mirror of
https://github.com/penpot/penpot.git
synced 2025-05-30 10:06:13 +02:00
🎉 New oops page with login and request access
This commit is contained in:
parent
d2311f066a
commit
6169f5c2e8
46 changed files with 4117 additions and 134 deletions
|
@ -17,6 +17,8 @@
|
|||
[app.db :as db]
|
||||
[app.db.sql :as sql]
|
||||
[app.email.invite-to-team :as-alias email.invite-to-team]
|
||||
[app.email.join-team :as-alias email.join-team]
|
||||
[app.email.request-team-access :as-alias email.request-team-access]
|
||||
[app.metrics :as mtx]
|
||||
[app.util.template :as tmpl]
|
||||
[app.worker :as wrk]
|
||||
|
@ -399,6 +401,79 @@
|
|||
"Teams member invitation email."
|
||||
(template-factory ::invite-to-team))
|
||||
|
||||
|
||||
(s/def ::email.join-team/invited-by ::us/string)
|
||||
(s/def ::email.join-team/team ::us/string)
|
||||
(s/def ::email.join-team/team-id ::us/uuid)
|
||||
|
||||
(s/def ::join-team
|
||||
(s/keys :req-un [::email.join-team/invited-by
|
||||
::email.join-team/team-id
|
||||
::email.join-team/team]))
|
||||
|
||||
(def join-team
|
||||
"Teams member joined after request email."
|
||||
(template-factory ::join-team))
|
||||
|
||||
(s/def ::email.request-team-access/requested-by ::us/string)
|
||||
(s/def ::email.request-team-access/requested-by-email ::us/string)
|
||||
(s/def ::email.request-team-access/team-name ::us/string)
|
||||
(s/def ::email.request-team-access/team-id ::us/uuid)
|
||||
(s/def ::email.request-team-access/file-name ::us/string)
|
||||
(s/def ::email.request-team-access/file-id ::us/uuid)
|
||||
(s/def ::email.request-team-access/page-id ::us/uuid)
|
||||
|
||||
(s/def ::request-file-access
|
||||
(s/keys :req-un [::email.request-team-access/requested-by
|
||||
::email.request-team-access/requested-by-email
|
||||
::email.request-team-access/team-name
|
||||
::email.request-team-access/team-id
|
||||
::email.request-team-access/file-name
|
||||
::email.request-team-access/file-id
|
||||
::email.request-team-access/page-id]))
|
||||
|
||||
(def request-file-access
|
||||
"File access request email."
|
||||
(template-factory ::request-file-access))
|
||||
|
||||
|
||||
(s/def ::request-file-access-yourpenpot
|
||||
(s/keys :req-un [::email.request-team-access/requested-by
|
||||
::email.request-team-access/requested-by-email
|
||||
::email.request-team-access/team-name
|
||||
::email.request-team-access/team-id
|
||||
::email.request-team-access/file-name
|
||||
::email.request-team-access/file-id
|
||||
::email.request-team-access/page-id]))
|
||||
|
||||
(def request-file-access-yourpenpot
|
||||
"File access on Your Penpot request email."
|
||||
(template-factory ::request-file-access-yourpenpot))
|
||||
|
||||
(s/def ::request-file-access-yourpenpot-view
|
||||
(s/keys :req-un [::email.request-team-access/requested-by
|
||||
::email.request-team-access/requested-by-email
|
||||
::email.request-team-access/team-name
|
||||
::email.request-team-access/team-id
|
||||
::email.request-team-access/file-name
|
||||
::email.request-team-access/file-id
|
||||
::email.request-team-access/page-id]))
|
||||
|
||||
(def request-file-access-yourpenpot-view
|
||||
"File access on Your Penpot view mode request email."
|
||||
(template-factory ::request-file-access-yourpenpot-view))
|
||||
|
||||
(s/def ::request-team-access
|
||||
(s/keys :req-un [::email.request-team-access/requested-by
|
||||
::email.request-team-access/requested-by-email
|
||||
::email.request-team-access/team-name
|
||||
::email.request-team-access/team-id]))
|
||||
|
||||
(def request-team-access
|
||||
"Team access request email."
