pkp/pkp-lib#10571 limit email template access by user groups

api/v1/emailTemplates/PKPEmailTemplateController.php

@@ -153,7 +153,7 @@ public function getMany(Request $illuminateRequest): JsonResponse
 
         Hook::call('API::emailTemplates::params', [$collector, $illuminateRequest]);
 
-        $emailTemplates = $collector->getMany();
+        $emailTemplates = collect(Repo::emailTemplate()->filterTemplatesByUserAccess($collector->getMany(), $request->getUser(), $request->getContext()->getId()));
 
         return response()->json([
             'itemsMax' => $collector->getCount(),
@@ -176,6 +176,12 @@ public function get(Request $illuminateRequest): JsonResponse
             ], Response::HTTP_NOT_FOUND);
         }
 
+        if (!Repo::emailTemplate()->isTemplateAccessibleToUser($request->getUser(), $emailTemplate, $request->getContext()->getId())) {
+            return response()->json([
+                'error' => __('api.emailTemplates.404.templateNotFound')
+            ], Response::HTTP_NOT_FOUND);
+        }
+
         return response()->json(Repo::emailTemplate()->getSchemaMap()->map($emailTemplate), Response::HTTP_OK);
     }
 
@@ -198,6 +204,9 @@ public function add(Request $illuminateRequest): JsonResponse
 
         $emailTemplate = Repo::emailTemplate()->newDataObject($params);
         Repo::emailTemplate()->add($emailTemplate);
+
+        Repo::emailTemplate()->setEmailTemplateAccess($emailTemplate, $requestContext->getId(), $params['assignedUserGroupIds'], $params['isUnrestricted']);
+
         $emailTemplate = Repo::emailTemplate()->getByKey($emailTemplate->getData('contextId'), $emailTemplate->getData('key'));
 
         return response()->json(Repo::emailTemplate()->getSchemaMap()->map($emailTemplate), Response::HTTP_OK);
@@ -235,6 +244,11 @@ public function edit(Request $illuminateRequest): JsonResponse
             $params['contextId'] = $requestContext->getId();
         }
 
+
+        // If the user submitted an empty list (meaning all user groups were unchecked), the empty array is converted to null in the request's data.
+        // Convert back to an empty array.
+        $params['assignedUserGroupIds'] = $params['assignedUserGroupIds'] ?: [];
+
         $errors = Repo::emailTemplate()->validate(
             $emailTemplate,
             $params,
@@ -246,6 +260,7 @@ public function edit(Request $illuminateRequest): JsonResponse
         }
 
         Repo::emailTemplate()->edit($emailTemplate, $params);
+        Repo::emailTemplate()->setEmailTemplateAccess($emailTemplate, $requestContext->getId(), $params['assignedUserGroupIds'], $params['isUnrestricted']);
 
         $emailTemplate = Repo::emailTemplate()->getByKey(
             // context ID is null if edited for the first time
@@ -276,6 +291,13 @@ public function delete(Request $illuminateRequest): JsonResponse
         $props = Repo::emailTemplate()->getSchemaMap()->map($emailTemplate);
         Repo::emailTemplate()->delete($emailTemplate);
 
+        // Default templates are not deleted - instead, their body and subject fields are reset.
+        // Only delete access group data for custom templates.
+        // Custom templates will have an alternateTo (which is the default)
+        if($emailTemplate->getData('alternateTo')) {
+            Repo::emailTemplate()->deleteTemplateGroupAccess($requestContext->getId(), [$illuminateRequest->route('key')]);
+        }
+
         return response()->json($props, Response::HTTP_OK);
     }
 

classes/components/forms/emailTemplate/EmailTemplateForm.php

@@ -15,9 +15,13 @@
 
 namespace PKP\components\forms\emailTemplate;
 
+use APP\core\Application;
+use APP\facades\Repo;
+use PKP\components\forms\FieldOptions;
 use PKP\components\forms\FieldPreparedContent;
 use PKP\components\forms\FieldText;
 use PKP\components\forms\FormComponent;
+use PKP\userGroup\UserGroup;
 
 class EmailTemplateForm extends FormComponent
 {
@@ -30,6 +34,14 @@ public function __construct(string $action, array $locales)
         $this->method = 'POST';
         $this->locales = $locales;
 
+        $userGroups = collect();
+        Repo::userGroup()->getCollector()
+            ->filterByContextIds([Application::get()->getRequest()->getContext()->getId()])
+            ->getMany()->each(fn (UserGroup $group) => $userGroups->add([
+                'value' => $group->getId(),
+                'label' => $group->getLocalizedName()
+            ]));
+
         $this->addField(new FieldText('name', [
             'label' => __('common.name'),
             'description' => __('manager.emailTemplate.name.description'),
@@ -46,6 +58,22 @@ public function __construct(string $action, array $locales)
                 'isMultilingual' => true,
                 'toolbar' => 'bold italic superscript subscript | link | blockquote bullist numlist',
                 'plugins' => 'paste,link,lists',
+            ]))
+            ->addField(new FieldOptions('isUnrestricted', [
+                'label' => __('admin.workflow.email.userGroup.assign.unrestricted'),
+                'groupId' => 'isUnrestricted',
+                'description' => __('admin.workflow.email.userGroup.unrestricted.template.note'),
+                'type' => 'checkbox',
+                'options' => [
+                    ['value' => true, 'label' => __('admin.workflow.email.userGroup.assign.unrestricted')],
+                ],
+                'value' => true
+            ]))
+            ->addField(new FieldOptions('assignedUserGroupIds', [
+                'label' => __('admin.workflow.email.userGroup.allowed'),
+                'type' => 'checkbox',
+                'value' => [],
+                'options' => $userGroups
             ]));
     }
 }

classes/controllers/grid/users/reviewer/PKPReviewerGridHandler.php

@@ -1048,7 +1048,7 @@ public function fetchTemplateBody(array $args, PKPRequest $request): ?JSONMessag
         };
         $template = Repo::emailTemplate()->getByKey($context->getId(), $request->getUserVar('template'));
 
-        if (!$template) {
+        if (!$template || ! Repo::emailTemplate()->isTemplateAccessibleToUser($request->getUser(), $template, $context->getId())) {
             return null;
         }
 

classes/decision/steps/Email.php

@@ -128,14 +128,18 @@ protected function getEmailTemplates(): array
         $emailTemplates = collect();
         if ($this->mailable::getEmailTemplateKey()) {
             $emailTemplate = Repo::emailTemplate()->getByKey($context->getId(), $this->mailable::getEmailTemplateKey());
-            if ($emailTemplate) {
+            if ($emailTemplate && Repo::emailTemplate()->isTemplateAccessibleToUser($request->getUser(), $emailTemplate, $context->getId())) {
                 $emailTemplates->add($emailTemplate);
             }
             Repo::emailTemplate()
                 ->getCollector($context->getId())
                 ->alternateTo([$this->mailable::getEmailTemplateKey()])
                 ->getMany()
-                ->each(fn (EmailTemplate $e) => $emailTemplates->add($e));
+                ->each(function (EmailTemplate $template) use ($context, $request, $emailTemplates) {
+                    if (Repo::emailTemplate()->isTemplateAccessibleToUser($request->getUser(), $template, $context->getId())) {
+                        $emailTemplates->add($template);
+                    }
+                });
         }
 
         return Repo::emailTemplate()->getSchemaMap()->mapMany($emailTemplates)->toArray();

classes/emailTemplate/DAO.php

@@ -235,13 +235,17 @@ public function getMainEmailTemplatesFilename()
      * skipping others
      * @param bool $skipExisting If true, do not install email templates
      * that already exist in the database
+     * @param bool $recordTemplateGroupAccess - If true, records the templates as unrestricted. For versions 3.6 or higher, this value should be set to true when calling `installEmailTemplates`.
+     * By default, it is set to false to ensure compatibility with older processes (e.g., migrations)
+     * where the `email_template_user_group_access` table may not exist at the time of execution.
      *
      */
     public function installEmailTemplates(
         string $templatesFile,
         array $locales = [],
         ?string $emailKey = null,
-        bool $skipExisting = false
+        bool $skipExisting = false,
+        $recordTemplateGroupAccess = false
     ): bool {
         $xmlDao = new XMLDAO();
         $data = $xmlDao->parseStruct($templatesFile, ['email']);
@@ -281,6 +285,20 @@ public function installEmailTemplates(
                     $this->installAlternateEmailTemplates($contextId, $attrs['key']);
                 }
             }
+
+            if ($recordTemplateGroupAccess) {
+                // Default to true if `isUnrestricted` is not set.
+                $isUnrestricted = $attrs['isUnrestricted'] ?? '1';
+
+                if ($isUnrestricted !== '1' && $isUnrestricted !== '0') {
+                    throw new Exception('Invalid value given for the `isUnrestricted` attribute on the ' . $attrs['key'] . ' template.');
+                }
+
+                $contextIds = app()->get('context')->getIds();
+                foreach ($contextIds as $contextId) {
+                    Repo::emailTemplate()->markTemplateAsUnrestricted($attrs['key'], (bool)$isUnrestricted, $contextId);
+                }
+            }
         }
         return true;
     }
@@ -381,7 +399,7 @@ public function installAlternateEmailTemplates(int $contextId, ?string $emailKey
                     'Tried to install email template as an alternate to `' . $alternateTo . '`, but no default template exists with this key. Installing ' . $alternateTo . ' email template first',
                     E_USER_WARNING
                 );
-                $this->installEmailTemplates(Repo::emailTemplate()->dao->getMainEmailTemplatesFilename(), [], $alternateTo);
+                $this->installEmailTemplates(Repo::emailTemplate()->dao->getMainEmailTemplatesFilename(), [], $alternateTo, false, true);
             }
 
             DB::table($this->table)->insert([
@@ -448,4 +466,37 @@ protected function getUniqueKey(EmailTemplate $emailTemplate): string
 
         return $key;
     }
+
+
+    /**
+     * Sets email template's unrestricted status to their defaults
+     */
+    public function setTemplateDefaultUnrestirctedSetting(int $contextId, ?array $emailKeys = null)
+    {
+        $xmlDao = new XMLDAO();
+        $data = $xmlDao->parseStruct($this->getMainEmailTemplatesFilename(), ['email']);
+
+        if (!isset($data['email'])) {
+            return false;
+        }
+
+        foreach ($data['email'] as $entry) {
+            $attrs = $entry['attributes'];
+
+            if ($emailKeys !== null && !in_array($attrs['key'], $emailKeys)) {
+                continue;
+            }
+
+            // Default to true if `isUnrestricted` is not set.
+            $isUnrestricted = $attrs['isUnrestricted'] ?? '1';
+
+            if ($isUnrestricted !== '1' && $isUnrestricted !== '0') {
+                throw new Exception('Invalid value given for the `isUnrestricted` attribute on the ' . $attrs['key'] . ' template.');
+            }
+
+            Repo::emailTemplate()->markTemplateAsUnrestricted($attrs['key'], (bool)$isUnrestricted, $contextId);
+        }
+
+        return true;
+    }
 }

classes/emailTemplate/EmailTemplateAccessGroup.php

@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * @file classes/emailTemplate/EmailTemplateAccessGroup.php
+ *
+ * Copyright (c) 2014-2024 Simon Fraser University
+ * Copyright (c) 2000-2024 John Willinsky
+ * Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
+ *
+ * @class EmailTemplateAccessGroup
+ *
+ * @ingroup emailTemplate
+ *
+ * @brief Eloquent model for email template user group access
+ */
+
+namespace PKP\emailTemplate;
+
+use Eloquence\Behaviours\HasCamelCasing;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Model;
+
+class EmailTemplateAccessGroup extends Model
+{
+    use HasCamelCasing;
+
+    public $timestamps = false;
+    protected $primaryKey = 'email_template_user_group_access_id';
+    protected $table = 'email_template_user_group_access';
+    protected $fillable = ['userGroupId', 'contextId', 'emailKey'];
+
+
+    /**
+     * Scope a query to only include email template access records for email templates with specific keys.
+     */
+    public function scopeWithEmailKey(Builder $query, ?array $keys): Builder
+    {
+        return $query->when(!empty($keys), function ($query) use ($keys) {
+            return $query->whereIn('email_key', $keys);
+        });
+    }
+
+    /**
+     * Scope a query to only include email template access records that are related to a specific context ID.
+     */
+    public function scopeWithContextId(Builder $query, int $contextId): Builder
+    {
+        return $query->where('context_id', $contextId);
+    }
+
+    /**
+     * Scope a query to only include email template access records for specific user group IDs.
+     */
+    public function scopeWithGroupIds(Builder $query, array $ids): Builder
+    {
+        return $query->whereIn('user_group_id', $ids);
+    }
+}