entity = await tx('lists').where('id', id).first();
|
||||
if (!entity) {
|
||||
throw new interoperableErrors.NotFoundError();
|
||||
}
|
||||
|
||||
entity.permissions = await shares.getPermissions(tx, context, 'list', id);
|
||||
const entity = await tx('lists').where('id', id).first();
|
||||
entity.permissions = await shares.getPermissionsTx(tx, context, 'list', id);
|
||||
entity.listFields = await fields.listByOrderListTx(tx, id);
|
||||
return entity;
|
||||
});
|
||||
|
||||
return entity;
|
||||
}
|
||||
|
||||
async function create(context, entity) {
|
||||
let id;
|
||||
await knex.transaction(async tx => {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createList');
|
||||
|
||||
await namespaceHelpers.validateEntity(tx, entity);
|
||||
|
|
@ -60,14 +52,14 @@ async function create(context, entity) {
|
|||
filteredEntity.cid = shortid.generate();
|
||||
|
||||
const ids = await tx('lists').insert(filteredEntity);
|
||||
id = ids[0];
|
||||
const id = ids[0];
|
||||
|
||||
await knex.schema.raw('CREATE TABLE `subscription__' + id + '` LIKE subscription');
|
||||
|
||||
await shares.rebuildPermissions(tx, { entityTypeId: 'list', entityId: id });
|
||||
});
|
||||
|
||||
return id;
|
||||
return id;
|
||||
});
|
||||
}
|
||||
|
||||
async function updateWithConsistencyCheck(context, entity) {
|
||||
|
|
|
|||
|
|
@ -108,38 +108,28 @@ function hash(entity) {
|
|||
}
|
||||
|
||||
async function getById(context, id) {
|
||||
let entity;
|
||||
|
||||
await knex.transaction(async tx => {
|
||||
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'namespace', id, 'view');
|
||||
|
||||
entity = await tx('namespaces').where('id', id).first();
|
||||
if (!entity) {
|
||||
throw new interoperableErrors.NotFoundError();
|
||||
}
|
||||
|
||||
entity.permissions = await shares.getPermissions(tx, context, 'namespace', id);
|
||||
const entity = await tx('namespaces').where('id', id).first();
|
||||
entity.permissions = await shares.getPermissionsTx(tx, context, 'namespace', id);
|
||||
return entity;
|
||||
});
|
||||
|
||||
return entity;
|
||||
}
|
||||
|
||||
async function create(context, entity) {
|
||||
enforce(entity.namespace, 'Parent namespace must be set');
|
||||
|
||||
let id;
|
||||
await knex.transaction(async tx => {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createNamespace');
|
||||
|
||||
const ids = await tx('namespaces').insert(filterObject(entity, allowedKeys));
|
||||
id = ids[0];
|
||||
const id = ids[0];
|
||||
|
||||
// We don't have to rebuild all entity types, because no entity can be a child of the namespace at this moment.
