rabblerouser / core

Pluggable, extensible membership database for community organising
GNU Affero General Public License v3.0
17 stars 10 forks source link

The Group Mailer service checks that the email intended to be sent to a group is being sent by a super admin #150

Closed akjones closed 7 years ago

akjones commented 7 years ago

v0 of the email-sending feature does not include any auth. This adds it.

This feature will require the group-mailer to start tracking admin created/updated/deleted events, so that it knows who the organisation's super admins are. It can then authenticate the attempted email by checking if the original email was sent from a super admin's registered email address.

GIVEN I am a super admin, AND I am registered in RR with my email address of me@example.com,

WHEN I email a group from me@example.com, THEN the email should be sent.

WHEN someone else tries to email a group from a different email address, THEN the email should not be sent.

camjackson commented 7 years ago

Already done as part of v0.