##// END OF EJS Templates
jro_apps » redmine
RSS
Adds a 'no_permission_check' option to the MailHandler....
Jean-Philippe Lang -
r3081:06ca18b04225
parent child
Show More
Side by Side Unified
Context file:
r3081:06ca18b04225 Loading diff...:
Show file before | Show file after | Hide comments
@@ -34,6 +34,8 class MailHandler < ActionMailer::Base
34 34 @@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project)
35 35 # Status overridable by default
36 36 @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status)
37
38 @@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false)
37 39 super email
38 40 end
39 41
@@ -120,7 +122,10 class MailHandler < ActionMailer::Base
120 122 status = (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
121 123
122 124 # check permission
123 raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
125 unless @@handler_options[:no_permission_check]
126 raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
127 end
128
124 129 issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority)
125 130 # check workflow
126 131 if status && issue.new_statuses_allowed_to(user).include?(status)
@@ -163,8 +168,10 class MailHandler < ActionMailer::Base
163 168 issue = Issue.find_by_id(issue_id)
164 169 return unless issue
165 170 # check permission
166 raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
167 raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
171 unless @@handler_options[:no_permission_check]
172 raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
173 raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
174 end
168 175
169 176 # add the note
170 177 journal = issue.init_journal(user, plain_text_body)
@@ -191,7 +198,12 class MailHandler < ActionMailer::Base
191 198 message = Message.find_by_id(message_id)
192 199 if message
193 200 message = message.root
194 if user.allowed_to?(:add_messages, message.project) && !message.locked?
201
202 unless @@handler_options[:no_permission_check]
203 raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project)
204 end
205
206 if !message.locked?
195 207 reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip,
196 208 :content => plain_text_body)
197 209 reply.author = user
@@ -200,7 +212,7 class MailHandler < ActionMailer::Base
200 212 add_attachments(reply)
201 213 reply
202 214 else
203 raise UnauthorizedAction
215 logger.info "MailHandler: ignoring reply from [#{sender_email}] to a locked topic" if logger && logger.info
204 216 end
205 217 end
206 218 end
Show file before | Show file after | Hide comments
@@ -20,6 +20,8
20 20 # ignore: email is ignored (default)
21 21 # accept: accept as anonymous user
22 22 # create: create a user account
23 # --no-permission-check disable permission checking when receiving
24 # the email
23 25 # -h, --help show this help
24 26 # -v, --verbose show extra information
25 27 # -V, --version show version information and exit
@@ -69,7 +71,7 end
69 71 class RedmineMailHandler
70 72 VERSION = '0.1'
71 73
72 attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :url, :key
74 attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :no_permission_check, :url, :key
73 75
74 76 def initialize
75 77 self.issue_attributes = {}
@@ -86,7 +88,8 class RedmineMailHandler
86 88 [ '--category', GetoptLong::REQUIRED_ARGUMENT],
87 89 [ '--priority', GetoptLong::REQUIRED_ARGUMENT],
88 90 [ '--allow-override', '-o', GetoptLong::REQUIRED_ARGUMENT],
89 [ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT]
91 [ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT],
92 [ '--no-permission-check', GetoptLong::NO_ARGUMENT]
90 93 )
91 94
92 95 opts.each do |opt, arg|
@@ -107,6 +110,8 class RedmineMailHandler
107 110 self.allow_override = arg.dup
108 111 when '--unknown-user'
109 112 self.unknown_user = arg.dup
113 when '--no-permission-check'
114 self.no_permission_check = '1'
110 115 end
111 116 end
112 117
@@ -118,7 +123,8 class RedmineMailHandler
118 123
119 124 data = { 'key' => key, 'email' => email,
120 125 'allow_override' => allow_override,
121 'unknown_user' => unknown_user }
126 'unknown_user' => unknown_user,
127 'no_permission_check' => no_permission_check}
122 128 issue_attributes.each { |attr, value| data["issue[#{attr}]"] = value }
123 129
124 130 debug "Posting to #{uri}..."
Show file before | Show file after | Hide comments
@@ -27,6 +27,8 General options:
27 27 ignore: email is ignored (default)
28 28 accept: accept as anonymous user
29 29 create: create a user account
30 no_permission_check=1 disable permission checking when receiving
31 the email
30 32
31 33 Issue attributes control options:
32 34 project=PROJECT identifier of the target project
@@ -55,6 +57,7 END_DESC
55 57 %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }
56 58 options[:allow_override] = ENV['allow_override'] if ENV['allow_override']
57 59 options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']
60 options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']
58 61
59 62 MailHandler.receive(STDIN.read, options)
60 63 end
@@ -68,6 +71,8 General options:
68 71 ignore: email is ignored (default)
69 72 accept: accept as anonymous user
70 73 create: create a user account
74 no_permission_check=1 disable permission checking when receiving
75 the email
71 76
72 77 Available IMAP options:
73 78 host=HOST IMAP server host (default: 127.0.0.1)
@@ -123,6 +128,7 END_DESC
123 128 %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }
124 129 options[:allow_override] = ENV['allow_override'] if ENV['allow_override']
125 130 options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']
131 options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']
126 132
127 133 Redmine::IMAP.check(imap_options, options)
128 134 end
Show file before | Show file after | Hide comments
@@ -165,6 +165,26 class MailHandlerTest < ActiveSupport::TestCase
165 165 end
166 166 end
167 167
168 def test_add_issue_by_anonymous_user_on_private_project
169 Role.anonymous.add_permission!(:add_issues)
170 assert_no_difference 'User.count' do
171 assert_no_difference 'Issue.count' do
172 assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :unknown_user => 'accept')
173 end
174 end
175 end
176
177 def test_add_issue_by_anonymous_user_on_private_project_without_permission_check
178 assert_no_difference 'User.count' do
179 assert_difference 'Issue.count' do
180 issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :no_permission_check => '1', :unknown_user => 'accept')
181 assert issue.is_a?(Issue)
182 assert issue.author.anonymous?
183 assert !issue.project.is_public?
184 end
185 end
186 end
187
168 188 def test_add_issue_by_created_user
169 189 Setting.default_language = 'en'
170 190 assert_difference 'User.count' do
General Comments 0
You need to be logged in to leave comments. Login now