|
||||
await shares.rebuildPermissions(tx, { entityTypeId: 'namespace', entityId: id });
|
||||
});
|
||||
|
||||
return id;
|
||||
return id;
|
||||
});
|
||||
}
|
||||
|
||||
async function updateWithConsistencyCheck(context, entity) {
|
||||
|
|
@ -191,6 +181,8 @@ async function remove(context, id) {
|
|||
throw new interoperableErrors.ChildDetectedError();
|
||||
}
|
||||
|
||||
// FIXME - Remove all contained entities first
|
||||
|
||||
await tx('namespaces').where('id', id).del();
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,21 +15,12 @@ function hash(entity) {
|
|||
}
|
||||
|
||||
async function getById(context, id) {
|
||||
let entity;
|
||||
|
||||
await knex.transaction(async tx => {
|
||||
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'reportTemplate', id, 'view');
|
||||
|
||||
entity = await tx('report_templates').where('id', id).first();
|
||||
if (!entity) {
|
||||
throw new interoperableErrors.NotFoundError();
|
||||
}
|
||||
|
||||
entity.permissions = await shares.getPermissions(tx, context, 'reportTemplate', id);
|
||||
const entity = await tx('report_templates').where('id', id).first();
|
||||
entity.permissions = await shares.getPermissionsTx(tx, context, 'reportTemplate', id);
|
||||
return entity;
|
||||
});
|
||||
|
||||
return entity;
|
||||
}
|
||||
|
||||
async function listDTAjax(context, params) {
|
||||
|
|
@ -43,22 +34,23 @@ async function listDTAjax(context, params) {
|
|||
}
|
||||
|
||||
async function create(context, entity) {
|
||||
let id;
|
||||
await knex.transaction(async tx => {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceGlobalPermission(context, 'createJavascriptWithROAccess');
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'namespace', entity.namespace, 'createReportTemplate');
|
||||
await namespaceHelpers.validateEntity(tx, entity);
|
||||
|
||||
const ids = await tx('report_templates').insert(filterObject(entity, allowedKeys));
|
||||
id = ids[0];
|
||||
const id = ids[0];
|
||||
|
||||
await shares.rebuildPermissions(tx, { entityTypeId: 'reportTemplate', entityId: id });
|
||||
});
|
||||
|
||||
return id;
|
||||
return id;
|
||||
});
|
||||
}
|
||||
|
||||
async function updateWithConsistencyCheck(context, entity) {
|
||||
await knex.transaction(async tx => {
|
||||
await shares.enforceGlobalPermission(context, 'createJavascriptWithROAccess');
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'reportTemplate', entity.id, 'edit');
|
||||
|
||||
const existing = await tx('report_templates').where('id', entity.id).first();
|
||||
|
|
@ -87,14 +79,11 @@ async function remove(context, id) {
|
|||
}
|
||||
|
||||
async function getUserFieldsById(context, id) {
|
||||
await shares.enforceEntityPermission(context, 'reportTemplate', id, 'view');
|
||||
|
||||
const entity = await knex('report_templates').select(['user_fields']).where('id', id).first();
|
||||
if (!entity) {
|
||||
throw new interoperableErrors.NotFoundError();
|
||||
}
|
||||
|
||||
return JSON.parse(entity.user_fields);
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'reportTemplate', id, 'view');
|
||||
const entity = await tx('report_templates').select(['user_fields']).where('id', id).first();
|
||||
return JSON.parse(entity.user_fields);
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
|
|
|
|||
|
|
@ -19,29 +19,22 @@ function hash(entity) {
|
|||
}
|
||||
|
||||
async function getByIdWithTemplate(context, id) {
|
||||
let entity;
|
||||
|
||||
await knex.transaction(async tx => {
|
||||
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'view');
|
||||
|
||||
entity = await tx('reports')
|
||||
const entity = await tx('reports')
|
||||
.where('reports.id', id)
|
||||
.innerJoin('report_templates', 'reports.report_template', 'report_templates.id')
|
||||
.select(['reports.id', 'reports.name', 'reports.description', 'reports.report_template', 'reports.params', 'reports.state', 'reports.namespace', 'report_templates.user_fields', 'report_templates.mime_type', 'report_templates.hbs', 'report_templates.js'])
|
||||
.first();
|
||||
|
||||
if (!entity) {
|
||||
throw new interoperableErrors.NotFoundError();
|
||||
}
|
||||
|
||||
entity.user_fields = JSON.parse(entity.user_fields);
|
||||
entity.params = JSON.parse(entity.params);
|
||||
|
||||
entity.permissions = await shares.getPermissions(tx, context, 'report', id);
|
||||
});
|
||||
entity.permissions = await shares.getPermissionsTx(tx, context, 'report', id);
|
||||
|
||||
return entity;
|
||||
return entity;
|
||||
});
|
||||
}
|
||||
|
||||
async function listDTAjax(context, params) {
|
||||
|
|
@ -147,21 +140,17 @@ const campaignFieldsMapping = {
|
|||
email: 'subscribers.email'
|
||||
};
|
||||
|
||||
function customFieldName(id) {
|
||||
return id.replace(/MERGE_/, 'CUSTOM_').toLowerCase();
|
||||
}
|
||||
|
||||
async function getCampaignResults(context, campaign, select, extra) {
|
||||
const fieldList = await fields.list(campaign.list);
|
||||
const fieldList = await fields.list(context, campaign.list);
|
||||
|
||||
const fieldsMapping = fieldList.reduce((map, field) => {
|
||||
/* Dropdowns and checkboxes are aggregated. As such, they have field.column == null and the options are in field.options.
