summaryrefslogtreecommitdiff
path: root/crates/jmap/src/api/management/queue.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/jmap/src/api/management/queue.rs')
-rw-r--r--crates/jmap/src/api/management/queue.rs24
1 files changed, 24 insertions, 0 deletions
diff --git a/crates/jmap/src/api/management/queue.rs b/crates/jmap/src/api/management/queue.rs
index 2723827e..46fa0616 100644
--- a/crates/jmap/src/api/management/queue.rs
+++ b/crates/jmap/src/api/management/queue.rs
@@ -5,6 +5,7 @@
*/
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
+use directory::Permission;
use hyper::Method;
use mail_auth::{
dmarc::URI,
@@ -23,6 +24,7 @@ use utils::url_params::UrlParams;
use crate::{
api::{http::ToHttpResponse, HttpRequest, HttpResponse, JsonResponse},
+ auth::AccessToken,
JMAP,
};
@@ -105,6 +107,7 @@ impl JMAP {
&self,
req: &HttpRequest,
path: Vec<&str>,
+ access_token: &AccessToken,
) -> trc::Result<HttpResponse> {
let params = UrlParams::new(req.uri().query());
@@ -114,6 +117,9 @@ impl JMAP {
req.method(),
) {
("messages", None, &Method::GET) => {
+ // Validate the access token
+ access_token.assert_has_permission(Permission::MessageQueueList)?;
+
let text = params.get("text");
let from = params.get("from");
let to = params.get("to");
@@ -217,6 +223,9 @@ impl JMAP {
.into_http_response())
}
("messages", Some(queue_id), &Method::GET) => {
+ // Validate the access token
+ access_token.assert_has_permission(Permission::MessageQueueGet)?;
+
if let Some(message) = self
.smtp
.read_message(queue_id.parse().unwrap_or_default())
@@ -231,6 +240,9 @@ impl JMAP {
}
}
("messages", Some(queue_id), &Method::PATCH) => {
+ // Validate the access token
+ access_token.assert_has_permission(Permission::MessageQueueUpdate)?;
+
let time = params
.parse::<FutureTimestamp>("at")
.map(|t| t.into_inner())
@@ -278,6 +290,9 @@ impl JMAP {
}
}
("messages", Some(queue_id), &Method::DELETE) => {
+ // Validate the access token
+ access_token.assert_has_permission(Permission::MessageQueueDelete)?;
+
if let Some(mut message) = self
.smtp
.read_message(queue_id.parse().unwrap_or_default())
@@ -358,6 +373,9 @@ impl JMAP {
}
}
("reports", None, &Method::GET) => {
+ // Validate the access token
+ access_token.assert_has_permission(Permission::OutgoingReportList)?;
+
let domain = params.get("domain").map(|d| d.to_lowercase());
let type_ = params.get("type").and_then(|t| match t {
"dmarc" => 0u8.into(),
@@ -436,6 +454,9 @@ impl JMAP {
.into_http_response())
}
("reports", Some(report_id), &Method::GET) => {
+ // Validate the access token
+ access_token.assert_has_permission(Permission::OutgoingReportGet)?;
+
let mut result = None;
if let Some(report_id) = parse_queued_report_id(report_id.as_ref()) {
match report_id {
@@ -473,6 +494,9 @@ impl JMAP {
}
}
("reports", Some(report_id), &Method::DELETE) => {
+ // Validate the access token
+ access_token.assert_has_permission(Permission::OutgoingReportDelete)?;
+
if let Some(report_id) = parse_queued_report_id(report_id.as_ref()) {
match report_id {
QueueClass::DmarcReportHeader(event) => {
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-10-23 04:26:13 +0000