From 3906c13c775ade678753178538b2280ba61e0bf2 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Sun, 4 Feb 2018 10:45:50 +0200
Subject: [PATCH] Limit bulk emailing

---
 app/Http/Controllers/InvoiceApiController.php | 8 +++++++-
 app/Models/User.php                           | 6 +++++-
 app/Ninja/Datatables/InvoiceDatatable.php     | 2 +-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/InvoiceApiController.php b/app/Http/Controllers/InvoiceApiController.php
index 1510325c8d..d602d32719 100644
--- a/app/Http/Controllers/InvoiceApiController.php
+++ b/app/Http/Controllers/InvoiceApiController.php
@@ -206,7 +206,9 @@ class InvoiceApiController extends BaseAPIController
                     $invoice = $recurringInvoice;
                 }
                 $reminder = isset($data['email_type']) ? $data['email_type'] : false;
-                $this->dispatch(new SendInvoiceEmail($invoice, auth()->user()->id, $reminder));
+                if (auth()->user()->isTrusted()) {
+                    $this->dispatch(new SendInvoiceEmail($invoice, auth()->user()->id, $reminder));
+                }
             }
         }
 
@@ -337,6 +339,10 @@ class InvoiceApiController extends BaseAPIController
 
     public function emailInvoice(InvoiceRequest $request)
     {
+        if (! auth()->user()->isTrusted()) {
+            return $this->errorResponse('Requires paid pro plan', 400);
+        }
+
         $invoice = $request->entity();
 
         if ($invoice->is_recurring && $recurringInvoice = $this->invoiceRepo->createRecurringInvoice($invoice)) {
diff --git a/app/Models/User.php b/app/Models/User.php
index 687084362b..e1a5556a80 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -138,8 +138,12 @@ class User extends Authenticatable
     /**
      * @return mixed
      */
-    public function isPaidPro()
+    public function isTrusted()
     {
+        if (Utils::isSelfHost()) {
+            true;
+        }
+
         return $this->account->isPro() && ! $this->account->isTrial();
     }
 
diff --git a/app/Ninja/Datatables/InvoiceDatatable.php b/app/Ninja/Datatables/InvoiceDatatable.php
index 6a49896767..801fb52a97 100644
--- a/app/Ninja/Datatables/InvoiceDatatable.php
+++ b/app/Ninja/Datatables/InvoiceDatatable.php
@@ -196,7 +196,7 @@ class InvoiceDatatable extends EntityDatatable
                 'label' => mtrans($this->entityType, 'download_' . $this->entityType),
                 'url' => 'javascript:submitForm_'.$this->entityType.'("download")',
             ];
-            if (Utils::isSelfHost() || auth()->user()->isPaidPro()) {
+            if (auth()->user()->isTrusted()) {
                 $actions[] = [
                     'label' => mtrans($this->entityType, 'email_' . $this->entityType),
                     'url' => 'javascript:submitForm_'.$this->entityType.'("emailInvoice")',