ponymail-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject incubator-ponymail git commit: inconsistent rights checking - use common function
Date Tue, 13 Dec 2016 23:52:04 GMT
Repository: incubator-ponymail
Updated Branches:
  refs/heads/master 4116d9bf4 -> 915a68d66


inconsistent rights checking - use common function

This fixes #267

Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/915a68d6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/915a68d6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/915a68d6

Branch: refs/heads/master
Commit: 915a68d66e03c840d10a402389803e084bdd23da
Parents: 4116d9b
Author: Sebb <sebb@apache.org>
Authored: Tue Dec 13 23:51:52 2016 +0000
Committer: Sebb <sebb@apache.org>
Committed: Tue Dec 13 23:51:52 2016 +0000

----------------------------------------------------------------------
 CHANGELOG.md               |  1 +
 site/api/atom.lua          | 35 ++++++++++++-----------------------
 site/api/email.lua         |  9 +--------
 site/api/notifications.lua | 22 +++++++++-------------
 site/api/preferences.lua   | 12 ++++--------
 site/api/source.lua        |  8 +-------
 site/api/stats.lua         | 11 +++--------
 site/api/thread.lua        | 20 ++------------------
 8 files changed, 33 insertions(+), 85 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/915a68d6/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 25dd5d9..3cd6183 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -62,6 +62,7 @@
 - ll.py retrieves results but does not use them (#291)
 - lib/aaa.lua various bugs (#140)
 - lua modules should define local functions only (#294)
+- inconsistent rights checking (#267)
 
 ## CHANGES in 0.9b:
 

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/915a68d6/site/api/atom.lua
----------------------------------------------------------------------
diff --git a/site/api/atom.lua b/site/api/atom.lua
index caa6b3a..17e5d9d 100644
--- a/site/api/atom.lua
+++ b/site/api/atom.lua
@@ -123,22 +123,16 @@ function handle(r)
         for k = #doc.hits.hits, 1, -1 do
             local v = doc.hits.hits[k]
             local email = v._source
-            local canUse = true
+            local canUse = false
             if email.private then
-                if account and not rights then
-                    rights = aaa.rights(r, account)
-                end
-                canUse = false
                 if account then
-                    local lid = email.list_raw:match("<[^.]+%.(.-)>")
-                    local flid = email.list_raw:match("<([^.]+%..-)>")
-                    for k, v in pairs(rights or {}) do
-                        if v == "*" or v == lid or v == flid then
-                            canUse = true
-                            break
-                        end
+                    if rights then
+                        rights = aaa.rights(r, account)
                     end
+                    canUse = canAccessDoc(email, rights)
                 end
+            else
+                canUse = true
             end
             if canUse then
                 local mid = email['message-id']
@@ -166,21 +160,16 @@ function handle(r)
                 fetchChildren(r, parent)
                 -- ensure access and process all children
                 for k, doc in pairs(emls_thrd) do
-                    local canUse = true
+                    local canUse = false
                     if doc.private then
-                        canUse = false
-                        if account and not rights then
-                            rights = aaa.rights(r, account)
-                        end
                         if account then
-                            local lid = doc.list_raw:match("<[^.]+%.(.-)>")
-                            for k, v in pairs(rights or {}) do
-                                if v == "*" or v == lid then
-                                    canUse = true
-                                    break
-                                end
+                            if not rights then
+                                rights = aaa.rights(r, account)
                             end
+                            canUse = canAccessDoc(doc, rights)
                         end
+                    else
+                        canUse = true
                     end
                     if canUse then
                         table.insert(emls, doc)

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/915a68d6/site/api/email.lua
----------------------------------------------------------------------
diff --git a/site/api/email.lua b/site/api/email.lua
index 8c36fa0..14f419d 100644
--- a/site/api/email.lua
+++ b/site/api/email.lua
@@ -69,14 +69,7 @@ function handle(r)
         -- Is this a private email? and if so, does the user have access to view it?
         if doc.private then
             if account then
-                local lid = doc.list_raw:match("<[^.]+%.(.-)>")
-                local flid = doc.list_raw:match("<([^.]+%..-)>")
-                for k, v in pairs(aaa.rights(r, account)) do
-                    if v == "*" or v == lid or v == flid then
-                        canAccess = true
-                        break
-                    end
-                end
+                canAccess = canAccessDoc(doc, aaa.rights(r, account))
             else
                 r:puts(JSON.encode{
                     error = "You must be logged in to view this email"

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/915a68d6/site/api/notifications.lua
----------------------------------------------------------------------
diff --git a/site/api/notifications.lua b/site/api/notifications.lua
index d4ecba5..35ea247 100644
--- a/site/api/notifications.lua
+++ b/site/api/notifications.lua
@@ -24,6 +24,8 @@ local aaa = require 'lib/aaa'
 local user = require 'lib/user'
 local cross = require 'lib/cross'
 
