npm - @stamhoofd/backend - Versions diffs - 2.91.0 → 2.93.0 - Mend

@stamhoofd/backend 2.91.0 → 2.93.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/src/helpers/AdminPermissionChecker.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { AutoEncoderPatchType, PatchMap } from '@simonbackx/simple-encoding';
 import { isSimpleError, isSimpleErrors, SimpleError } from '@simonbackx/simple-errors';
-import { BalanceItem, CachedBalance, Document, EmailTemplate, Event, EventNotification, Group, Member, MemberPlatformMembership, MemberWithRegistrations, Order, Organization, OrganizationRegistrationPeriod, Payment, Registration, User, Webshop } from '@stamhoofd/models';
+import { BalanceItem, CachedBalance, Document, Email, EmailTemplate, Event, EventNotification, Group, Member, MemberPlatformMembership, MemberWithRegistrations, Order, Organization, OrganizationRegistrationPeriod, Payment, Registration, User, Webshop } from '@stamhoofd/models';
 import { AccessRight, EmailTemplate as EmailTemplateStruct, EventPermissionChecker, FinancialSupportSettings, GroupCategory, GroupStatus, GroupType, MemberWithRegistrationsBlob, PermissionLevel, PermissionsResourceType, Platform as PlatformStruct, RecordSettings, ResourcePermissions } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 import { MemberRecordStore } from '../services/MemberRecordStore';
@@ -709,7 +709,7 @@ export class AdminPermissionChecker {
         }
         if (!template.organizationId) {
-            return this.hasPlatformFullAccess();
+            return this.hasPlatformFullAccess() || !!this.platformPermissions?.hasAccessRight(AccessRight.ManageEmailTemplates);
         }
         if (await this.hasFullAccess(template.organizationId)) {
@@ -734,6 +734,11 @@ export class AdminPermissionChecker {
             return true;
         }
+        const o = await this.getOrganizationPermissions(template.organizationId);
+        if (o && o.hasAccessRight(AccessRight.ManageEmailTemplates)) {
+            return true;
+        }
         return false;
     }
@@ -845,8 +850,79 @@ export class AdminPermissionChecker {
         return this.hasSomeAccess(organizationId);
     }
-    canSendEmails() {
-        return !!this.user.permissions;
+    async canSendEmails(organizationId: Organization | string | null) {
+        if (organizationId) {
+            return (await this.getOrganizationPermissions(organizationId))?.hasAccessRightForSomeResourceOfType(PermissionsResourceType.Senders, AccessRight.SendMessages) ?? false;
+        }
+        return this.platformPermissions?.hasAccessRightForSomeResourceOfType(PermissionsResourceType.Senders, AccessRight.SendMessages) ?? false;
+    }
+    /**
+     * Fast check if this user can read at least one email in the system.
+     */
+    async canReadEmails(organizationId: Organization | string | null) {
+        if (await this.canSendEmails(organizationId)) {
+            // A user can reads its own emails, so they can read.
+            return true;
+        }
+        if (organizationId) {
+            return (await this.getOrganizationPermissions(organizationId))?.hasAccessForSomeResourceOfType(PermissionsResourceType.Senders, PermissionLevel.Read) ?? false;
+        }
+        return this.platformPermissions?.hasAccessForSomeResourceOfType(PermissionsResourceType.Senders, PermissionLevel.Read) ?? false;
+    }
+    async canReadAllEmails(organizationId: Organization | string | null, senderId = ''): Promise<boolean> {
+        if (organizationId) {
+            return (await this.getOrganizationPermissions(organizationId))?.hasResourceAccess(PermissionsResourceType.Senders, senderId, PermissionLevel.Read) ?? false;
+        }
+        return this.platformPermissions?.hasResourceAccess(PermissionsResourceType.Senders, senderId, PermissionLevel.Read) ?? false;
+    }
+    async canAccessEmail(email: Email, level: PermissionLevel = PermissionLevel.Read): Promise<boolean> {
+        if (!this.checkScope(email.organizationId)) {
+            return false;
+        }
+        if (email.userId === this.user.id) {
+            // User can always read their own emails
+            // Note; for sending we'll always need to use 'canSendEmailsFrom' externally
+            return true;
+        }
+        if (email.organizationId) {
+            const organizationPermissions = await this.getOrganizationPermissions(email.organizationId);
+            if (!organizationPermissions) {
+                return false;
+            }
+            if (!email.senderId) {
+                return organizationPermissions.hasResourceAccess(PermissionsResourceType.Senders, '', level);
+            }
+            return organizationPermissions.hasResourceAccess(PermissionsResourceType.Senders, email.senderId, level);
+        }
+        // Platform email
+        const platformPermissions = this.platformPermissions;
+        if (!platformPermissions) {
+            return false;
+        }
+        if (!email.senderId) {
+            return platformPermissions.hasResourceAccess(PermissionsResourceType.Senders, '', level);
+        }
+        return platformPermissions.hasResourceAccess(PermissionsResourceType.Senders, email.senderId, level);
+    }
+    async canSendEmail(email: Email): Promise<boolean> {
+        if (email.senderId) {
+            return await this.canSendEmailsFrom(email.organizationId, email.senderId);
+        }
+        return await this.canSendEmails(email.organizationId);
+    }
+    async canSendEmailsFrom(organizationId: Organization | string | null, senderId: string): Promise<boolean> {
+        if (organizationId) {
+            return (await this.getOrganizationPermissions(organizationId))?.hasResourceAccessRight(PermissionsResourceType.Senders, senderId, AccessRight.SendMessages) ?? false;
+        }
+        return this.platformPermissions?.hasResourceAccessRight(PermissionsResourceType.Senders, senderId, AccessRight.SendMessages) ?? false;
     }
     async canReadEmailTemplates(organizationId: string) {
@@ -909,7 +985,7 @@ export class AdminPermissionChecker {
      */
     async hasSomeAccess(organizationOrId: string | Organization): Promise<boolean> {
         const organizationPermissions = await this.getOrganizationPermissions(organizationOrId);
-        return !!organizationPermissions;
+        return !!organizationPermissions && !organizationPermissions.isEmpty;
     }
     async canManageAdmins(organizationId: string) {

package/src/helpers/EmailResumer.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import { ContextInstance } from './Context';
 export async function resumeEmails() {
     const query = SQL.select()
         .from(SQL.table(Email.table))
-        .where(SQL.column('status'), EmailStatus.Sending);
+        .where(SQL.column('status'), [EmailStatus.Sending, EmailStatus.Queued]);
     const result = await query.fetch();
     const emails = Email.fromRows(result, Email.table);
@@ -28,7 +28,7 @@ export async function resumeEmails() {
         try {
             await ContextInstance.startForUser(user, organization, async () => {
-                await email.send();
+                await email.resumeSending();
             });
         }
         catch (e) {