Used with the 'project' option, it allows anyone to submit emails to a private inbox project (#4407). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3195 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/0.9.0
@@ -34,6 +34,8 @@ class MailHandler < ActionMailer::Base | |||
@@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project) | |||
# Status overridable by default | |||
@@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status) | |||
@@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false) | |||
super email | |||
end | |||
@@ -120,7 +122,10 @@ class MailHandler < ActionMailer::Base | |||
status = (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status))) | |||
# check permission | |||
raise UnauthorizedAction unless user.allowed_to?(:add_issues, project) | |||
unless @@handler_options[:no_permission_check] | |||
raise UnauthorizedAction unless user.allowed_to?(:add_issues, project) | |||
end | |||
issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority) | |||
# check workflow | |||
if status && issue.new_statuses_allowed_to(user).include?(status) | |||
@@ -163,8 +168,10 @@ class MailHandler < ActionMailer::Base | |||
issue = Issue.find_by_id(issue_id) | |||
return unless issue | |||
# check permission | |||
raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project) | |||
raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project) | |||
unless @@handler_options[:no_permission_check] | |||
raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project) | |||
raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project) | |||
end | |||
# add the note | |||
journal = issue.init_journal(user, plain_text_body) | |||
@@ -191,7 +198,12 @@ class MailHandler < ActionMailer::Base | |||
message = Message.find_by_id(message_id) | |||
if message | |||
message = message.root | |||
if user.allowed_to?(:add_messages, message.project) && !message.locked? | |||
unless @@handler_options[:no_permission_check] | |||
raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project) | |||
end | |||
if !message.locked? | |||
reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip, | |||
:content => plain_text_body) | |||
reply.author = user | |||
@@ -200,7 +212,7 @@ class MailHandler < ActionMailer::Base | |||
add_attachments(reply) | |||
reply | |||
else | |||
raise UnauthorizedAction | |||
logger.info "MailHandler: ignoring reply from [#{sender_email}] to a locked topic" if logger && logger.info | |||
end | |||
end | |||
end |
@@ -20,6 +20,8 @@ | |||
# ignore: email is ignored (default) | |||
# accept: accept as anonymous user | |||
# create: create a user account | |||
# --no-permission-check disable permission checking when receiving | |||
# the email | |||
# -h, --help show this help | |||
# -v, --verbose show extra information | |||
# -V, --version show version information and exit | |||
@@ -69,7 +71,7 @@ end | |||
class RedmineMailHandler | |||
VERSION = '0.1' | |||
attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :url, :key | |||
attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :no_permission_check, :url, :key | |||
def initialize | |||
self.issue_attributes = {} | |||
@@ -86,7 +88,8 @@ class RedmineMailHandler | |||
[ '--category', GetoptLong::REQUIRED_ARGUMENT], | |||
[ '--priority', GetoptLong::REQUIRED_ARGUMENT], | |||
[ '--allow-override', '-o', GetoptLong::REQUIRED_ARGUMENT], | |||
[ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT] | |||
[ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT], | |||
[ '--no-permission-check', GetoptLong::NO_ARGUMENT] | |||
) | |||
opts.each do |opt, arg| | |||
@@ -107,6 +110,8 @@ class RedmineMailHandler | |||
self.allow_override = arg.dup | |||
when '--unknown-user' | |||
self.unknown_user = arg.dup | |||
when '--no-permission-check' | |||
self.no_permission_check = '1' | |||
end | |||
end | |||
@@ -118,7 +123,8 @@ class RedmineMailHandler | |||
data = { 'key' => key, 'email' => email, | |||
'allow_override' => allow_override, | |||
'unknown_user' => unknown_user } | |||
'unknown_user' => unknown_user, | |||
'no_permission_check' => no_permission_check} | |||
issue_attributes.each { |attr, value| data["issue[#{attr}]"] = value } | |||
debug "Posting to #{uri}..." |
@@ -27,6 +27,8 @@ General options: | |||
ignore: email is ignored (default) | |||
accept: accept as anonymous user | |||
create: create a user account | |||
no_permission_check=1 disable permission checking when receiving | |||
the email | |||
Issue attributes control options: | |||
project=PROJECT identifier of the target project | |||
@@ -55,6 +57,7 @@ END_DESC | |||
%w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] } | |||
options[:allow_override] = ENV['allow_override'] if ENV['allow_override'] | |||
options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user'] | |||
options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check'] | |||
MailHandler.receive(STDIN.read, options) | |||
end | |||
@@ -68,6 +71,8 @@ General options: | |||
ignore: email is ignored (default) | |||
accept: accept as anonymous user | |||
create: create a user account | |||
no_permission_check=1 disable permission checking when receiving | |||
the email | |||
Available IMAP options: | |||
host=HOST IMAP server host (default: 127.0.0.1) | |||
@@ -123,6 +128,7 @@ END_DESC | |||
%w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] } | |||
options[:allow_override] = ENV['allow_override'] if ENV['allow_override'] | |||
options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user'] | |||
options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check'] | |||
Redmine::IMAP.check(imap_options, options) | |||
end |
@@ -165,6 +165,26 @@ class MailHandlerTest < ActiveSupport::TestCase | |||
end | |||
end | |||
def test_add_issue_by_anonymous_user_on_private_project | |||
Role.anonymous.add_permission!(:add_issues) | |||
assert_no_difference 'User.count' do | |||
assert_no_difference 'Issue.count' do | |||
assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :unknown_user => 'accept') | |||
end | |||
end | |||
end | |||
def test_add_issue_by_anonymous_user_on_private_project_without_permission_check | |||
assert_no_difference 'User.count' do | |||
assert_difference 'Issue.count' do | |||
issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :no_permission_check => '1', :unknown_user => 'accept') | |||
assert issue.is_a?(Issue) | |||
assert issue.author.anonymous? | |||
assert !issue.project.is_public? | |||
end | |||
end | |||
end | |||
def test_add_issue_by_created_user | |||
Setting.default_language = 'en' | |||
assert_difference 'User.count' do |