+require 'lib/utils'
+
 function handle(r)
     r.content_type = "application/json"
     local now = r:clock()
@@ -53,23 +55,17 @@ function handle(r)
         -- Find all recent notification docs, up to 50 latest results
         local docs = elastic.find("recipient:\"" .. r:sha1(account.cid) .. "\"", 50, "notifications")
         for k, doc in pairs(docs) do
-            local canUse = true
+            local canUse = false
             -- check we have rights to view this notification (it might be from a private
email we shouldn't see)
             if doc.private then
-                if not rights then
-                    rights = aaa.rights(r, account)
-                end
-                canUse = false
                 if account then
-                    local lid = doc.list_raw:match("<[^.]+%.(.-)>")
-                    local flid = doc.list_raw:match("<([^.]+%..-)>")
-                    for k, v in pairs(rights or {}) do
-                        if v == "*" or v == lid or v == flid then
-                            canUse = true
-                            break
-                        end
-                    end
+                  if not rights then
+                      rights = aaa.rights(r, account)
+                  end
+                  canUse = canAccessDoc(doc, rights)
                 end
+            else
+                canUse = true
             end
             -- if we can see the email, push the notif to the list
             if canUse then

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/915a68d6/site/api/preferences.lua
----------------------------------------------------------------------
diff --git a/site/api/preferences.lua b/site/api/preferences.lua
index 59f1e19..df1444b 100644
--- a/site/api/preferences.lua
+++ b/site/api/preferences.lua
@@ -25,6 +25,8 @@ local smtp = require 'socket.smtp'
 local config = require 'lib/config'
 local aaa = require 'lib/aaa'
 
+require 'lib/utils'
+
 --[[
 Get login details (if logged in), mail list counts and descriptions
 
@@ -319,15 +321,9 @@ Pony Mail - Email for Ponies and People.
         -- i.e. the user won't see the list name if it contains a single private mail they
cannot access
         for x,y in pairs (pdoc.aggregations.from.buckets) do
             local canAccess = false
-            local list, domain = y.key:lower():match("^<?(.-)%.(.-)>?$")
+            local _, list, domain = parseLid(y.key:lower())
             if list and domain and #list > 0 and #domain > 2 then
-                local flid = list .. "." .. domain
-                for k, v in pairs(rights) do
-                    if v == "*" or v == domain or v == flid then
-                        canAccess = true
-                        break
-                    end
-                end
+                canAccess = canAccessList(y.key:lower(), rights)
                 if not canAccess then
                     lists[domain] = lists[domain] or {}
                     lists[domain][list] = nil

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/915a68d6/site/api/source.lua
----------------------------------------------------------------------
diff --git a/site/api/source.lua b/site/api/source.lua
index 45305e4..7d6c728 100644
--- a/site/api/source.lua
+++ b/site/api/source.lua
@@ -40,13 +40,7 @@ function handle(r)
         if doc.private then
             local account = user.get(r)
             if account then
-                local lid = doc.list_raw:match("<[^.]+%.(.-)>")
-                for k, v in pairs(aaa.rights(r, account)) do
-                    if v == "*" or v == lid then
-                        canAccess = true
-                        break
-                    end
-                end
+                canAccess = canAccessDoc(doc, aaa.rights(r, account))
             else
                 r:puts("You must be logged in to view this email")
                 return cross.OK

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/915a68d6/site/api/stats.lua
----------------------------------------------------------------------
diff --git a/site/api/stats.lua b/site/api/stats.lua
index fa07ff7..70a5816 100644
--- a/site/api/stats.lua
+++ b/site/api/stats.lua
@@ -24,6 +24,8 @@ local aaa = require 'lib/aaa'
 local config = require 'lib/config'
 local cross = require 'lib/cross'
 
+require 'lib/utils'
+
 local days = {
     31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31, 30, 31 
 }
@@ -585,14 +587,7 @@ function handle(r)
             end
             canUse = false
             if account then
-                local lid = email.list_raw:match("<[^.]+%.(.-)>")
-                local flid = email.list_raw:match("<([^.]+%..-)>")
-                for k, v in pairs(rights or {}) do
-                    if v == "*" or v == lid or v == flid then
-                        canUse = true
-                        break
-                    end
-                end
+                canUse = canAccessDoc(email, rights)
             end
         end
         if canUse then

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/915a68d6/site/api/thread.lua
----------------------------------------------------------------------
diff --git a/site/api/thread.lua b/site/api/thread.lua
index 9c92ac8..b75ac41 100644
--- a/site/api/thread.lua
+++ b/site/api/thread.lua
@@ -59,15 +59,7 @@ local function fetchChildren(r, pdoc, c, biglist, rights, account)
         -- if we haven't seen this email before, check for its kids and add it to the bunch
         local canAccess = true
         if doc.private then
-            canAccess = false
-            local lid = doc.list_raw:match("<[^.]+%.(.-)>")
-            local flid = doc.list_raw:match("<([^.]+%..-)>")
-            for k, v in pairs(rights) do
-                if v == "*" or v == lid or v == flid then
-                    canAccess = true
-                    break
-                end
-            end
+            canAccess = canAccessDoc(doc, rights)
         end
         
         if canAccess and (not biglist[doc['message-id']]) then
@@ -129,15 +121,7 @@ function handle(r)
         -- if private, can we access it?
         if doc.private then
             if account then
-                local lid = doc.list_raw:match("<[^.]+%.(.-)>")
-                local flid = doc.list_raw:match("<([^.]+%..-)>")
-                rights = aaa.rights(r, account)
-                for k, v in pairs(rights) do
-                    if v == "*" or v == lid or v == flid then
-                        canAccess = true
-                        break
-                    end
-                end
+                canAccess = canAccessDoc(doc, aaa.rights(r, account))
             else
                 r:puts(JSON.encode{
                     error = "You must be logged in to view this email"


Mime
View raw message