diff options
| author | Marius Balteanu <marius.balteanu@zitec.com> | 2022-06-17 10:25:15 +0000 |
|---|---|---|
| committer | Marius Balteanu <marius.balteanu@zitec.com> | 2022-06-17 10:25:15 +0000 |
| commit | 7c8df4c29dc0cfcc90175563e74ac96c6c2794df (patch) | |
| tree | 0e4bfabf91d1246b1d91f971ed2086397f5654b7 /app | |
| parent | fd8d8ba18cf297aa9d51e87f4bad21605a393a2e (diff) | |
| download | redmine-7c8df4c29dc0cfcc90175563e74ac96c6c2794df.tar.gz redmine-7c8df4c29dc0cfcc90175563e74ac96c6c2794df.zip | |
Merged r21641 to 5.0-stable (#37187).
git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@21652 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/mail_handler.rb | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/app/models/mail_handler.rb b/app/models/mail_handler.rb index 9afe2a170..8f7cef691 100644 --- a/app/models/mail_handler.rb +++ b/app/models/mail_handler.rb @@ -22,6 +22,8 @@ class MailHandler < ActionMailer::Base include Redmine::I18n class UnauthorizedAction < StandardError; end + class NotAllowedInProject < UnauthorizedAction; end + class InsufficientPermissions < UnauthorizedAction; end class MissingInformation < StandardError; end attr_reader :email, :user, :handler_options @@ -182,9 +184,13 @@ class MailHandler < ActionMailer::Base # Creates a new issue def receive_issue project = target_project + + # Never receive emails to projects where adding issues is not possible + raise NotAllowedInProject, "not possible to add issues to project [#{project.name}]" unless project.allows_to?(:add_issues) + # check permission unless handler_options[:no_permission_check] - raise UnauthorizedAction, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project) + raise InsufficientPermissions, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project) end issue = Issue.new(:author => user, :project => project) @@ -223,10 +229,14 @@ class MailHandler < ActionMailer::Base return nil end + # Never receive emails to projects where adding issue notes is not possible + project = issue.project + raise NotAllowedInProject, "not possible to add notes to project [#{project.name}]" unless project.allows_to?(:add_issue_notes) + # check permission unless handler_options[:no_permission_check] unless issue.notes_addable? - raise UnauthorizedAction, "not allowed to add notes on issues to project [#{issue.project.name}]" + raise InsufficientPermissions, "not allowed to add notes on issues to project [#{issue.project.name}]" end end @@ -274,8 +284,12 @@ class MailHandler < ActionMailer::Base return nil end + # Never receive emails to projects where adding messages is not possible + project = message.project + raise NotAllowedInProject, "not possible to add messages to project [#{project.name}]" unless project.allows_to?(:add_messages) + unless handler_options[:no_permission_check] - raise UnauthorizedAction, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project) + raise InsufficientPermissions, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project) end if !message.locked? |