|
||||
(template-factory ::request-team-access))
|
||||
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;; BOUNCE/COMPLAINS HELPERS
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
|
|
|
@ -397,7 +397,10 @@
|
|||
:fn (mg/resource "app/migrations/sql/0124-mod-profile-table.sql")}
|
||||
|
||||
{:name "0125-mod-file-table"
|
||||
:fn (mg/resource "app/migrations/sql/0125-mod-file-table.sql")}])
|
||||
:fn (mg/resource "app/migrations/sql/0125-mod-file-table.sql")}
|
||||
|
||||
{:name "0126-add-team-access-request-table"
|
||||
:fn (mg/resource "app/migrations/sql/0126-add-team-access-request-table.sql")}])
|
||||
|
||||
(defn apply-migrations!
|
||||
[pool name migrations]
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
CREATE TABLE team_access_request (
|
||||
id uuid PRIMARY KEY DEFAULT uuid_generate_v4(),
|
||||
team_id uuid NOT NULL REFERENCES team(id) ON DELETE CASCADE DEFERRABLE,
|
||||
requester_id uuid NULL REFERENCES profile(id) ON DELETE CASCADE DEFERRABLE,
|
||||
valid_until timestamptz NOT NULL,
|
||||
auto_join_until timestamptz NOT NULL,
|
||||
created_at timestamptz NOT NULL DEFAULT now(),
|
||||
updated_at timestamptz NOT NULL DEFAULT now(),
|
||||
UNIQUE (team_id, requester_id)
|
||||
);
|
|
@ -729,6 +729,23 @@
|
|||
[cfg {:keys [::rpc/profile-id] :as params}]
|
||||
(db/tx-run! cfg get-file-summary (assoc params :profile-id profile-id)))
|
||||
|
||||
|
||||
;; --- COMMAND QUERY: get-file-info
|
||||
|
||||
(defn- get-file-info
|
||||
[{:keys [::db/conn] :as cfg} {:keys [id] :as params}]
|
||||
(db/get* conn :file
|
||||
{:id id}
|
||||
{::sql/columns [:id]}))
|
||||
|
||||
(sv/defmethod ::get-file-info
|
||||
"Retrieve minimal file info by its ID."
|
||||
{::rpc/auth false
|
||||
::doc/added "2.2.0"
|
||||
::sm/params schema:get-file}
|
||||
[cfg params]
|
||||
(db/tx-run! cfg get-file-info params))
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
;; MUTATION COMMANDS
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
[app.common.uuid :as uuid]
|
||||
[app.config :as cf]
|
||||
[app.db :as db]
|
||||
[app.db.sql :as sql]
|
||||
[app.email :as eml]
|
||||
[app.loggers.audit :as audit]
|
||||
[app.main :as-alias main]
|
||||
|
@ -28,6 +29,7 @@
|
|||
[app.setup :as-alias setup]
|
||||
[app.storage :as sto]
|
||||
[app.tokens :as tokens]
|
||||
[app.util.blob :as blob]
|
||||
[app.util.services :as sv]
|
||||
[app.util.time :as dt]
|
||||
[app.worker :as wrk]
|
||||
|
@ -80,6 +82,37 @@
|
|||
(cond-> row
|
||||
(some? features) (assoc :features (db/decode-pgarray features #{}))))
|
||||
|
||||
|
||||
|
||||
(defn- check-valid-email-muted
|
||||
"Check if the member's email is part of the global bounce report."
|
||||
[conn member]
|
||||
(let [email (profile/clean-email (:email member))]
|
||||
(when (and member (not (eml/allow-send-emails? conn member)))
|
||||
(ex/raise :type :validation
|
||||
:code :member-is-muted
|
||||
:email email
|
||||
:hint "the profile has reported repeatedly as spam or has bounces"))))
|
||||
|
||||
(defn- check-valid-email-bounce
|
||||
"Check if the email is part of the global complain report"
|
||||
[conn email show?]
|
||||
(when (eml/has-bounce-reports? conn email)
|
||||
(ex/raise :type :restriction
|
||||
:code :email-has-permanent-bounces
|
||||
:email (if show? email "private")
|
||||
:hint "this email has been repeatedly reported as bounce")))
|
||||
|
||||
(defn- check-valid-email-spam
|
||||
"Check if the member email is part of the global complain report"
|
||||
[conn email show?]
