| @@ -34,6 +34,8 class MailHandler < ActionMailer::Base | |||||
| 34 | @@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project) |
|
34 | @@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project) | |
| 35 | # Status overridable by default |
|
35 | # Status overridable by default | |
| 36 | @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status) |
|
36 | @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status) | |
|
|
37 | ||||
|
|
38 | @@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false) | |||
| 37 | super email |
|
39 | super email | |
| 38 | end |
|
40 | end | |
| 39 |
|
41 | |||
| @@ -120,7 +122,10 class MailHandler < ActionMailer::Base | |||||
| 120 | status = (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status))) |
|
122 | status = (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status))) | |
| 121 |
|
123 | |||
| 122 | # check permission |
|
124 | # check permission | |
| 123 | raise UnauthorizedAction unless user.allowed_to?(:add_issues, project) |
|
125 | unless @@handler_options[:no_permission_check] | |
|
|
126 | raise UnauthorizedAction unless user.allowed_to?(:add_issues, project) | |||
|
|
127 | end | |||
|
|
128 | ||||
| 124 | issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority) |
|
129 | issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority) | |
| 125 | # check workflow |
|
130 | # check workflow | |
| 126 | if status && issue.new_statuses_allowed_to(user).include?(status) |
|
131 | if status && issue.new_statuses_allowed_to(user).include?(status) | |
| @@ -163,8 +168,10 class MailHandler < ActionMailer::Base | |||||
| 163 | issue = Issue.find_by_id(issue_id) |
|
168 | issue = Issue.find_by_id(issue_id) | |
| 164 | return unless issue |
|
169 | return unless issue | |
| 165 | # check permission |
|
170 | # check permission | |
| 166 | raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project) |
|
171 | unless @@handler_options[:no_permission_check] | |
| 167 |
raise UnauthorizedAction unless |
|
172 | raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project) | |
|
|
173 | raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project) | |||
|
|
174 | end | |||
| 168 |
|
175 | |||
| 169 | # add the note |
|
176 | # add the note | |
| 170 | journal = issue.init_journal(user, plain_text_body) |
|
177 | journal = issue.init_journal(user, plain_text_body) | |
| @@ -191,7 +198,12 class MailHandler < ActionMailer::Base | |||||
| 191 | message = Message.find_by_id(message_id) |
|
198 | message = Message.find_by_id(message_id) | |
| 192 | if message |
|
199 | if message | |
| 193 | message = message.root |
|
200 | message = message.root | |
| 194 | if user.allowed_to?(:add_messages, message.project) && !message.locked? |
|
201 | ||
|
|
202 | unless @@handler_options[:no_permission_check] | |||
|
|
203 | raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project) | |||
|
|
204 | end | |||
|
|
205 | ||||
|
|
206 | if !message.locked? | |||
| 195 | reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip, |
|
207 | reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip, | |
| 196 | :content => plain_text_body) |
|
208 | :content => plain_text_body) | |
| 197 | reply.author = user |
|
209 | reply.author = user | |
| @@ -200,7 +212,7 class MailHandler < ActionMailer::Base | |||||
| 200 | add_attachments(reply) |
|
212 | add_attachments(reply) | |
| 201 | reply |
|
213 | reply | |
| 202 | else |
|
214 | else | |
| 203 | raise UnauthorizedAction |
|
215 | logger.info "MailHandler: ignoring reply from [#{sender_email}] to a locked topic" if logger && logger.info | |
| 204 | end |
|
216 | end | |
| 205 | end |
|
217 | end | |
| 206 | end |
|
218 | end | |
| @@ -20,6 +20,8 | |||||
| 20 | # ignore: email is ignored (default) |
|
20 | # ignore: email is ignored (default) | |
| 21 | # accept: accept as anonymous user |
|
21 | # accept: accept as anonymous user | |
| 22 | # create: create a user account |
|
22 | # create: create a user account | |
|
|
23 | # --no-permission-check disable permission checking when receiving | |||
|
|
24 | # the email | |||
| 23 | # -h, --help show this help |
|
25 | # -h, --help show this help | |
| 24 | # -v, --verbose show extra information |
|
26 | # -v, --verbose show extra information | |
| 25 | # -V, --version show version information and exit |
|
27 | # -V, --version show version information and exit | |
| @@ -69,7 +71,7 end | |||||
| 69 | class RedmineMailHandler |
|
71 | class RedmineMailHandler | |
| 70 | VERSION = '0.1' |
|
72 | VERSION = '0.1' | |
| 71 |
|
73 | |||
| 72 | attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :url, :key |
|
74 | attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :no_permission_check, :url, :key | |
| 73 |
|
75 | |||
| 74 | def initialize |
|
76 | def initialize | |
| 75 | self.issue_attributes = {} |
|
77 | self.issue_attributes = {} | |
| @@ -86,7 +88,8 class RedmineMailHandler | |||||
| 86 | [ '--category', GetoptLong::REQUIRED_ARGUMENT], |
|
88 | [ '--category', GetoptLong::REQUIRED_ARGUMENT], | |
| 87 | [ '--priority', GetoptLong::REQUIRED_ARGUMENT], |
|
89 | [ '--priority', GetoptLong::REQUIRED_ARGUMENT], | |
| 88 | [ '--allow-override', '-o', GetoptLong::REQUIRED_ARGUMENT], |
|
90 | [ '--allow-override', '-o', GetoptLong::REQUIRED_ARGUMENT], | |
| 89 | [ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT] |
|
91 | [ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT], | |
|
|
