Skip to content

Commit

Permalink
pkp#10571 add additional access checks
Browse files Browse the repository at this point in the history
  • Loading branch information
taslangraham committed Dec 19, 2024
1 parent 01000e1 commit e97aa39
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 16 deletions.
3 changes: 0 additions & 3 deletions classes/emailTemplate/DAO.php
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,4 @@ protected function getUniqueKey(EmailTemplate $emailTemplate): string

return $key;
}



}
3 changes: 1 addition & 2 deletions classes/emailTemplate/Repository.php
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@ public function isTemplateAccessibleToUser(User $user, EmailTemplate $template,
/**
* Filters a list of EmailTemplates to return only those accessible by a specified user.
*
* @param Enumerable $templates List of EmailTemplate objects to filter.
* @param Enumerable $templates List of EmailTemplates to filter.
* @param User $user The user whose access level is used for filtering.
*
* @return Collection Filtered list of EmailTemplate objects accessible to the user.
Expand Down Expand Up @@ -369,5 +369,4 @@ private function markTemplateAsUnrestricted(EmailTemplate $emailTemplate, bool $
->delete();
}
}

}
1 change: 0 additions & 1 deletion controllers/grid/queries/form/QueryForm.php
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,6 @@ public function fetch($request, $template = null, $display = false, $actionArgs
}
}


$templateMgr->assign('templates', $templateKeySubjectPairs);

// Get currently selected participants in the query
Expand Down
25 changes: 15 additions & 10 deletions controllers/grid/users/reviewer/form/AdvancedSearchReviewerForm.php
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,10 @@ public function initData()

$templates = Repo::emailTemplate()->getCollector($context->getId())
->filterByKeys([ReviewRequest::getEmailTemplateKey(), ReviewRequestSubsequent::getEmailTemplateKey()])
->getMany()
->getMany();

$templates = Repo::emailTemplate()
->filterTemplatesByUserAccess($templates, $request->getUser(), $context->getId())
->mapWithKeys(function (EmailTemplate $item, int $key) use ($mailable) {
return [$item->getData('key') => Mail::compileParams($item->getLocalizedData('body'), $mailable->viewData)];
});
Expand Down Expand Up @@ -258,22 +261,24 @@ public function fetch($request, $template = null, $display = false)

protected function getEmailTemplates(): array
{
$subsequentTemplate = Repo::emailTemplate()->getByKey(
Application::get()->getRequest()->getContext()->getId(),
ReviewRequestSubsequent::getEmailTemplateKey()
);
$contextId = Application::get()->getRequest()->getContext()->getId();
$subsequentTemplate = Repo::emailTemplate()->getByKey($contextId, ReviewRequestSubsequent::getEmailTemplateKey());

$alternateTemplates = Repo::emailTemplate()->getCollector(Application::get()->getRequest()->getContext()->getId())
->alternateTo([ReviewRequestSubsequent::getEmailTemplateKey()])
->getMany();

$templateKeys = array_merge(
parent::getEmailTemplates(),
[ReviewRequestSubsequent::getEmailTemplateKey() => $subsequentTemplate->getLocalizedData('name')]
);
$templateKeys = parent::getEmailTemplates();
$user = Application::get()->getRequest()->getUser();

if(Repo::emailTemplate()->isTemplateAccessibleToUser($user, $subsequentTemplate, $contextId)) {
$templateKeys[ReviewRequestSubsequent::getEmailTemplateKey()] = $subsequentTemplate->getLocalizedData('name');
}

foreach ($alternateTemplates as $alternateTemplate) {
$templateKeys[$alternateTemplate->getData('key')] = $alternateTemplate->getLocalizedData('name');
if (Repo::emailTemplate()->isTemplateAccessibleToUser($user, $subsequentTemplate, $contextId)) {
$templateKeys[$alternateTemplate->getData('key')] = $alternateTemplate->getLocalizedData('name');
}
}

return $templateKeys;
Expand Down

0 comments on commit e97aa39

Please sign in to comment.