v0 of the email-sending feature does not include any auth. This adds it.
This feature will require the group-mailer to start tracking admin created/updated/deleted events, so that it knows who the organisation's super admins are. It can then authenticate the attempted email by checking if the original email was sent from a super admin's registered email address.
GIVEN I am a super admin,
AND I am registered in RR with my email address of me@example.com,
WHEN I email a group from me@example.com,
THEN the email should be sent.
WHEN someone else tries to email a group from a different email address,
THEN the email should not be sent.
camjackson
commented
7 years ago
v0 of the email-sending feature does not include any auth. This adds it.
This feature will require the group-mailer to start tracking admin created/updated/deleted events, so that it knows who the organisation's super admins are. It can then authenticate the attempted email by checking if the original email was sent from a super admin's registered email address.
GIVEN I am a super admin, AND I am registered in RR with my email address of me@example.com,
WHEN I email a group from me@example.com, THEN the email should be sent.
WHEN someone else tries to email a group from a different email address, THEN the email should not be sent.