|
||||
const fieldsMapping = Object.assign({}, campaignFieldsMapping);
|
||||
for (const field of fieldList) {
|
||||
/* Dropdowns and checkboxes are aggregated. As such, they have field.column == null
|
||||
TODO - For the time being, we ignore groupped fields. */
|
||||
if (field.column) {
|
||||
map[customFieldName(field.key)] = 'subscribers.' + field.column;
|
||||
fieldsMapping[field.key.toLowerCase()] = 'subscribers.' + field.column;
|
||||
}
|
||||
return map;
|
||||
}, Object.assign({}, campaignFieldsMapping));
|
||||
}
|
||||
|
||||
let selFields = [];
|
||||
for (let idx = 0; idx < select.length; idx++) {
|
||||
|
|
|
|||
49
models/segments.js
Normal file
49
models/segments.js
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
'use strict';
|
||||
|
||||
const knex = require('../lib/knex');
|
||||
const dtHelpers = require('../lib/dt-helpers');
|
||||
const interoperableErrors = require('../shared/interoperable-errors');
|
||||
const shares = require('./shares');
|
||||
|
||||
//const allowedKeys = new Set(['cid', 'email']);
|
||||
|
||||
/*
|
||||
function hash(entity) {
|
||||
const allowedKeys = allowedKeysBase.slice();
|
||||
|
||||
// TODO add keys from custom fields
|
||||
|
||||
return hasher.hash(filterObject(entity, allowedKeys));
|
||||
}
|
||||
*/
|
||||
|
||||
async function listDTAjax(context, listId, params) {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'list', listId, 'viewSubscriptions');
|
||||
|
||||
const flds = await fields.listByOrderListTx(tx, listId, ['column']);
|
||||
|
||||
return await dtHelpers.ajaxListTx(
|
||||
tx,
|
||||
params,
|
||||
builder => builder
|
||||
.from('segments')
|
||||
.where('list', listId),
|
||||
['id', 'name', 'type']
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
async function list(context, listId) {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'list', listId, 'viewSubscriptions');
|
||||
|
||||
return await tx('segments').select(['id', 'name']).where('list', listId).orderBy('name', 'asc');
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
listDTAjax,
|
||||
list
|
||||
};
|
||||
144
models/shares.js
144
models/shares.js
|
|
@ -10,67 +10,75 @@ const interoperableErrors = require('../shared/interoperable-errors');
|
|||
|
||||
|
||||
async function listByEntityDTAjax(context, entityTypeId, entityId, params) {
|
||||
const entityType = permissions.getEntityType(entityTypeId);
|
||||
return await knex.transaction(async (tx) => {
|
||||
const entityType = permissions.getEntityType(entityTypeId);
|
||||
await enforceEntityPermissionTx(tx, context, entityTypeId, entityId, 'share');
|
||||
|
||||
await enforceEntityPermission(context, entityTypeId, entityId, 'share');
|
||||
|
||||
return await dtHelpers.ajaxList(
|
||||
params,
|
||||
builder => builder
|
||||
.from(entityType.sharesTable)
|
||||
.innerJoin('users', entityType.sharesTable + '.user', 'users.id')
|
||||
.innerJoin('generated_role_names', 'generated_role_names.role', 'users.role')
|
||||
.where('generated_role_names.entity_type', entityTypeId)
|
||||
.where(`${entityType.sharesTable}.entity`, entityId),
|
||||
[ 'users.username', 'users.name', 'generated_role_names.name', 'users.id', entityType.sharesTable + '.auto' ]
|
||||
);
|
||||
return await dtHelpers.ajaxListTx(
|
||||
tx,
|
||||
params,
|
||||
builder => builder
|
||||
.from(entityType.sharesTable)
|
||||
.innerJoin('users', entityType.sharesTable + '.user', 'users.id')
|
||||
.innerJoin('generated_role_names', 'generated_role_names.role', 'users.role')
|
||||
.where('generated_role_names.entity_type', entityTypeId)
|
||||
.where(`${entityType.sharesTable}.entity`, entityId),
|
||||
['users.username', 'users.name', 'generated_role_names.name', 'users.id', entityType.sharesTable + '.auto']
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
async function listByUserDTAjax(context, entityTypeId, userId, params) {
|
||||
const user = await knex('users').where('id', userId).first();
|
||||
if (!user) {
|
||||
shares.throwPermissionDenied();
|
||||
}
|
||||
return await knex.transaction(async (tx) => {
|
||||
const user = await tx('users').where('id', userId).first();
|
||||
if (!user) {
|
||||
shares.throwPermissionDenied();
|
||||
}
|
||||
|
||||
await enforceEntityPermission(context, 'namespace', user.namespace, 'manageUsers');
|
||||
await enforceEntityPermissionTx(tx, context, 'namespace', user.namespace, 'manageUsers');
|
||||
|
||||
const entityType = permissions.getEntityType(entityTypeId);
|
||||
const entityType = permissions.getEntityType(entityTypeId);
|
||||
|
||||
return await dtHelpers.ajaxListWithPermissions(
|
||||
context,
|
||||
[{ entityTypeId }],
|
||||
params,
|
||||
builder => builder
|
||||
.from(entityType.sharesTable)
|
||||
.innerJoin(entityType.entitiesTable, entityType.sharesTable + '.entity', entityType.entitiesTable + '.id')
|
||||
.innerJoin('generated_role_names', 'generated_role_names.role', entityType.sharesTable + '.role')
|
||||
.where('generated_role_names.entity_type', entityTypeId)
|
||||
.where(entityType.sharesTable + '.user', userId),
|
||||
[ entityType.entitiesTable + '.name', 'generated_role_names.name', entityType.entitiesTable + '.id', entityType.sharesTable + '.auto' ]
|
||||
);
|
||||
return await dtHelpers.ajaxListWithPermissionsTx(
|
||||
tx,
|
||||
context,
|
||||
[{entityTypeId}],
|
||||
params,
|
||||
builder => builder
|
||||
.from(entityType.sharesTable)
|
||||
.innerJoin(entityType.entitiesTable, entityType.sharesTable + '.entity', entityType.entitiesTable + '.id')
|
||||
.innerJoin('generated_role_names', 'generated_role_names.role', entityType.sharesTable + '.role')
|
||||
.where('generated_role_names.entity_type', entityTypeId)
|
||||
.where(entityType.sharesTable + '.user', userId),
|
||||
[entityType.entitiesTable + '.name', 'generated_role_names.name', entityType.entitiesTable + '.id', entityType.sharesTable + '.auto']
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
async function listUnassignedUsersDTAjax(context, entityTypeId, entityId, params) {
|
||||
const entityType = permissions.getEntityType(entityTypeId);
|
||||
return await knex.transaction(async (tx) => {
|
||||
const entityType = permissions.getEntityType(entityTypeId);
|
||||
|
||||
await enforceEntityPermission(context, entityTypeId, entityId, 'share');
|
||||
await enforceEntityPermissionTx(tx, context, entityTypeId, entityId, 'share');
|
||||
|
||||
return await dtHelpers.ajaxList(
|
||||
params,
|
||||
builder => builder
|
||||
.from('users')
|
||||
.whereNotExists(function() {
|
||||
return this
|
||||
.select('*')
|
||||
.from(entityType.sharesTable)
|
||||
