##// END OF EJS Templates
jro_apps » redmine
RSS
Make sure users don't get notified for thing they can not view (#3589)....
Jean-Philippe Lang -
r3055:bb477a3a0fe7
parent child
Show More
Side by Side Unified
Context file:
r3055:bb477a3a0fe7 Loading diff...:
Show file before | Show file after | Hide comments
@@ -29,6 +29,10 class Document < ActiveRecord::Base
29 29 validates_presence_of :project, :title, :category
30 30 validates_length_of :title, :maximum => 60
31 31
32 def visible?(user=User.current)
33 !user.nil? && user.allowed_to?(:view_documents, project)
34 end
35
32 36 def after_initialize
33 37 if new_record?
34 38 self.category ||= DocumentCategory.default
@@ -42,4 +46,11 class Document < ActiveRecord::Base
42 46 end
43 47 @updated_on
44 48 end
49
50 # Returns the mail adresses of users that should be notified
51 def recipients
52 notified = project.notified_users
53 notified.reject! {|user| !visible?(user)}
54 notified.collect(&:mail)
55 end
45 56 end
Show file before | Show file after | Hide comments
@@ -94,7 +94,7 class Mailer < ActionMailer::Base
94 94 # Mailer.deliver_document_added(document) => sends an email to the document's project recipients
95 95 def document_added(document)
96 96 redmine_headers 'Project' => document.project.identifier
97 recipients document.project.recipients
97 recipients document.recipients
98 98 subject "[#{document.project.name}] #{l(:label_document_new)}: #{document.title}"
99 99 body :document => document,
100 100 :document_url => url_for(:controller => 'documents', :action => 'show', :id => document)
@@ -114,15 +114,17 class Mailer < ActionMailer::Base
114 114 when 'Project'
115 115 added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container)
116 116 added_to = "#{l(:label_project)}: #{container}"
117 recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}
117 118 when 'Version'
118 119 added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container.project_id)
119 120 added_to = "#{l(:label_version)}: #{container.name}"
121 recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}
120 122 when 'Document'
121 123 added_to_url = url_for(:controller => 'documents', :action => 'show', :id => container.id)
122 124 added_to = "#{l(:label_document)}: #{container.title}"
125 recipients container.recipients
123 126 end
124 127 redmine_headers 'Project' => container.project.identifier
125 recipients container.project.recipients
126 128 subject "[#{container.project.name}] #{l(:label_attachment_new)}"
127 129 body :attachments => attachments,
128 130 :added_to => added_to,
@@ -138,24 +140,25 class Mailer < ActionMailer::Base
138 140 def news_added(news)
139 141 redmine_headers 'Project' => news.project.identifier
140 142 message_id news
141 recipients news.project.recipients
143 recipients news.recipients
142 144 subject "[#{news.project.name}] #{l(:label_news)}: #{news.title}"
143 145 body :news => news,
144 146 :news_url => url_for(:controller => 'news', :action => 'show', :id => news)
145 147 render_multipart('news_added', body)
146 148 end
147 149
148 # Builds a tmail object used to email the specified recipients of the specified message that was posted.
150 # Builds a tmail object used to email the recipients of the specified message that was posted.
149 151 #
150 152 # Example:
151 # message_posted(message, recipients) => tmail object
152 # Mailer.deliver_message_posted(message, recipients) => sends an email to the recipients
153 def message_posted(message, recipients)
153 # message_posted(message) => tmail object
154 # Mailer.deliver_message_posted(message) => sends an email to the recipients
155 def message_posted(message)
154 156 redmine_headers 'Project' => message.project.identifier,
155 157 'Topic-Id' => (message.parent_id || message.id)
156 158 message_id message
157 159 references message.parent unless message.parent.nil?
158 recipients(recipients)
160 recipients(message.recipients)
161 cc((message.root.watcher_recipients + message.board.watcher_recipients).uniq - @recipients)
159 162 subject "[#{message.board.project.name} - #{message.board.name} - msg#{message.root.id}] #{message.subject}"
160 163 body :message => message,
161 164 :message_url => url_for(:controller => 'messages', :action => 'show', :board_id => message.board_id, :id => message.root)
@@ -171,7 +174,7 class Mailer < ActionMailer::Base
171 174 redmine_headers 'Project' => wiki_content.project.identifier,
172 175 'Wiki-Page-Id' => wiki_content.page.id
173 176 message_id wiki_content
174 recipients wiki_content.project.recipients
177 recipients wiki_content.recipients
175 178 cc(wiki_content.page.wiki.watcher_recipients - recipients)
176 179 subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_added, :page => wiki_content.page.pretty_title)}"
177 180 body :wiki_content => wiki_content,
@@ -188,7 +191,7 class Mailer < ActionMailer::Base
188 191 redmine_headers 'Project' => wiki_content.project.identifier,
189 192 'Wiki-Page-Id' => wiki_content.page.id
190 193 message_id wiki_content
191 recipients wiki_content.project.recipients
194 recipients wiki_content.recipients
192 195 cc(wiki_content.page.wiki.watcher_recipients + wiki_content.page.watcher_recipients - recipients)
193 196 subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_updated, :page => wiki_content.page.pretty_title)}"
194 197 body :wiki_content => wiki_content,
Show file before | Show file after | Hide comments
@@ -90,6 +90,13 class Message < ActiveRecord::Base
