@@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project)
# Status overridable by default
@@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status)
+
+ @@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false)
super email
end
status = (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))
# check permission
- raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
+ unless @@handler_options[:no_permission_check]
+ raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
+ end
+
issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority)
# check workflow
if status && issue.new_statuses_allowed_to(user).include?(status)
issue = Issue.find_by_id(issue_id)
return unless issue
# check permission
- raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
- raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
+ unless @@handler_options[:no_permission_check]
+ raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
+ raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
+ end
# add the note
journal = issue.init_journal(user, plain_text_body)
message = Message.find_by_id(message_id)
if message
message = message.root
- if user.allowed_to?(:add_messages, message.project) && !message.locked?
+
+ unless @@handler_options[:no_permission_check]
+ raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project)
+ end
+
+ if !message.locked?
reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip,
:content => plain_text_body)
reply.author = user
add_attachments(reply)
reply
else
- raise UnauthorizedAction
+ logger.info "MailHandler: ignoring reply from [#{sender_email}] to a locked topic" if logger && logger.info
end
end
end
# ignore: email is ignored (default)
# accept: accept as anonymous user
# create: create a user account
+# --no-permission-check disable permission checking when receiving
+# the email
# -h, --help show this help
# -v, --verbose show extra information
# -V, --version show version information and exit
class RedmineMailHandler
VERSION = '0.1'
- attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :url, :key
+ attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :no_permission_check, :url, :key
def initialize
self.issue_attributes = {}
[ '--category', GetoptLong::REQUIRED_ARGUMENT],
[ '--priority', GetoptLong::REQUIRED_ARGUMENT],
[ '--allow-override', '-o', GetoptLong::REQUIRED_ARGUMENT],
- [ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT]
+ [ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT],
+ [ '--no-permission-check', GetoptLong::NO_ARGUMENT]
)
opts.each do |opt, arg|
self.allow_override = arg.dup
when '--unknown-user'
self.unknown_user = arg.dup
+ when '--no-permission-check'
+ self.no_permission_check = '1'
end
end
data = { 'key' => key, 'email' => email,
'allow_override' => allow_override,
- 'unknown_user' => unknown_user }
+ 'unknown_user' => unknown_user,
+ 'no_permission_check' => no_permission_check}
issue_attributes.each { |attr, value| data["issue[#{attr}]"] = value }
debug "Posting to #{uri}..."
ignore: email is ignored (default)\r
accept: accept as anonymous user\r
create: create a user account\r
+ no_permission_check=1 disable permission checking when receiving\r
+ the email\r
\r
Issue attributes control options:\r
project=PROJECT identifier of the target project\r
%w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }\r
options[:allow_override] = ENV['allow_override'] if ENV['allow_override']\r
options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']\r
+ options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']\r
\r
MailHandler.receive(STDIN.read, options)\r
end\r
ignore: email is ignored (default)\r
accept: accept as anonymous user\r
create: create a user account\r
+ no_permission_check=1 disable permission checking when receiving\r
+ the email\r
\r
Available IMAP options:\r
host=HOST IMAP server host (default: 127.0.0.1)\r
%w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }\r
options[:allow_override] = ENV['allow_override'] if ENV['allow_override']\r
options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']\r
+ options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']\r
\r
Redmine::IMAP.check(imap_options, options)\r
end\r
end
end
+ def test_add_issue_by_anonymous_user_on_private_project
+ Role.anonymous.add_permission!(:add_issues)
+ assert_no_difference 'User.count' do
+ assert_no_difference 'Issue.count' do
+ assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :unknown_user => 'accept')
+ end
+ end
+ end
+
+ def test_add_issue_by_anonymous_user_on_private_project_without_permission_check
+ assert_no_difference 'User.count' do
+ assert_difference 'Issue.count' do
+ issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :no_permission_check => '1', :unknown_user => 'accept')
+ assert issue.is_a?(Issue)
+ assert issue.author.anonymous?
+ assert !issue.project.is_public?
+ end
+ end
+ end
+
def test_add_issue_by_created_user
Setting.default_language = 'en'
assert_difference 'User.count' do
projects / redmine.git / commitdiff