diff --git a/client/src/lists/List.js b/client/src/lists/List.js index f7751ebd..1573a02a 100644 --- a/client/src/lists/List.js +++ b/client/src/lists/List.js @@ -10,6 +10,7 @@ import {tableAddDeleteButton, tableRestActionDialogInit, tableRestActionDialogRe import {withComponentMixins} from "../lib/decorator-helpers"; import {withForm} from "../lib/form"; import PropTypes from 'prop-types'; +import mailtrainConfig from 'mailtrainConfig'; @withComponentMixins([ withTranslation, @@ -117,6 +118,7 @@ export default class List extends Component { ]; return ( + {(mailtrainConfig.user.admin || mailtrainConfig.globalPermissions.manageList) ?
{tableRestActionDialogRender(this)} @@ -132,6 +134,8 @@ export default class List extends Component { this.table = node} withHeader dataUrl="rest/lists-table" columns={columns} /> + : +

No tienes permisos para manejar listas

} ); } -} \ No newline at end of file +} diff --git a/server/models/campaigns.js b/server/models/campaigns.js index adc43a25..1141bdbf 100644 --- a/server/models/campaigns.js +++ b/server/models/campaigns.js @@ -230,7 +230,6 @@ async function listTestUsersDTAjax(context, campaignId, params) { } async function _listSubscriberResultsDTAjax(context, campaignId, getSubsQrys, columns, params) { - shares.enforceGlobalPermission(context, 'manageCampaigns'); return await knex.transaction(async tx => { await shares.enforceEntityPermissionTx(tx, context, 'campaign', campaignId, 'view'); @@ -325,7 +324,6 @@ async function listOpensDTAjax(context, campaignId, params) { } async function listLinkClicksDTAjax(context, campaignId, params) { - shares.enforceGlobalPermission(context, 'manageCampaigns'); return await knex.transaction(async (tx) => { await shares.enforceEntityPermissionTx(tx, context, 'campaign', campaignId, 'viewStats'); @@ -978,7 +976,6 @@ async function disable(context, campaignId) { async function getStatisticsOpened(context, id) { - shares.enforceGlobalPermission(context, 'manageCampaigns'); return await knex.transaction(async tx => { await shares.enforceEntityPermissionTx(tx, context, 'campaign', id, 'viewStats'); @@ -993,7 +990,6 @@ async function getStatisticsOpened(context, id) { } async function fetchRssCampaign(context, cid) { - shares.enforceGlobalPermission(context, 'manageCampaigns'); return await knex.transaction(async tx => { const campaign = await tx('campaigns').where('cid', cid).select(['id', 'type']).first(); diff --git a/server/models/channels.js b/server/models/channels.js index 5c26f7de..a96ba111 100644 --- a/server/models/channels.js +++ b/server/models/channels.js @@ -30,7 +30,6 @@ function hash(entity) { } async function listDTAjax(context, params) { - shares.enforceGlobalPermission(context, 'manageChannels'); return await dtHelpers.ajaxListWithPermissions( context, [{ entityTypeId: 'channel', requiredOperations: ['view'] }], @@ -96,7 +95,6 @@ async function _getByTx(tx, context, key, id, withPermissions = true) { } async function getByIdTx(tx, context, id, withPermissions = true) { - shares.enforceGlobalPermission(context, 'manageChannels'); await shares.enforceEntityPermissionTx(tx, context, 'channel', id, 'view'); return await _getByTx(tx, context, 'id', id, withPermissions); diff --git a/server/models/lists.js b/server/models/lists.js index 8595d8c9..3c43d34b 100644 --- a/server/models/lists.js +++ b/server/models/lists.js @@ -27,7 +27,6 @@ function hash(entity) { async function _listDTAjax(context, namespaceId, params) { - shares.enforceGlobalPermission(context, 'manageLists'); const campaignEntityType = entitySettings.getEntityType('campaign'); return await dtHelpers.ajaxListWithPermissions( diff --git a/server/models/namespaces.js b/server/models/namespaces.js index 39ae70ed..6e961320 100644 --- a/server/models/namespaces.js +++ b/server/models/namespaces.js @@ -119,7 +119,6 @@ async function getById(context, id) { } async function getChildrenTx(tx, context, id) { - await shares.enforceEntityPermissionTx(tx, context, 'namespace', id, 'view'); const entityType = entitySettings.getEntityType('namespace'); diff --git a/server/models/reports.js b/server/models/reports.js index be16c99a..64292c15 100644 --- a/server/models/reports.js +++ b/server/models/reports.js @@ -25,7 +25,6 @@ function hash(entity) { } async function getByIdWithTemplate(context, id, withPermissions = true) { - shares.enforceGlobalPermission(context, 'manageReports'); return await knex.transaction(async tx => { await shares.enforceEntityPermissionTx(tx, context, 'report', id, 'view'); @@ -47,7 +46,6 @@ async function getByIdWithTemplate(context, id, withPermissions = true) { } async function listDTAjax(context, params) { - shares.enforceGlobalPermission(context, 'manageReports'); return await dtHelpers.ajaxListWithPermissions( context, [ @@ -142,6 +140,7 @@ async function remove(context, id) { } async function updateFields(id, fields) { + shares.enforceGlobalPermission(context, 'manageReports'); return await knex('reports').where('id', id).update(fields); } @@ -150,6 +149,7 @@ async function listByState(state, limit) { } async function bulkChangeState(oldState, newState) { + shares.enforceGlobalPermission(context, 'manageReports'); return await knex('reports').where('state', oldState).update('state', newState); } diff --git a/server/models/users.js b/server/models/users.js index 45bbfb6c..f1c7cedc 100644 --- a/server/models/users.js +++ b/server/models/users.js @@ -37,7 +37,6 @@ function hash(entity) { } async function _getByTx(tx, context, key, value, extraColumns = []) { - shares.enforceGlobalPermission(context, 'manageUsers'); const columns = ['id', 'username', 'name', 'email', 'namespace', 'role', ...extraColumns]; const user = await tx('users').select(columns).where(key, value).first(); @@ -110,7 +109,6 @@ async function serverValidate(context, data, isOwnAccount) { } async function listDTAjax(context, params) { - shares.enforceGlobalPermission(context, 'manageUsers'); return await dtHelpers.ajaxListWithPermissions( context, [{ entityTypeId: 'namespace', requiredOperations: ['manageUsers'] }],