90 90 usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project)))
91 91 end
92 92
93 # Returns the mail adresses of users that should be notified
94 def recipients
95 notified = project.notified_users
96 notified.reject! {|user| !visible?(user)}
97 notified.collect(&:mail)
98 end
99
93 100 private
94 101
95 102 def add_author_as_watcher
Show file before | Show file after | Hide comments
@@ -17,14 +17,6
17 17
18 18 class MessageObserver < ActiveRecord::Observer
19 19 def after_create(message)
20 recipients = []
21 # send notification to the topic watchers
22 recipients += message.root.watcher_recipients
23 # send notification to the board watchers
24 recipients += message.board.watcher_recipients
25 # send notification to project members who want to be notified
26 recipients += message.board.project.recipients
27 recipients = recipients.compact.uniq
28 Mailer.deliver_message_posted(message, recipients) if !recipients.empty? && Setting.notified_events.include?('message_posted')
20 Mailer.deliver_message_posted(message) if Setting.notified_events.include?('message_posted')
29 21 end
30 22 end
Show file before | Show file after | Hide comments
@@ -29,6 +29,17 class News < ActiveRecord::Base
29 29 acts_as_activity_provider :find_options => {:include => [:project, :author]},
30 30 :author_key => :author_id
31 31
32 def visible?(user=User.current)
33 !user.nil? && user.allowed_to?(:view_news, project)
34 end
35
36 # Returns the mail adresses of users that should be notified
37 def recipients
38 notified = project.notified_users
39 notified.reject! {|user| !visible?(user)}
40 notified.collect(&:mail)
41 end
42
32 43 # returns latest news for projects visible by user
33 44 def self.latest(user = User.current, count = 5)
34 45 find(:all, :limit => count, :conditions => Project.allowed_to_condition(user, :view_news), :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")
Show file before | Show file after | Hide comments
@@ -26,10 +26,21 class WikiContent < ActiveRecord::Base
26 26
27 27 acts_as_versioned
28 28
29 def visible?(user=User.current)
30 page.visible?(user)
31 end
32
29 33 def project
30 34 page.project
31 35 end
32 36
37 # Returns the mail adresses of users that should be notified
38 def recipients
39 notified = project.notified_users
40 notified.reject! {|user| !visible?(user)}
41 notified.collect(&:mail)
42 end
43
33 44 class Version
34 45 belongs_to :page, :class_name => '::WikiPage', :foreign_key => 'page_id'
35 46 belongs_to :author, :class_name => '::User', :foreign_key => 'author_id'
Show file before | Show file after | Hide comments
@@ -147,7 +147,7 class MailerTest < ActiveSupport::TestCase
147 147 def test_message_posted_message_id
148 148 ActionMailer::Base.deliveries.clear
149 149 message = Message.find(1)
150 Mailer.deliver_message_posted(message, message.author.mail)
150 Mailer.deliver_message_posted(message)
151 151 mail = ActionMailer::Base.deliveries.last
152 152 assert_not_nil mail
153 153 assert_equal Mailer.message_id_for(message), mail.message_id
@@ -157,13 +157,47 class MailerTest < ActiveSupport::TestCase
157 157 def test_reply_posted_message_id
158 158 ActionMailer::Base.deliveries.clear
159 159 message = Message.find(3)
160 Mailer.deliver_message_posted(message, message.author.mail)
160 Mailer.deliver_message_posted(message)
161 161 mail = ActionMailer::Base.deliveries.last
162 162 assert_not_nil mail
163 163 assert_equal Mailer.message_id_for(message), mail.message_id
164 164 assert_equal Mailer.message_id_for(message.parent), mail.references.first.to_s
165 165 end
166 166
167 context("#issue_add") do
168 setup do
169 ActionMailer::Base.deliveries.clear
170 Setting.bcc_recipients = '1'
171 @issue = Issue.find(1)
172 end
173
174 should "notify project members" do
175 assert Mailer.deliver_issue_add(@issue)
176 assert last_email.bcc.include?('dlopper@somenet.foo')
177 end
178
179 should "not notify project members that are not allow to view the issue" do
180 Role.find(2).remove_permission!(:view_issues)
181 assert Mailer.deliver_issue_add(@issue)
182 assert !last_email.bcc.include?('dlopper@somenet.foo')
183 end
184
185 should "notify issue watchers" do
186 user = User.find(9)
187 Watcher.create!(:watchable => @issue, :user => user)
188 assert Mailer.deliver_issue_add(@issue)
189 assert last_email.bcc.include?(user.mail)
190 end
191
192 should "not notify watchers not allowed to view the issue" do
193 user = User.find(9)
194 Watcher.create!(:watchable => @issue, :user => user)
195 Role.non_member.remove_permission!(:view_issues)
196 assert Mailer.deliver_issue_add(@issue)
197 assert !last_email.bcc.include?(user.mail)
198 end
199 end
200
167 201 # test mailer methods for each language
168 202 def test_issue_add
169 203 issue = Issue.find(1)
@@ -211,7 +245,7 class MailerTest < ActiveSupport::TestCase
211 245 recipients = recipients.compact.uniq
212 246 valid_languages.each do |lang|
213 247 Setting.default_language = lang.to_s
214 assert Mailer.deliver_message_posted(message, recipients)
248 assert Mailer.deliver_message_posted(message)
215 249 end
216 250 end
217 251
@@ -256,4 +290,10 class MailerTest < ActiveSupport::TestCase
256 290 assert mail.bcc.include?('dlopper@somenet.foo')
257 291 assert mail.body.include?('Bug #3: Error 281 when updating a recipe')
258 292 end
293
294 def last_email
295 mail = ActionMailer::Base.deliveries.last
296 assert_not_nil mail
297 mail
298 end
259 299 end
General Comments 0
You need to be logged in to leave comments. Login now