92 | [ '--no-permission-check', GetoptLong::NO_ARGUMENT] | |||
| 90 | ) |
|
93 | ) | |
| 91 |
|
94 | |||
| 92 | opts.each do |opt, arg| |
|
95 | opts.each do |opt, arg| | |
| @@ -107,6 +110,8 class RedmineMailHandler | |||||
| 107 | self.allow_override = arg.dup |
|
110 | self.allow_override = arg.dup | |
| 108 | when '--unknown-user' |
|
111 | when '--unknown-user' | |
| 109 | self.unknown_user = arg.dup |
|
112 | self.unknown_user = arg.dup | |
|
|
113 | when '--no-permission-check' | |||
|
|
114 | self.no_permission_check = '1' | |||
| 110 | end |
|
115 | end | |
| 111 | end |
|
116 | end | |
| 112 |
|
117 | |||
| @@ -118,7 +123,8 class RedmineMailHandler | |||||
| 118 |
|
123 | |||
| 119 | data = { 'key' => key, 'email' => email, |
|
124 | data = { 'key' => key, 'email' => email, | |
| 120 | 'allow_override' => allow_override, |
|
125 | 'allow_override' => allow_override, | |
| 121 |
'unknown_user' => unknown_user |
|
126 | 'unknown_user' => unknown_user, | |
|
|
127 | 'no_permission_check' => no_permission_check} | |||
| 122 | issue_attributes.each { |attr, value| data["issue[#{attr}]"] = value } |
|
128 | issue_attributes.each { |attr, value| data["issue[#{attr}]"] = value } | |
| 123 |
|
129 | |||
| 124 | debug "Posting to #{uri}..." |
|
130 | debug "Posting to #{uri}..." | |
| @@ -27,6 +27,8 General options: | |||||
| 27 | ignore: email is ignored (default) |
|
27 | ignore: email is ignored (default) | |
| 28 | accept: accept as anonymous user |
|
28 | accept: accept as anonymous user | |
| 29 | create: create a user account |
|
29 | create: create a user account | |
|
|
30 | no_permission_check=1 disable permission checking when receiving | |||
|
|
31 | the email | |||
| 30 |
|
32 | |||
| 31 | Issue attributes control options: |
|
33 | Issue attributes control options: | |
| 32 | project=PROJECT identifier of the target project |
|
34 | project=PROJECT identifier of the target project | |
| @@ -55,6 +57,7 END_DESC | |||||
| 55 | %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] } |
|
57 | %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] } | |
| 56 | options[:allow_override] = ENV['allow_override'] if ENV['allow_override'] |
|
58 | options[:allow_override] = ENV['allow_override'] if ENV['allow_override'] | |
| 57 | options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user'] |
|
59 | options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user'] | |
|
|
60 | options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check'] | |||
| 58 |
|
61 | |||
| 59 | MailHandler.receive(STDIN.read, options) |
|
62 | MailHandler.receive(STDIN.read, options) | |
| 60 | end |
|
63 | end | |
| @@ -68,6 +71,8 General options: | |||||
| 68 | ignore: email is ignored (default) |
|
71 | ignore: email is ignored (default) | |
| 69 | accept: accept as anonymous user |
|
72 | accept: accept as anonymous user | |
| 70 | create: create a user account |
|
73 | create: create a user account | |
|
|
74 | no_permission_check=1 disable permission checking when receiving | |||
|
|
75 | the email | |||
| 71 |
|
76 | |||
| 72 | Available IMAP options: |
|
77 | Available IMAP options: | |
| 73 | host=HOST IMAP server host (default: 127.0.0.1) |
|
78 | host=HOST IMAP server host (default: 127.0.0.1) | |
| @@ -123,6 +128,7 END_DESC | |||||
| 123 | %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] } |
|
128 | %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] } | |
| 124 | options[:allow_override] = ENV['allow_override'] if ENV['allow_override'] |
|
129 | options[:allow_override] = ENV['allow_override'] if ENV['allow_override'] | |
| 125 | options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user'] |
|
130 | options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user'] | |
|
|
131 | options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check'] | |||
| 126 |
|
132 | |||
| 127 | Redmine::IMAP.check(imap_options, options) |
|
133 | Redmine::IMAP.check(imap_options, options) | |
| 128 | end |
|
134 | end | |
| @@ -165,6 +165,26 class MailHandlerTest < ActiveSupport::TestCase | |||||
| 165 | end |
|
165 | end | |
| 166 | end |
|
166 | end | |
| 167 |
|
167 | |||
|
|
168 | def test_add_issue_by_anonymous_user_on_private_project | |||
|
|
169 | Role.anonymous.add_permission!(:add_issues) | |||
|
|
170 | assert_no_difference 'User.count' do | |||
|
|
171 | assert_no_difference 'Issue.count' do | |||
|
|
172 | assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :unknown_user => 'accept') | |||
|
|
173 | end | |||
|
|
174 | end | |||
|
|
175 | end | |||
|
|
176 | ||||
|
|
177 | def test_add_issue_by_anonymous_user_on_private_project_without_permission_check | |||
|
|
178 | assert_no_difference 'User.count' do | |||
|
|
179 | assert_difference 'Issue.count' do | |||
|
|
180 | issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :no_permission_check => '1', :unknown_user => 'accept') | |||
|
|
181 | assert issue.is_a?(Issue) | |||
|
|
182 | assert issue.author.anonymous? | |||
|
|
183 | assert !issue.project.is_public? | |||
|
|
184 | end | |||
|
|
185 | end | |||
|
|
186 | end | |||
|
|
187 | ||||
| 168 | def test_add_issue_by_created_user |
|
188 | def test_add_issue_by_created_user | |
| 169 | Setting.default_language = 'en' |
|
189 | Setting.default_language = 'en' | |
| 170 | assert_difference 'User.count' do |
|
190 | assert_difference 'User.count' do | |
General Comments 0
You need to be logged in to leave comments.
Login now