diff --git a/src/app/email/controllers/EmailController.php b/src/app/email/controllers/EmailController.php
index b94571805d69c45ddf4b1be3dfd52dcfb1fdd968..5ead851acb1f370e171f811d7e0483471f68c6ec 100644
--- a/src/app/email/controllers/EmailController.php
+++ b/src/app/email/controllers/EmailController.php
@@ -336,67 +336,13 @@ class EmailController
return $response->withJson(['emails' => $emails]);
}
- public static function getAvailableEmails(Request $request, Response $response)
+ public function getAvailableEmails(Request $request, Response $response)
{
- $emails = [];
+ $availableEmails = EmailController::getAvailableEmailsByUserId(['userId' => $GLOBALS['id']]);
- $currentUser = UserModel::getById(['select' => ['firstname', 'lastname', 'mail'], 'id' => $GLOBALS['id']]);
-
- $emails[] = [
- 'entityId' => null,
- 'label' => $currentUser['firstname'] . ' ' . $currentUser['lastname'],
- 'email' => $currentUser['mail']
- ];
-
- if (PrivilegeController::hasPrivilege(['privilegeId' => 'use_mail_services', 'userId' => $GLOBALS['id']])) {
- $entities = EntityModel::getWithUserEntities([
- 'select' => ['entities.entity_label', 'entities.email', 'entities.entity_id', 'entities.id'],
- 'where' => ['users_entities.user_id = ?'],
- 'data' => [$GLOBALS['userId']]
- ]);
-
- foreach ($entities as $entity) {
- if (!empty($entity['email'])) {
- $emails[] = [
- 'entityId' => $entity['id'],
- 'label' => $entity['entity_label'],
- 'email' => $entity['email']
- ];
- }
- }
-
- $emailsEntities = CoreConfigModel::getXmlLoaded(['path' => 'modules/sendmail/xml/externalMailsEntities.xml']);
- if (!empty($emailsEntities)) {
- $userEntities = array_column($entities, 'entity_id');
- foreach ($emailsEntities->externalEntityMail as $entityMail) {
- $entityId = (string)$entityMail->targetEntityId;
-
- if (empty($entityId)) {
- $emails[] = [
- 'entityId' => null,
- 'label' => (string)$entityMail->defaultName,
- 'email' => (string)$entityMail->EntityMail
- ];
- } elseif (in_array($entityId, $userEntities)) {
- $entity = EntityModel::getByEntityId([
- 'select' => ['entity_label', 'id'],
- 'entityId' => $entityId
- ]);
-
- if (!empty($entity)) {
- $emails[] = [
- 'entityId' => $entity['id'],
- 'label' => $entity['entity_label'],
- 'email' => (string)$entityMail->EntityMail
- ];
- }
- }
- }
- }
- }
-
- return $response->withJson(['emails' => $emails]);
+ return $response->withJson(['emails' => $availableEmails]);
}
+
public static function getInitializationByResId(Request $request, Response $response, array $args)
{
if (!Validator::intVal()->validate($args['resId']) || !ResController::hasRightByResId(['resId' => [$args['resId']], 'userId' => $GLOBALS['id']])) {
@@ -716,6 +662,68 @@ class EmailController
return ['success' => 'success'];
}
+ private static function getAvailableEmailsByUserId(array $args)
+ {
+ $currentUser = UserModel::getById(['select' => ['firstname', 'lastname', 'mail', 'user_id'], 'id' => $args['userId']]);
+
+ $availableEmails = [
+ [
+ 'entityId' => null,
+ 'label' => $currentUser['firstname'] . ' ' . $currentUser['lastname'],
+ 'email' => $currentUser['mail']
+ ]
+ ];
+
+ if (PrivilegeController::hasPrivilege(['privilegeId' => 'use_mail_services', 'userId' => $args['userId']])) {
+ $entities = EntityModel::getWithUserEntities([
+ 'select' => ['entities.entity_label', 'entities.email', 'entities.entity_id', 'entities.id'],
+ 'where' => ['users_entities.user_id = ?'],
+ 'data' => [$currentUser['user_id']]
+ ]);
+
+ foreach ($entities as $entity) {
+ if (!empty($entity['email'])) {
+ $availableEmails[] = [
+ 'entityId' => $entity['id'],
+ 'label' => $entity['entity_label'],
+ 'email' => $entity['email']
+ ];
+ }
+ }
+
+ $emailsEntities = CoreConfigModel::getXmlLoaded(['path' => 'modules/sendmail/xml/externalMailsEntities.xml']);
+ if (!empty($emailsEntities)) {
+ $userEntities = array_column($entities, 'entity_id');
+ foreach ($emailsEntities->externalEntityMail as $entityMail) {
+ $entityId = (string)$entityMail->targetEntityId;
+
+ if (empty($entityId)) {
+ $availableEmails[] = [
+ 'entityId' => null,
+ 'label' => (string)$entityMail->defaultName,
+ 'email' => trim((string)$entityMail->EntityMail)
+ ];
+ } elseif (in_array($entityId, $userEntities)) {
+ $entity = EntityModel::getByEntityId([
+ 'select' => ['entity_label', 'id'],
+ 'entityId' => $entityId
+ ]);
+
+ if (!empty($entity)) {
+ $availableEmails[] = [
+ 'entityId' => $entity['id'],
+ 'label' => $entity['entity_label'],
+ 'email' => trim((string)$entityMail->EntityMail)
+ ];
+ }
+ }
+ }
+ }
+ }
+
+ return $availableEmails;
+ }
+
private static function controlCreateEmail(array $args)
{
ValidatorModel::notEmpty($args, ['userId']);
@@ -732,6 +740,21 @@ class EmailController
return ['errors' => 'Data isHtml is not a boolean or empty', 'code' => 400];
}
+ if (!empty($args['data']['sender']['email'])) {
+ $availableEmails = EmailController::getAvailableEmailsByUserId(['userId' => $args['userId']]);
+
+ $emails = array_column($availableEmails, 'email');
+ if (!in_array($args['data']['sender']['email'], $emails)) {
+ return ['errors' => 'Data sender email is not allowed', 'code' => 400];
+ }
+ if (!empty($args['data']['sender']['entityId'])) {
+ $entities = array_column($availableEmails, 'entityId');
+ if (!in_array($args['data']['sender']['entityId'], $entities)) {
+ return ['errors' => 'Data sender entityId is not allowed', 'code' => 400];
+ }
+ }
+ }
+
$user = UserModel::getById(['id' => $args['userId'], 'select' => ['user_id']]);
if (!empty($args['data']['document'] && !empty($args['data']['document']['id']))) {