Include permissions for mail rules & accounts

2025-07-28 18:24:38 -05:00 · 2023-07-25 20:20:56 -07:00
parent 0beb9f0b5f
commit 23fefc3ab7
10 changed files with 243 additions and 74 deletions
--- a/src-ui/src/app/components/manage/settings/settings.component.html
+++ b/src-ui/src/app/components/manage/settings/settings.component.html
@@ -266,8 +266,8 @@
                    <div class="col d-flex align-items-center">{{account.imap_server}}</div>
                    <div class="col">
                      <div class="btn-group">
-                        <button *appIfPermissions="{ action: PermissionAction.Change, type: PermissionType.MailAccount }" class="btn btn-sm btn-primary" type="button" (click)="editMailAccount(account)" i18n>Edit</button>
-                        <button *appIfPermissions="{ action: PermissionAction.Change, type: PermissionType.MailAccount }" class="btn btn-sm btn-outline-danger" type="button" (click)="deleteMailAccount(account)" i18n>Delete</button>
+                        <button *appIfPermissions="{ action: PermissionAction.Change, type: PermissionType.MailAccount }" [disabled]="!userCanEdit(account)" class="btn btn-sm btn-primary" type="button" (click)="editMailAccount(account)" i18n>Edit</button>
+                        <button *appIfPermissions="{ action: PermissionAction.Delete, type: PermissionType.MailAccount }" [disabled]="!userIsOwner(account)" class="btn btn-sm btn-outline-danger" type="button" (click)="deleteMailAccount(account)" i18n>Delete</button>
                      </div>
                    </div>
                  </div>
@@ -303,8 +303,8 @@
                    <div class="col d-flex align-items-center">{{(mailAccountService.getCached(rule.account) | async)?.name}}</div>
                    <div class="col">
                      <div class="btn-group">
-                        <button *appIfPermissions="{ action: PermissionAction.Change, type: PermissionType.MailRule }" class="btn btn-sm btn-primary" type="button" (click)="editMailRule(rule)" i18n>Edit</button>
-                        <button *appIfPermissions="{ action: PermissionAction.Change, type: PermissionType.MailRule }" class="btn btn-sm btn-outline-danger" type="button" (click)="deleteMailRule(rule)" i18n>Delete</button>
+                        <button *appIfPermissions="{ action: PermissionAction.Change, type: PermissionType.MailRule }" [disabled]="!userCanEdit(rule)" class="btn btn-sm btn-primary" type="button" (click)="editMailRule(rule)" i18n>Edit</button>
+                        <button *appIfPermissions="{ action: PermissionAction.Delete, type: PermissionType.MailRule }" [disabled]="!userIsOwner(rule)" class="btn btn-sm btn-outline-danger" type="button" (click)="deleteMailRule(rule)" i18n>Delete</button>
                      </div>
                    </div>
                  </div>
--- a/src-ui/src/app/components/manage/settings/settings.component.spec.ts
+++ b/src-ui/src/app/components/manage/settings/settings.component.spec.ts
@@ -48,8 +48,8 @@ const savedViews = [
  { id: 2, name: 'view2' },
 ]
 const users = [
-  { id: 1, username: 'user1' },
-  { id: 2, username: 'user2' },
+  { id: 1, username: 'user1', is_superuser: false },
+  { id: 2, username: 'user2', is_superuser: false },
 ]
 const groups = [
  { id: 1, name: 'group1' },
@@ -60,8 +60,8 @@ const mailAccounts = [
  { id: 2, name: 'account2' },
 ]
 const mailRules = [
-  { id: 1, name: 'rule1' },
-  { id: 2, name: 'rule2' },
+  { id: 1, name: 'rule1', owner: 1 },
+  { id: 2, name: 'rule2', owner: 2 },
 ]

