Commit 06ca18b0 authored by Jean-Philippe Lang's avatar Jean-Philippe Lang

Adds a 'no_permission_check' option to the MailHandler.

Used with the 'project' option, it allows anyone to submit emails to a private inbox project (#4407).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3195 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 9d120c87
......@@ -34,6 +34,8 @@ class MailHandler < ActionMailer::Base
@@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project)
# Status overridable by default
@@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status)
@@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false)
super email
end
......@@ -120,7 +122,10 @@ class MailHandler < ActionMailer::Base
status = (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
# check permission
raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
unless @@handler_options[:no_permission_check]
raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
end
issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority)
# check workflow
if status && issue.new_statuses_allowed_to(user).include?(status)
......@@ -163,8 +168,10 @@ class MailHandler < ActionMailer::Base
issue = Issue.find_by_id(issue_id)
return unless issue
# check permission
raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
unless @@handler_options[:no_permission_check]
raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
end
# add the note
journal = issue.init_journal(user, plain_text_body)
......@@ -191,7 +198,12 @@ class MailHandler < ActionMailer::Base
message = Message.find_by_id(message_id)
if message
message = message.root
if user.allowed_to?(:add_messages, message.project) && !message.locked?
unless @@handler_options[:no_permission_check]
raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project)
end
if !message.locked?
reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip,
:content => plain_text_body)
reply.author = user
......@@ -200,7 +212,7 @@ class MailHandler < ActionMailer::Base
add_attachments(reply)
reply
else
raise UnauthorizedAction
logger.info "MailHandler: ignoring reply from [#{sender_email}] to a locked topic" if logger && logger.info
end
end
end
......
......@@ -20,6 +20,8 @@
# ignore: email is ignored (default)
# accept: accept as anonymous user
# create: create a user account
# --no-permission-check disable permission checking when receiving
# the email
# -h, --help show this help
# -v, --verbose show extra information
# -V, --version show version information and exit
......@@ -69,7 +71,7 @@ end
class RedmineMailHandler
VERSION = '0.1'
attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :url, :key
attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :no_permission_check, :url, :key
def initialize
self.issue_attributes = {}
......@@ -86,7 +88,8 @@ class RedmineMailHandler
[ '--category', GetoptLong::REQUIRED_ARGUMENT],
[ '--priority', GetoptLong::REQUIRED_ARGUMENT],
[ '--allow-override', '-o', GetoptLong::REQUIRED_ARGUMENT],
[ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT]
[ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT],
[ '--no-permission-check', GetoptLong::NO_ARGUMENT]
)
opts.each do |opt, arg|
......@@ -107,6 +110,8 @@ class RedmineMailHandler
self.allow_override = arg.dup
when '--unknown-user'
self.unknown_user = arg.dup
when '--no-permission-check'
self.no_permission_check = '1'
end
end
......@@ -118,7 +123,8 @@ class RedmineMailHandler
data = { 'key' => key, 'email' => email,
'allow_override' => allow_override,
'unknown_user' => unknown_user }
'unknown_user' => unknown_user,
'no_permission_check' => no_permission_check}
issue_attributes.each { |attr, value| data["issue[#{attr}]"] = value }
debug "Posting to #{uri}..."
......
......@@ -27,6 +27,8 @@ General options:
ignore: email is ignored (default)
accept: accept as anonymous user
create: create a user account
no_permission_check=1 disable permission checking when receiving
the email
Issue attributes control options:
project=PROJECT identifier of the target project
......@@ -55,6 +57,7 @@ END_DESC
%w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }
options[:allow_override] = ENV['allow_override'] if ENV['allow_override']
options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']
options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']
MailHandler.receive(STDIN.read, options)
end
......@@ -68,6 +71,8 @@ General options:
ignore: email is ignored (default)
accept: accept as anonymous user
create: create a user account
no_permission_check=1 disable permission checking when receiving
the email
Available IMAP options:
host=HOST IMAP server host (default: 127.0.0.1)
......@@ -123,6 +128,7 @@ END_DESC
%w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }
options[:allow_override] = ENV['allow_override'] if ENV['allow_override']
options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']
options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']
Redmine::IMAP.check(imap_options, options)
end
......
......@@ -165,6 +165,26 @@ class MailHandlerTest < ActiveSupport::TestCase
end
end
def test_add_issue_by_anonymous_user_on_private_project
Role.anonymous.add_permission!(:add_issues)
assert_no_difference 'User.count' do
assert_no_difference 'Issue.count' do
assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :unknown_user => 'accept')
end
end
end
def test_add_issue_by_anonymous_user_on_private_project_without_permission_check
assert_no_difference 'User.count' do
assert_difference 'Issue.count' do
issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :no_permission_check => '1', :unknown_user => 'accept')
assert issue.is_a?(Issue)
assert issue.author.anonymous?
assert !issue.project.is_public?
end
end
end
def test_add_issue_by_created_user
Setting.default_language = 'en'
assert_difference 'User.count' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment