You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by hu...@apache.org on 2021/03/29 13:10:51 UTC
[incubator-ponymail-foal] 14/19: Start working on mgmt portal
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git
commit 7b14a53925f2a6b7a3e58b163a13e54d6c3da9d9
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Mon Mar 29 11:48:33 2021 +0200
Start working on mgmt portal
This will cover simple operations like removing/renaming emails and
such.
---
INSTALL.md | 14 ++++++++++
server/endpoints/mgmt.py | 70 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 84 insertions(+)
diff --git a/INSTALL.md b/INSTALL.md
index 52653b7..0f87b76 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -102,6 +102,20 @@ oauth:
- myoauthprovider.tld
~~~
+For administrative access to certain features, such as deleting/moving email via the UI,
+you can set a list of people who, via an authoritative oauth provider, will have access to
+this, as such:
+
+~~~yaml
+oauth:
+ authoritative_domains:
+ - googleapis.com
+ admins:
+ - humbedooh@gmail.com
+ - example@gmail.com
+~~~
+
+
Currently, you will also need to enable or tweak your `webui/js/config.js` file to match your
choice of OAuth providers, though that is subject to change.
diff --git a/server/endpoints/mgmt.py b/server/endpoints/mgmt.py
new file mode 100644
index 0000000..0ae4adf
--- /dev/null
+++ b/server/endpoints/mgmt.py
@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Management endpoint for GDPR operations"""
+
+import plugins.server
+import plugins.session
+import plugins.mbox
+import plugins.defuzzer
+import typing
+import aiohttp.web
+import time
+
+async def process(
+ server: plugins.server.BaseServer,
+ session: plugins.session.SessionObject,
+ indata: dict,
+) -> typing.Optional[dict]:
+ action = indata.get('action')
+ docs = indata.get('documents', [])
+ doc = indata.get('document')
+ if not docs and doc:
+ docs = [doc]
+ if not session.credentials.admin or not server.config.ui.mgmt_enabled:
+ return aiohttp.web.Response(headers={}, status=403, text="You need administrative access to use this feature.")
+
+ # Deleting/hiding a document?
+ if action == 'delete':
+ delcount = 0
+ for doc in docs:
+ email = await plugins.mbox.get_email(session, permalink=doc)
+ if email and isinstance(email, dict) and plugins.aaa.can_access_email(session, email):
+ email['deleted'] = True
+ await session.database.index(
+ index=session.database.dbs.mbox,
+ body=email,
+ id=email['id'],
+ )
+ lid = email.get("list_raw")
+ await session.database.index(
+ index=session.database.dbs.auditlog,
+ body={
+ "date": time.strftime("%Y/%m/%d %H:%M:%S", time.gmtime(time.time())),
+ "action": "delete",
+ "remote": session.remote,
+ "author": f"{session.credentials.uid}@{session.credentials.oauth_provider}",
+ "target": doc,
+ "lid": lid,
+ "log": f"Removed email {doc} from {lid} archives",
+ }
+ )
+ delcount += 1
+ return aiohttp.web.Response(headers={}, status=200, text=f"Removed {delcount} emails from archives.")
+
+def register(server: plugins.server.BaseServer):
+ return plugins.server.Endpoint(process)