.whereRaw(`users.id = ${entityType.sharesTable}.user`)
|
||||
.andWhere(`${entityType.sharesTable}.entity`, entityId);
|
||||
}),
|
||||
['users.id', 'users.username', 'users.name']
|
||||
);
|
||||
return await dtHelpers.ajaxListTx(
|
||||
tx,
|
||||
params,
|
||||
builder => builder
|
||||
.from('users')
|
||||
.whereNotExists(function () {
|
||||
return this
|
||||
.select('*')
|
||||
.from(entityType.sharesTable)
|
||||
.whereRaw(`users.id = ${entityType.sharesTable}.user`)
|
||||
.andWhere(`${entityType.sharesTable}.entity`, entityId);
|
||||
}),
|
||||
['users.id', 'users.username', 'users.name']
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
async function listRolesDTAjax(context, entityTypeId, params) {
|
||||
async function listRolesDTAjax(entityTypeId, params) {
|
||||
return await dtHelpers.ajaxList(
|
||||
params,
|
||||
builder => builder
|
||||
|
|
@ -406,9 +414,9 @@ async function removeDefaultShares(tx, user) {
|
|||
}
|
||||
}
|
||||
|
||||
function enforceGlobalPermission(context, requiredOperations) {
|
||||
function checkGlobalPermission(context, requiredOperations) {
|
||||
if (context.user.admin) { // This handles the getAdminContext() case
|
||||
return;
|
||||
return true;
|
||||
}
|
||||
|
||||
if (typeof requiredOperations === 'string') {
|
||||
|
|
@ -416,15 +424,23 @@ function enforceGlobalPermission(context, requiredOperations) {
|
|||
}
|
||||
|
||||
const roleSpec = config.roles.global[context.user.role];
|
||||
let success = false;
|
||||
if (roleSpec) {
|
||||
for (const requiredOperation of requiredOperations) {
|
||||
if (roleSpec.permissions.includes(requiredOperation)) {
|
||||
return;
|
||||
success = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
throwPermissionDenied();
|
||||
return success;
|
||||
}
|
||||
|
||||
function enforceGlobalPermission(context, requiredOperations) {
|
||||
if (!checkGlobalPermission(context, requiredOperations)) {
|
||||
throwPermissionDenied();
|
||||
}
|
||||
}
|
||||
|
||||
async function _checkPermissionTx(tx, context, entityTypeId, entityId, requiredOperations) {
|
||||
|
|
@ -465,19 +481,15 @@ async function checkEntityPermission(context, entityTypeId, entityId, requiredOp
|
|||
return false;
|
||||
}
|
||||
|
||||
let result;
|
||||
await knex.transaction(async tx => {
|
||||
result = await _checkPermissionTx(tx, context, entityTypeId, entityId, requiredOperations);
|
||||
return await knex.transaction(async tx => {
|
||||
return await _checkPermissionTx(tx, context, entityTypeId, entityId, requiredOperations);
|
||||
});
|
||||
return result;
|
||||
}
|
||||
|
||||
async function checkTypePermission(context, entityTypeId, requiredOperations) {
|
||||
let result;
|
||||
await knex.transaction(async tx => {
|
||||
result = await _checkPermissionTx(tx, context, entityTypeId, null, requiredOperations);
|
||||
return await knex.transaction(async tx => {
|
||||
return await _checkPermissionTx(tx, context, entityTypeId, null, requiredOperations);
|
||||
});
|
||||
return result;
|
||||
}
|
||||
|
||||
async function enforceEntityPermission(context, entityTypeId, entityId, requiredOperations) {
|
||||
|
|
@ -518,7 +530,15 @@ async function enforceTypePermissionTx(tx, context, entityTypeId, requiredOperat
|
|||
}
|
||||
}
|
||||
|
||||
async function getPermissions(tx, context, entityTypeId, entityId) {
