From eca10e56b8f54b4c35241708f1899ee162103df5 Mon Sep 17 00:00:00 2001
From: Martin Brennan <martin@discourse.org>
Date: Mon, 4 Mar 2024 13:48:16 +1000
Subject: [PATCH] FEATURE: Allow specific groups to view raw email (#26003)

When a post is created by an incoming email, we show
an envelope icon on it which then opens a modal with the
raw email contents. Previously this was staff (admin+mod)
only, but now this commit adds the `view_raw_email_allowed_groups`
site setting, so any group can be added to give users permission
to see this.
---
 .../javascripts/discourse/app/lib/transform-post.js   |  2 +-
 app/serializers/current_user_serializer.rb            |  7 ++++++-
 config/locales/server.en.yml                          |  1 +
 config/site_settings.yml                              |  6 ++++++
 lib/guardian/post_guardian.rb                         |  2 +-
 spec/requests/posts_controller_spec.rb                | 11 +++++++++++
 6 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/app/assets/javascripts/discourse/app/lib/transform-post.js b/app/assets/javascripts/discourse/app/lib/transform-post.js
index 4cdb918a94d..35db31b6feb 100644
--- a/app/assets/javascripts/discourse/app/lib/transform-post.js
+++ b/app/assets/javascripts/discourse/app/lib/transform-post.js
@@ -130,7 +130,7 @@ export default function transformPost(
     postType === postTypes.small_action || post.action_code === "split_topic";
   postAtts.canBookmark = !!currentUser;
   postAtts.canManage = currentUser && currentUser.get("canManageTopic");
-  postAtts.canViewRawEmail = currentUser && currentUser.staff;
+  postAtts.canViewRawEmail = currentUser && currentUser.can_view_raw_email;
   postAtts.canArchiveTopic = !!details.can_archive_topic;
   postAtts.canCloseTopic = !!details.can_close_topic;
   postAtts.canSplitMergeTopic = !!details.can_split_merge_topic;
diff --git a/app/serializers/current_user_serializer.rb b/app/serializers/current_user_serializer.rb
index 2e6823cbd09..6060be35937 100644
--- a/app/serializers/current_user_serializer.rb
+++ b/app/serializers/current_user_serializer.rb
@@ -75,7 +75,8 @@ class CurrentUserSerializer < BasicUserSerializer
              :use_experimental_topic_bulk_actions?,
              :use_experimental_topic_bulk_actions?,
              :use_admin_sidebar,
-             :glimmer_header_enabled?
+             :glimmer_header_enabled?,
+             :can_view_raw_email
 
   delegate :user_stat, to: :object, private: true
   delegate :any_posts, :draft_count, :pending_posts_count, :read_faq?, to: :user_stat
@@ -316,4 +317,8 @@ class CurrentUserSerializer < BasicUserSerializer
   def use_experimental_topic_bulk_actions?
     scope.user.in_any_groups?(SiteSetting.experimental_topic_bulk_actions_enabled_groups_map)
   end
+
+  def can_view_raw_email
+    scope.user.in_any_groups?(SiteSetting.view_raw_email_allowed_groups_map)
+  end
 end
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 12b462142c0..5ef29105b5b 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -2554,6 +2554,7 @@ en:
 
     page_loading_indicator: "Configure the loading indicator which appears during page navigations within Discourse. 'Spinner' is a full page indicator. 'Slider' shows a narrow bar at the top of the screen."
     show_user_menu_avatars: "Show user avatars in the user menu"
+    view_raw_email_allowed_groups: "Groups which can view the raw email content of a post if it was created by an incoming email. This includes email headers and other technical information."
 
     errors:
       invalid_css_color: "Invalid color. Enter a color name or hex value."
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 31a17414223..2ca5984ce41 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -1419,6 +1419,12 @@ email:
     default: 10
     hidden: true
   require_change_email_confirmation: false
+  view_raw_email_allowed_groups:
+    type: group_list
+    list_type: compact
+    default: "1|2"
+    allow_any: false
+    refresh: true
 
 files:
   max_image_size_kb:
diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb
index ee4be1c0d8d..ad507f17d8d 100644
--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@@ -358,7 +358,7 @@ module PostGuardian
   end
 
   def can_view_raw_email?(post)
-    post && is_staff?
+    post && @user.in_any_groups?(SiteSetting.view_raw_email_allowed_groups_map)
   end
 
   def can_unhide?(post)
diff --git a/spec/requests/posts_controller_spec.rb b/spec/requests/posts_controller_spec.rb
index 1c228be1360..22ed1fdb9dc 100644
--- a/spec/requests/posts_controller_spec.rb
+++ b/spec/requests/posts_controller_spec.rb
@@ -2701,6 +2701,17 @@ RSpec.describe PostsController do
         expect(response.status).to eq(403)
       end
 
+      it "can view raw email if the user is in the allowed group" do
+        sign_in(user)
+        SiteSetting.view_raw_email_allowed_groups = "trust_level_0"
+
+        get "/posts/#{post.id}/raw-email.json"
+        expect(response.status).to eq(200)
+
+        json = response.parsed_body
+        expect(json["raw_email"]).to eq("email_content")
+      end
+
       it "can view raw email" do
         sign_in(moderator)