|
||||
(when (eml/has-complaint-reports? conn email)
|
||||
(ex/raise :type :restriction
|
||||
:code :email-has-complaints
|
||||
:email (if show? email "private")
|
||||
:hint "this email has been repeatedly reported as spam")))
|
||||
|
||||
|
||||
;; --- Query: Teams
|
||||
|
||||
(declare get-teams)
|
||||
|
@ -333,6 +366,24 @@
|
|||
(check-read-permissions! conn profile-id team-id)
|
||||
(get-team-invitations conn team-id)))
|
||||
|
||||
|
||||
;; --- COMMAND QUERY: get-team-info
|
||||
|
||||
(defn- get-team-info
|
||||
[{:keys [::db/conn] :as cfg} {:keys [id] :as params}]
|
||||
(db/get* conn :team
|
||||
{:id id}
|
||||
{::sql/columns [:id :is-default]}))
|
||||
|
||||
(sv/defmethod ::get-team-info
|
||||
"Retrieve minimal team info by its ID."
|
||||
{::rpc/auth false
|
||||
::doc/added "2.2.0"
|
||||
::sm/params schema:get-team}
|
||||
[cfg params]
|
||||
(db/tx-run! cfg get-team-info params))
|
||||
|
||||
|
||||
;; --- Mutation: Create Team
|
||||
|
||||
(declare create-team)
|
||||
|
@ -727,25 +778,10 @@
|
|||
(let [email (profile/clean-email email)
|
||||
member (profile/get-profile-by-email conn email)]
|
||||
|
||||
(when (and member (not (eml/allow-send-emails? conn member)))
|
||||
(ex/raise :type :validation
|
||||
:code :member-is-muted
|
||||
:email email
|
||||
:hint "the profile has reported repeatedly as spam or has bounces"))
|
||||
(check-valid-email-muted conn member)
|
||||
(check-valid-email-bounce conn email true)
|
||||
(check-valid-email-spam conn email true)
|
||||
|
||||
;; Secondly check if the invited member email is part of the global bounce report.
|
||||
(when (eml/has-bounce-reports? conn email)
|
||||
(ex/raise :type :restriction
|
||||
:code :email-has-permanent-bounces
|
||||
:email email
|
||||
:hint "the email you invite has been repeatedly reported as bounce"))
|
||||
|
||||
;; Secondly check if the invited member email is part of the global complain report.
|
||||
(when (eml/has-complaint-reports? conn email)
|
||||
(ex/raise :type :restriction
|
||||
:code :email-has-complaints
|
||||
:email email
|
||||
:hint "the email you invite has been repeatedly reported as spam"))
|
||||
|
||||
;; When we have email verification disabled and invitation user is
|
||||
;; already present in the database, we proceed to add it to the
|
||||
|
@ -814,6 +850,58 @@
|
|||
|
||||
itoken))))
|
||||
|
||||
(defn- add-user-to-team
|
||||
[conn profile team email role]
|
||||
|
||||
(let [team-id (:id team)
|
||||
member (db/get* conn :profile
|
||||
{:email (str/lower email)}
|
||||
{::sql/columns [:id :email]})
|
||||
params (merge
|
||||
{:team-id team-id
|
||||
:profile-id (:id member)}
|
||||
(role->params role))]
|
||||
|
||||
;; Do not allow blocked users to join teams.
|
||||
(when (:is-blocked member)
|
||||
(ex/raise :type :restriction
|
||||
:code :profile-blocked))
|
||||
|
||||
(quotes/check-quote! conn
|
||||
{::quotes/id ::quotes/profiles-per-team
|
||||
::quotes/profile-id (:id member)
|
||||
::quotes/team-id team-id})
|
||||
|
||||
;; Insert the member to the team
|
||||
(db/insert! conn :team-profile-rel params {::db/on-conflict-do-nothing? true})
|
||||
|
||||
;; Delete any request
|
||||
(db/delete! conn :team-access-request
|
||||
{:team-id team-id :requester-id (:id member)})
|
||||
|
||||
;; Delete any invitation
|
||||
(db/delete! conn :team-invitation
|
||||
{:team-id team-id :email-to (:email member)})
|
||||
|
||||
(eml/send! {::eml/conn conn
|
||||
::eml/factory eml/join-team
|
||||
:public-uri (cf/get :public-uri)
|
||||
:to email
|
||||
:invited-by (:fullname profile)
|
||||
:team (:name team)
|
||||
:team-id (:id team)})))
|
||||
|
||||
(def sql:valid-requests-email
|
||||
"SELECT p.email
|
||||
FROM team_access_request AS tr
|
||||
JOIN profile AS p ON (tr.requester_id = p.id)
|
||||
WHERE tr.team_id = ?
|
||||
AND tr.auto_join_until > now()")
|
||||
|
||||
(defn- get-valid-requests-email
|
||||
[conn team-id]
|
||||
(db/exec! conn [sql:valid-requests-email team-id]))
|
||||
|
||||
(def ^:private schema:create-team-invitations
|
||||
[:map {:title "create-team-invitations"}
|
||||
[:team-id ::sm/uuid]
|
||||
|
@ -846,13 +934,14 @@
|
|||
(ex/raise :type :validation
|
||||
:code :insufficient-permissions))
|
||||
|
||||
;; First check if the current profile is allowed to send emails.
|
||||
(when-not (eml/allow-send-emails? conn profile)
|
||||
(ex/raise :type :validation
|
||||
:code :profile-is-muted
|
||||
:hint "looks like the profile has reported repeatedly as spam or has permanent bounces"))
|
||||
;; Check if the current profile is allowed to send emails.
|
||||
(check-valid-email-muted conn profile)
|
||||
|
||||
(let [cfg (assoc cfg ::db/conn conn)
|
||||
|
||||
(let [requested (into #{} (map :email) (get-valid-requests-email conn team-id))
|
||||
emails-to-add (filter #(contains? requested %) emails)
|
||||
emails (remove #(contains? requested %) emails)
|
||||
cfg (assoc cfg ::db/conn conn)
|
||||
members (->> (db/exec! conn [sql:team-members team-id])
|
||||
(into #{} (map :email)))
|
||||
|
||||
|
@ -868,6 +957,10 @@
|
|||
(assoc :role role))))
|
||||
(keep (partial create-invitation cfg)))
|
||||
emails)]
|
||||
;; For requested invitations, do not send invitation emails, add the user directly to the team
|
||||
(doseq [email emails-to-add]
|
||||
(add-user-to-team conn profile team email role))
|
||||
|
||||
(with-meta {:total (count invitations)
|
||||
:invitations invitations}
|
||||
{::audit/props {:invitations (count invitations)}})))))
|
||||
|
@ -1006,3 +1099,130 @@
|
|||
:email-to (profile/clean-email email)}
|
||||
{::db/return-keys true})]
|
||||
(rph/wrap nil {::audit/props {:invitation-id (:id invitation)}})))))
|
||||
|
||||
|
||||
|
||||
|
||||
;; --- Mutation: Request Team Invitation
|
||||
|
||||
(def sql:upsert-team-access-request
|
||||
"INSERT INTO team_access_request (id, team_id, requester_id, valid_until, auto_join_until)
|
||||
VALUES (?, ?, ?, ?, ?)
|
||||
ON conflict(id)
|
||||
DO UPDATE SET valid_until = ?, auto_join_until = ?, updated_at = now()
|
||||
RETURNING *")
|
||||
|
||||
|
||||
(def sql:team-access-request
|
||||
"SELECT id, (valid_until < now()) AS expired
|
||||
FROM team_access_request
|
||||
WHERE team_id = ?
|
||||
AND requester_id = ?")
|
||||
|
||||
(def sql:team-owner
|
||||
"SELECT profile_id
|
||||
FROM team_profile_rel
|
||||
WHERE team_id = ?
|
||||
AND is_owner = true")
|
||||
|
||||
|
||||
(defn- create-team-access-request
|
||||
[{:keys [::db/conn] :as cfg} {:keys [team requester team-owner file is-viewer] :as params}]
|
||||
(let [old-request (->> (db/exec-one! conn [sql:team-access-request (:id team) (:id requester)])
|
||||
(decode-row))]
|
||||
(when (false? (:expired old-request))
|
||||
(ex/raise :type :validation
|
||||
:code :request-already-sent
|
||||
:hint "you have already made a request to join this team less than 24 hours ago"))
|
||||
|
||||
(let [id (or (:id old-request) (uuid/next))
|
||||
valid_until (dt/in-future "24h")
|
||||
auto_join_until (dt/in-future "168h") ;; 7 days
|
||||
request (db/exec-one! conn [sql:upsert-team-access-request
|
||||
id (:id team) (:id requester) valid_until auto_join_until
|
||||
valid_until auto_join_until])
|
||||
factory (cond
|
||||
(and (some? file) (:is-default team) is-viewer)
|
||||
eml/request-file-access-yourpenpot-view
|
||||
(and (some? file) (:is-default team))
|
||||
eml/request-file-access-yourpenpot
|
||||
(some? file)
|
||||
eml/request-file-access
|
||||
:else
|
||||
eml/request-team-access)
|
||||
page-id (when (some? file)
|
||||
(-> file :data :pages first))]
|
||||
|
||||
;; TODO needs audit?