|
||||
function getGlobalPermissions(context) {
|
||||
enforce(!context.user.admin, 'getPermissions is not supposed to be called by assumed admin');
|
||||
|
||||
return (config.roles.global[context.user.role] || {}).permissions || [];
|
||||
}
|
||||
|
||||
async function getPermissionsTx(tx, context, entityTypeId, entityId) {
|
||||
enforce(!context.user.admin, 'getPermissions is not supposed to be called by assumed admin');
|
||||
|
||||
const entityType = permissions.getEntityType(entityTypeId);
|
||||
|
||||
const rows = await tx(entityType.permissionsTable)
|
||||
|
|
@ -545,7 +565,9 @@ module.exports = {
|
|||
checkEntityPermission,
|
||||
checkTypePermission,
|
||||
enforceGlobalPermission,
|
||||
checkGlobalPermission,
|
||||
throwPermissionDenied,
|
||||
regenerateRoleNamesTable,
|
||||
getPermissions
|
||||
getGlobalPermissions,
|
||||
getPermissionsTx
|
||||
};
|
||||
|
|
@ -3,21 +3,46 @@
|
|||
const knex = require('../lib/knex');
|
||||
const dtHelpers = require('../lib/dt-helpers');
|
||||
const interoperableErrors = require('../shared/interoperable-errors');
|
||||
const shares = require('./shares');
|
||||
const fields = require('./fields');
|
||||
const { SubscriptionStatus } = require('../shared/lists');
|
||||
|
||||
const Status = {
|
||||
SUBSCRIBED: 1,
|
||||
UNSUBSCRIBED: 2,
|
||||
BOUNCED: 3,
|
||||
COMPLAINED: 4,
|
||||
MAX: 5
|
||||
};
|
||||
const allowedKeysBase = new Set(['cid', 'email']);
|
||||
|
||||
async function list(listId) {
|
||||
return await knex(`subscription__${listId}`);
|
||||
function hash(entity) {
|
||||
const allowedKeys = allowedKeysBase.slice();
|
||||
|
||||
// TODO add keys from custom fields
|
||||
|
||||
return hasher.hash(filterObject(entity, allowedKeys));
|
||||
}
|
||||
|
||||
|
||||
async function listDTAjax(context, listId, params) {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'list', listId, 'viewSubscriptions');
|
||||
|
||||
const flds = await fields.listByOrderListTx(tx, listId, ['column']);
|
||||
|
||||
return await dtHelpers.ajaxListTx(
|
||||
tx,
|
||||
params,
|
||||
builder => builder.from(`subscription__${listId}`),
|
||||
['id', 'cid', 'email', 'status', 'created', ...flds.map(fld => fld.column)]
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
async function list(context, listId) {
|
||||
return await knex.transaction(async tx => {
|
||||
await shares.enforceEntityPermissionTx(tx, context, 'list', listId, 'viewSubscriptions');
|
||||
|
||||
return await tx(`subscription__${listId}`);
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
module.exports = {
|
||||
Status,
|
||||
list
|
||||
list,
|
||||
listDTAjax
|
||||
};
|
||||
|
|
@ -37,12 +37,8 @@ function hash(entity) {
|
|||
return hasher.hash(filterObject(entity, hashKeys));
|
||||
}
|
||||
|
||||
async function _getBy(context, key, value, extraColumns) {
|
||||
const columns = ['id', 'username', 'name', 'email', 'namespace', 'role'];
|
||||
|
||||
if (extraColumns) {
|
||||
columns.push(...extraColumns);
|
||||
}
|
||||
async function _getBy(context, key, value, extraColumns = []) {
|
||||
const columns = ['id', 'username', 'name', 'email', 'namespace', 'role', ...extraColumns];
|
||||
|
||||
const user = await knex('users').select(columns).where(key, value).first();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue