mirror/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-05-12 13:21:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: check doc access before sending mention email (#7664)

Browse Source 
* fix: check doc access before sending mention email

* refactor

---------

Co-authored-by: Tom Moor <tom.moor@gmail.com>
This commit is contained in:
Hemachandar
2024-09-29 02:59:34 +05:30
committed by GitHub
parent 3f73c9d2bf
commit c58aafeb32
5 changed files with 33 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/queues/tasks/CommentCreatedNotificationsTask.ts
+3 -1
View File
@@ -5,6 +5,7 @@ import NotificationHelper from "@server/models/helpers/NotificationHelper";
import { ProsemirrorHelper } from "@server/models/helpers/ProsemirrorHelper";
import { sequelize } from "@server/storage/database";
import { CommentEvent } from "@server/types";
import { canUserAccessDocument } from "@server/utils/policies";
import BaseTask, { TaskPriority } from "./BaseTask";
export default class CommentCreatedNotificationsTask extends BaseTask<CommentEvent> {
@@ -52,7 +53,8 @@ export default class CommentCreatedNotificationsTask extends BaseTask<CommentEve
recipient.id !== mention.actorId &&
recipient.subscribedToEventType(
NotificationEventType.MentionedInComment
)
) &&
(await canUserAccessDocument(recipient, document.id))
) {
await Notification.create({
event: NotificationEventType.MentionedInComment,
server/queues/tasks/CommentUpdatedNotificationsTask.ts
+4 -1
View File
@@ -2,6 +2,7 @@ import { NotificationEventType } from "@shared/types";
import { Comment, Document, Notification, User } from "@server/models";
import { ProsemirrorHelper } from "@server/models/helpers/ProsemirrorHelper";
import { CommentEvent, CommentUpdateEvent } from "@server/types";
import { canUserAccessDocument } from "@server/utils/policies";
import BaseTask, { TaskPriority } from "./BaseTask";
export default class CommentUpdatedNotificationsTask extends BaseTask<CommentEvent> {
@@ -41,7 +42,8 @@ export default class CommentUpdatedNotificationsTask extends BaseTask<CommentEve
recipient.id !== mention.actorId &&
recipient.subscribedToEventType(
NotificationEventType.MentionedInComment
)
) &&
(await canUserAccessDocument(recipient, document.id))
) {
await Notification.create({
event: NotificationEventType.MentionedInComment,
@@ -49,6 +51,7 @@ export default class CommentUpdatedNotificationsTask extends BaseTask<CommentEve
actorId: mention.actorId,
teamId: document.teamId,
documentId: document.id,
commentId: comment.id,
});
}
}
server/queues/tasks/DocumentPublishedNotificationsTask.ts
+3 -1
View File
@@ -4,6 +4,7 @@ import { Document, Notification, User } from "@server/models";
import { DocumentHelper } from "@server/models/helpers/DocumentHelper";
import NotificationHelper from "@server/models/helpers/NotificationHelper";
import { DocumentEvent } from "@server/types";
import { canUserAccessDocument } from "@server/utils/policies";
import BaseTask, { TaskPriority } from "./BaseTask";
export default class DocumentPublishedNotificationsTask extends BaseTask<DocumentEvent> {
@@ -33,7 +34,8 @@ export default class DocumentPublishedNotificationsTask extends BaseTask<Documen
recipient.id !== mention.actorId &&
recipient.subscribedToEventType(
NotificationEventType.MentionedInDocument
)
) &&
(await canUserAccessDocument(recipient, document.id))
) {
await Notification.create({
event: NotificationEventType.MentionedInDocument,
server/queues/tasks/RevisionCreatedNotificationsTask.ts
+2 -14
View File
@@ -8,8 +8,8 @@ import Logger from "@server/logging/Logger";
import { Document, Revision, Notification, User, View } from "@server/models";
import { DocumentHelper } from "@server/models/helpers/DocumentHelper";
import NotificationHelper from "@server/models/helpers/NotificationHelper";
import { authorize } from "@server/policies";
import { RevisionEvent } from "@server/types";
import { canUserAccessDocument } from "@server/utils/policies";
import BaseTask, { TaskPriority } from "./BaseTask";
export default class RevisionCreatedNotificationsTask extends BaseTask<RevisionEvent> {
@@ -54,7 +54,7 @@ export default class RevisionCreatedNotificationsTask extends BaseTask<RevisionE
recipient.subscribedToEventType(
NotificationEventType.MentionedInDocument
) &&
(await this.canAccess(recipient, document))
(await canUserAccessDocument(recipient, document.id))
) {
await Notification.create({
event: NotificationEventType.MentionedInDocument,
@@ -151,18 +151,6 @@ export default class RevisionCreatedNotificationsTask extends BaseTask<RevisionE
return true;
};
private canAccess = async (user: User, model: Document) => {
try {
const document = await Document.findByPk(model.id, {
userId: user.id,
});
authorize(user, "read", document);
return true;
} catch (err) {
return false;
}
};
public get options() {
return {
priority: TaskPriority.Background,
server/utils/policies.ts
+21
View File
@@ -0,0 +1,21 @@
import { Document, User } from "@server/models";
import { authorize } from "@server/policies";
/**
* Check if the given user can access a document
*
* @param user - The user to check
* @param documentId - The document to check
* @returns Boolean whether the user can access the document
*/
export const canUserAccessDocument = async (user: User, documentId: string) => {
try {
const document = await Document.findByPk(documentId, {
userId: user.id,
});
authorize(user, "read", document);
return true;
} catch (err) {
return false;
}
};