Add more fine-grained permissions to rules

2023-02-02 19:08:10 +00:00
parent 0cbd2d8a6f
commit 97e932cbae
3 changed files with 34 additions and 0 deletions
--- a/core/lib/rules.py
+++ b/core/lib/rules.py
@@ -23,6 +23,7 @@ SECONDS_PER_UNIT = {"s": 1, "m": 60, "h": 3600, "d": 86400, "w": 604800}
 MAX_WINDOW = 2592000
 MAX_AMOUNT_NTFY = 10
 MAX_AMOUNT_WEBHOOK = 1000
+HIGH_FREQUENCY_MIN_SEC = 60


 class RuleParseError(Exception):
@@ -454,6 +455,20 @@ class NotificationRuleData(object):
        service = self.cleaned_data.get("service")

        on_demand = interval == 0
+
+        # Not on demand and interval is too low
+        if not on_demand and interval <= HIGH_FREQUENCY_MIN_SEC:
+            if not self.user.has_perm("core.rules_high_frequency"):
+                raise RuleParseError(
+                    "User does not have permission to use high frequency rules", "data"
+                )
+
+        if not on_demand:
+            if not self.user.has_perm("core.rules_scheduled"):
+                raise RuleParseError(
+                    "User does not have permission to use scheduled rules", "data"
+                )
+
        if on_demand and window is not None:
            # Interval is on demand and window is specified
            # We can't have a window with on-demand rules