Skip to content

Commit 5c613b9

Browse files
author
Timothy Dodd
committed
Enhance mail filtering and JSON serialization
- Added `IsAdmin` parameter and mail group access filtering in `GetMails` to enforce access control for non-admin users. - Updated SQL queries in `GetMails` to include `MailGroup` table for filtering and consistency. - Added `JsonStringEnumConverter` in `Program.cs` to serialize enums as strings for improved API usability. - Explicitly cast `role` to `Role` enum in `user-management.component.ts` to ensure type safety.
1 parent a7433c5 commit 5c613b9

3 files changed

Lines changed: 22 additions & 5 deletions

File tree

src/MailVoidApi/Controllers/MailController.cs

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -120,25 +120,37 @@ public async Task<PagedResults<MailWithReadStatus>> GetMails([FromBody(EmptyBody
120120
var whereClauses = new List<string>();
121121
var parameters = new DynamicParameters();
122122
parameters.Add("UserId", currentUserId);
123+
parameters.Add("IsAdmin", isAdmin);
123124

124125
if (!string.IsNullOrEmpty(options.To))
125126
{
126127
whereClauses.Add("m.`To` = @To");
127128
parameters.Add("To", options.To);
128129
}
129130

131+
// Filter by mail group access - user must have access to the mail group
132+
// Admins can see all, others can only see emails in groups they have access to
133+
if (!isAdmin)
134+
{
135+
whereClauses.Add(@"(
136+
mg.IsPublic = 1
137+
OR mg.OwnerUserId = @UserId
138+
OR EXISTS (SELECT 1 FROM MailGroupUser mgu WHERE mgu.MailGroupId = mg.Id AND mgu.UserId = @UserId)
139+
)");
140+
}
141+
130142
var whereClause = whereClauses.Count > 0 ? "WHERE " + string.Join(" AND ", whereClauses) : "";
131143

132144
if (options.PageSize == 1)
133145
{
134146
results.TotalCount = await db.ExecuteScalarAsync<int>(
135-
$"SELECT COUNT(*) FROM Mail m {whereClause}", parameters);
147+
$"SELECT COUNT(*) FROM Mail m LEFT JOIN MailGroup mg ON m.MailGroupPath = mg.Path {whereClause}", parameters);
136148
}
137149

138150
var offset = (options.Page - 1) * options.PageSize;
139151
var mails = await db.QueryAsync<Mail>(
140-
$"SELECT * FROM Mail m {whereClause} ORDER BY CreatedOn DESC LIMIT @Limit OFFSET @Offset",
141-
new { Limit = options.PageSize, Offset = offset, To = options.To, UserId = currentUserId });
152+
$"SELECT m.* FROM Mail m LEFT JOIN MailGroup mg ON m.MailGroupPath = mg.Path {whereClause} ORDER BY m.CreatedOn DESC LIMIT @Limit OFFSET @Offset",
153+
new { Limit = options.PageSize, Offset = offset, To = options.To, UserId = currentUserId, IsAdmin = isAdmin });
142154

143155
var mailList = mails.ToList();
144156
var mailIds = mailList.Select(m => m.Id).ToList();

src/MailVoidApi/Program.cs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
using System.IdentityModel.Tokens.Jwt;
22
using System.IO.Compression;
33
using System.Text;
4+
using System.Text.Json.Serialization;
45
using MailVoidApi.Authentication;
56
using MailVoidApi.Data;
67
using MailVoidApi.Hubs;
@@ -40,7 +41,11 @@ public static async Task Main(string[] args)
4041
builder.Services.AddHostedService<BackgroundWorkerService>();
4142
builder.Services.AddHostedService<MailCleanupService>();
4243
builder.Services.AddHostedService<WebhookCleanupService>();
43-
builder.Services.AddControllers();
44+
builder.Services.AddControllers()
45+
.AddJsonOptions(options =>
46+
{
47+
options.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter());
48+
});
4449
builder.Services.AddSignalR();
4550
builder.Services.AddMemoryCache();
4651
// Register HttpContextAccessor

src/MailVoidWeb/src/app/_components/user-management/user-management.component.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,7 @@ export class UserManagementComponent {
183183
const request: CreateUserRequest = {
184184
userName: formValue.username,
185185
password: formValue.password,
186-
role: formValue.role,
186+
role: Number(formValue.role) as Role,
187187
};
188188

189189
try {

0 commit comments

Comments
 (0)