 describe('SettingsComponent', () => {
@@ -75,6 +75,7 @@ describe('SettingsComponent', () => {
  let viewportScroller: ViewportScroller
  let toastService: ToastService
  let userService: UserService
+  let permissionsService: PermissionsService
  let groupService: GroupService
  let mailAccountService: MailAccountService
  let mailRuleService: MailRuleService
@@ -90,17 +91,7 @@ describe('SettingsComponent', () => {
        CheckComponent,
        ColorComponent,
      ],
-      providers: [
-        {
-          provide: PermissionsService,
-          useValue: {
-            currentUserCan: () => true,
-          },
-        },
-        CustomDatePipe,
-        DatePipe,
-        PermissionsGuard,
-      ],
+      providers: [CustomDatePipe, DatePipe, PermissionsGuard],
      imports: [
        NgbModule,
        HttpClientTestingModule,
@@ -117,6 +108,14 @@ describe('SettingsComponent', () => {
    toastService = TestBed.inject(ToastService)
    settingsService = TestBed.inject(SettingsService)
    userService = TestBed.inject(UserService)
+    permissionsService = TestBed.inject(PermissionsService)
+    jest.spyOn(permissionsService, 'currentUserCan').mockReturnValue(true)
+    jest
+      .spyOn(permissionsService, 'currentUserHasObjectPermissions')
+      .mockReturnValue(true)
+    jest
+      .spyOn(permissionsService, 'currentUserOwnsObject')
+      .mockReturnValue(true)
    jest.spyOn(userService, 'listAll').mockReturnValue(
      of({
        all: users.map((u) => u.id),
--- a/src-ui/src/app/components/manage/settings/settings.component.ts
+++ b/src-ui/src/app/components/manage/settings/settings.component.ts
@@ -45,6 +45,11 @@ import { MailRuleService } from 'src/app/services/rest/mail-rule.service'
 import { MailAccountEditDialogComponent } from '../../common/edit-dialog/mail-account-edit-dialog/mail-account-edit-dialog.component'
 import { MailRuleEditDialogComponent } from '../../common/edit-dialog/mail-rule-edit-dialog/mail-rule-edit-dialog.component'
 import { EditDialogMode } from '../../common/edit-dialog/edit-dialog.component'
+import { ObjectWithPermissions } from 'src/app/data/object-with-permissions'
+import {
+  PermissionAction,
+  PermissionsService,
+} from 'src/app/services/permissions.service'

 enum SettingsNavIDs {
  General = 1,
@@ -140,7 +145,8 @@ export class SettingsComponent
    private usersService: UserService,
    private groupsService: GroupService,
    private router: Router,
-    private modalService: NgbModal
+    private modalService: NgbModal,
+    private permissionsService: PermissionsService
  ) {
    super()
    this.settings.settingsSaved.subscribe(() => {
@@ -642,6 +648,17 @@ export class SettingsComponent
    this.settingsForm.get('themeColor').patchValue('')
  }

+  userCanEdit(obj: ObjectWithPermissions): boolean {
+    return this.permissionsService.currentUserHasObjectPermissions(
+      PermissionAction.Change,
+      obj
+    )
+  }
+
+  userIsOwner(obj: ObjectWithPermissions): boolean {
+    return this.permissionsService.currentUserOwnsObject(obj)
+  }
+
  editUser(user: PaperlessUser) {
    var modal = this.modalService.open(UserEditDialogComponent, {
      backdrop: 'static',
--- a/src-ui/src/app/data/paperless-mail-account.ts
+++ b/src-ui/src/app/data/paperless-mail-account.ts
@@ -1,4 +1,4 @@
-import { ObjectWithId } from './object-with-id'
+import { ObjectWithPermissions } from './object-with-permissions'

 export enum IMAPSecurity {
  None = 1,
@@ -6,7 +6,7 @@ export enum IMAPSecurity {
  STARTTLS = 3,
 }

-export interface PaperlessMailAccount extends ObjectWithId {
+export interface PaperlessMailAccount extends ObjectWithPermissions {
  name: string

  imap_server: string
--- a/src-ui/src/app/data/paperless-mail-rule.ts
+++ b/src-ui/src/app/data/paperless-mail-rule.ts
@@ -1,4 +1,4 @@
-import { ObjectWithId } from './object-with-id'
+import { ObjectWithPermissions } from './object-with-permissions'

 export enum MailFilterAttachmentType {
  Attachments = 1,
@@ -31,7 +31,7 @@ export enum MailMetadataCorrespondentOption {
  FromCustom = 4,
 }

-export interface PaperlessMailRule extends ObjectWithId {
+export interface PaperlessMailRule extends ObjectWithPermissions {
  name: string

  account: number // PaperlessMailAccount.id