|
||||
|
||||
(eml/send! {::eml/conn conn
|
||||
::eml/factory factory
|
||||
:public-uri (cf/get :public-uri)
|
||||
:to (:email team-owner)
|
||||
:requested-by (:fullname requester)
|
||||
:requested-by-email (:email requester)
|
||||
:team-name (:name team)
|
||||
:team-id (:id team)
|
||||
:file-name (:name file)
|
||||
:file-id (:id file)
|
||||
:page-id page-id})
|
||||
|
||||
request)))
|
||||
|
||||
|
||||
(def ^:private schema:create-team-access-request
|
||||
[:and
|
||||
[:map {:title "create-team-access-request"}
|
||||
[:file-id {:optional true} ::sm/uuid]
|
||||
[:team-id {:optional true} ::sm/uuid]
|
||||
[:is-viewer {:optional true} :boolean]]
|
||||
|
||||
[:fn (fn [params]
|
||||
(or (contains? params :file-id)
|
||||
(contains? params :team-id)))]])
|
||||
|
||||
|
||||
(sv/defmethod ::create-team-access-request
|
||||
"A rpc call that allow to request for an invitations to join the team."
|
||||
{::doc/added "2.2.0"
|
||||
::sm/params schema:create-team-access-request}
|
||||
[cfg {:keys [::rpc/profile-id file-id team-id is-viewer] :as params}]
|
||||
|
||||
(db/tx-run! cfg
|
||||
(fn [{:keys [::db/conn] :as cfg}]
|
||||
|
||||
(let [requester (db/get-by-id conn :profile profile-id)
|
||||
team-id (if (some? team-id)
|
||||
team-id
|
||||
(:id (get-team-for-file conn file-id)))
|
||||
team (db/get-by-id conn :team team-id)
|
||||
owner-id (->> (db/exec! conn [sql:team-owner (:id team)])
|
||||
(map decode-row)
|
||||
(first)
|
||||
:profile-id)
|
||||
team-owner (db/get-by-id conn :profile owner-id)
|
||||
file (when (some? file-id)
|
||||
(db/get* conn :file
|
||||
{:id file-id}
|
||||
{::sql/columns [:id :name :data]}))
|
||||
file (when (some? file)
|
||||
(assoc file :data (blob/decode (:data file))))]
|
||||
|
||||
;;TODO needs quotes?
|
||||
|
||||
(when (or (nil? requester) (nil? team) (nil? team-owner) (and (some? file-id) (nil? file)))
|
||||
(ex/raise :type :validation
|
||||
:code :invalid-parameters))
|
||||
|
||||
;; Check that the requester is not muted
|
||||
(check-valid-email-muted conn requester)
|
||||
|
||||
;; Check that the owner is not marked as bounce nor spam
|
||||
(check-valid-email-bounce conn (:email team-owner) false)
|
||||
(check-valid-email-spam conn (:email team-owner) true)
|
||||
|
||||
(let [request (create-team-access-request
|
||||
cfg {:team team :requester requester :team-owner team-owner :file file :is-viewer is-viewer})]
|
||||
(when request
|
||||
(with-meta {:request request}
|
||||
{::audit/props {:request 1}})))))))
|
||||
|
|
|
@ -127,6 +127,10 @@
|
|||
(db/delete! conn :team-invitation
|
||||
{:team-id team-id :email-to member-email})
|
||||
|
||||
;; Delete any request
|
||||
(db/delete! conn :team-access-request
|
||||
{:team-id team-id :requester-id (:id member)})
|
||||
|
||||
(assoc member :is-active true)))
|
||||
|
||||
(def schema:team-invitation-claims
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue