Skip to content

Instantly share code, notes, and snippets.

@jcro21

jcro21/michaelp_clarifications.md

Last active May 17, 2021 01:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jcro21/5192c63d777053a218e334b76e4691b1 to your computer and use it in GitHub Desktop.
Save jcro21/5192c63d777053a218e334b76e4691b1 to your computer and use it in GitHub Desktop.
Download ZIP
email module
Raw
michaelp_clarifications.md

Search/filter - Frontend or backend?

Are these API endpoints just for the UI, or do you need them for non-UI things? If UI only I'm tempted to include them in the UI component.

...and...

  • Searchable/filterable on some common fields ie recipient, sender, date, subject via api endpoint

It'll have to be via API since there is no way the frontend could handle that much data, and we wouldn't want to load that much every time anyway, so we have to paginate every return from the API

Here is an example of an API endpoint that handles search and pagination: https://github.com/fagersta/portal/blob/master/route_api_workorders.go#L682

You'll note here where it gets the total number of matching rows/results: https://github.com/fagersta/portal/blob/master/route_api_workorders.go#L959

We might want to omit that since some filter criteria may be so loose as to return so many results that it'd be very slow (and abusive to the db engine) to even count them. So maybe we go for a "Page 1 of many" style of user feedback if there are more than 1000 results or whatever. That's probably a small detail I can bother with later though.

Single mail via api endpoint

  • Retrieve a single mail via api endpoint (like /api/v1/emails/) on some common fields ie recipient, sender, date, subject via api endpoint

This is simply retrieving a single email via UID e.g.

SELECT * FROM tblEmails WHERE [Id] = @p1

where * is whatever fields we want (probably all of em anyway).

Whitelist / Managed List

  • A whitelist of email addresses should be excluded from monitoring, e.g. recruiting & system mailboxes (whitelist is provided and managed by an existing 'Managed List' object)

    Is this the managed list that you've already set up?

Yeah, we've gone for the opt-in strategy (monitor users in the list) rather than the opt-out (monitor all users unless they're in the list), so we should only monitor the addresses/users present in the managed list already set up.

Permissions

I don't know enough about how permissions works in Fagersta to estimate this.

List of existing permission definitions are kept in tblFunctions

+---------------------+---------------+-------+
|    TBLFUNCTIONS     |     TYPE      | NULL  |
+---------------------+---------------+-------+
| FunctionName        | nvarchar(32)  | false |
| FunctionDescription | nvarchar(255) | true  |
+---------------------+---------------+-------+

A few rows for example:

select top 3 * from tblFunctions where functiondescription like 'sale%'
           FUNCTIONNAME           |             FUNCTIONDESCRIPTION               
----------------------------------+-----------------------------------------------
  ApproveSaleContract             | Sale: Approve sales contract                  
  ChangeReqdDate                  | Sale: Change the Date Required                
  ChangeSaleInvoicingBlockedUntil | Sale: Modify the invoicing block expiry date  
----------------------------------+-----------------------------------------------

The assignment of permissions to users is kept in tblPermissions

+----------------+---------------+-------+
| TBLPERMISSIONS |     TYPE      | NULL  |
+----------------+---------------+-------+
| User           | nvarchar(255) | false |
| FunctionName   | nvarchar(255) | false |
+----------------+---------------+-------+

A few rows for example:

select top 3 * from tblPermissions where [user]='MichaelP'
    USER   |   FUNCTIONNAME    
-----------+-------------------
  MichaelP | AllocateSalesman  
  MichaelP | AltoSunsetReport  
  MichaelP | ApprovePO         
-----------+-------------------

Using permissions

Using permissions is super easy, only 2 functions you need.

fetchUsersWithPermission - returns string array of usernames

Get all users that have the "WorkOrderBookinApprovalNotify" permission: https://github.com/fagersta/portal/blob/master/route_api_permissions.go#L98 Existing use for example: https://github.com/fagersta/portal/blob/master/route_api_workorders.go#L1523

bookinApprovalUserNames, err := fetchUsersWithPermission(ctx, tx, "WorkOrderBookinApprovalNotify")
if err != nil {
    return nil, errors.Wrap(err, "saveWorkOrder: couldn't get list of users with the 'WorkOrderBookinApprovalNotify' permission")
}

fetchPermissionsForUser - returns map[string]bool

Get list of all possessed permissions for a single user: https://github.com/fagersta/portal/blob/master/route_api_permissions.go#L57 Existing use for example: https://github.com/fagersta/portal/blob/master/route_api_request_pricing.go#L90

permissions, err := fetchPermissionsForUser(r.Context(), a.db, userID)
if err != nil {
    panic(errors.Errorf("handleAPIRequestPricingsList: couldn't get user permissions"))
}

User <-> email-address link

There's also the challenge that there isn't a good way to associate the user who sent/received the email with the current user, as there isn't a direct link between tblLogons & the email address used in the email

Right now there is an unbroken link between username and email address in the form of []mail.Address{{Address: some_stockman_username + brand.EmailDomain}} (or to put it another way ${some_stockman_username}@fagersta.com.au).

To make it more robust for future though I'll add an emailAddress column to tblLogon for the users email address. I'll take care of this today and notify you once I have.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment