- Fix merge conflicts.
- Simply logic in campaign preview handler.
- Remove redundant `GetCampaignForPreviewWithTemplate()` and switch to the old
query that optionally takes a template.
- Fix Vue linting issues.
- Disable visual templates from being made default.
- Refactor visual template selection flow in campaigns.
- Hide scroll if templates modal is active. This is to make sure it doesn't
flicker when adding blocks in visual-editor.
This permission was never checked for and had an unintended consequence of
allowing a non-superadmin user to execute arbitrary queries (expected), but
getting a superadmin session by joining the `sessions` table.
This patch:
- Introduces a table allowlist that uses the Postgres query plan (JSON)
and validate the referenced tables against the allowed ones on arbitrary
queries issued to the various `/subscribers` APIs.
- Explicitly adds the missing `subscribers:sql_query` permission check to all
handlers that accept `query`.
- Introduces a new `search` parameter on all handlers that accept `query`.
This parameter is an interface over the default name/email substring search
instead of relying on `query`.
- During install, listmonk now accepts the env `LISTMONK_ADMIN_API_USER`
and creates an API user (with username $LISTMONK_ADMIN_API_USER)
with full superadmin permissions. This requires LISTMONK_ADMIN_USER and
LISTMONK_ADMIN_API_PASSWORD to be set so that that there's always a superadmin
user to avoid bad states, mainly: bot superadmin exists, but no admin user
exists, leaving the installation perpetually open with the superadmin user
creation UI on the first login.
The API user's token is printed to stderr in the following format:
`export LISTMONK_ADMIN_API_TOKEN="7I81VSd90UWhKDj5Kq9c6YopToRduyDF"`
This can be redirected to a file with ./listmonk 2> /tmp/token or captured
directly and then source()'d.
- Add new function `core.GetRole(id)`.
- Fix `at least one super admin` query in user deletion.
This patch significantly cleans up clunky, repetitive, and pervasive
validation logic across HTTP handlers.
- Rather than dozens of handlers checking and using strconv to validate ID,
the handlers with `:id` are now wrapped in a `hasID()` middleware that does
the validation and sets an int `id` in the handler context that the wrapped
handlers can now access with `getID()`.
- Handlers that handled both single + multi resource requests
(eg: GET `/api/lists`) with single/multiple id checking conditions are all now
split into separate handlers, eg: `getList()`, `getLists()`.
- Attach all HTTP handlers to a new `Handlers{}` struct.
- Remove all `handle*` function prefixes.
- Remove awkward, repetitive `app = c.Get("app").(*App)` from all handlers
and instead, simply access it from `h.app` from `Handlers{}`
Originally proposed in #2292.
- Make the beginning of handlers consistent with uniform variable declaration
and grouping.
- Add missing comments.
- Fix staticcheck/vet warnings and idiom issues.
- Move user models from `/models` to `internal/auth`.
- Move and refactor various permission check functions into `User.()`
- Refactor awkward `get, manage bool` function args into `Get|Manage` bitflags.
This patch introduces new `campaigns:get_all` and `campaigns:manage_all`
permissions which alter the behaviour of the the old `campaigns:get` and
`campaigns:manage` permissions. This is a subtle breaking behavioural change.
Old:
- `campaigns:get` -> View all campaigns irrespective of a user's list
permissions.
- `campaigns:manage` -> Manage all campaigns irrespective of a user's list
permissions.
New:
- `campaigns:get_all` -> View all campaigns irrespective of a user's list
permissions.
- `campaigns:manage_all` -> Manage all campaigns irrespective of a user's list
permissions.
- `campaigns:get` -> View only the campaigns that have at least one list to
which which a user has get or manage access.
- `campaigns:manage` -> Manage only the campaigns that have at list one list
to which a user has get or manage access.
In addition, this patch refactors and cleans up certain permission related
logic and functions.
- Fix status/button state management issues when `Send at` was toggled
under various scenarios.
- Allow paused campaigns to be edited and turned into scheduled campaigns.
- Add Cypress UI tests for unscheduling.
This patch introduces a new `Domain allowlist` input in Settings -> Privacy UI
as a new tab alongside domain `Domain blocklist`. If any domains are entered
here, then only subscriptions/imports/additions of e-mails from those particular
domains are accepted. blocklist is mutually exclusive with allowlist when there
are values in the allowlist.
This patch removes the forced suffixing of all media upload filenames with
random strings. The upload handler now checks the `media` table to ensure that
the filename being uploaded doesn't exist before forcing a suffix.
Outright rejecting duplicate filenames cannot be done to maintain backwards
compatibility with the old behaviour.
Closes#2277.
