diff options
| author | Marius Balteanu <marius.balteanu@zitec.com> | 2022-06-16 21:32:02 +0000 |
|---|---|---|
| committer | Marius Balteanu <marius.balteanu@zitec.com> | 2022-06-16 21:32:02 +0000 |
| commit | 9c4df39c7dba5efcdce474f2fa65593fec8fa0dd (patch) | |
| tree | 82874b0ec692b2d9aebb4a4a3f47bec4c4f13bd6 /app | |
| parent | 68031b65441c5d6aeb65850ca53f6f914ce53f4c (diff) | |
| download | redmine-9c4df39c7dba5efcdce474f2fa65593fec8fa0dd.tar.gz redmine-9c4df39c7dba5efcdce474f2fa65593fec8fa0dd.zip | |
Setting @--no-permission-check@ in the mail receiver should not allow creating issues in closed and archived projects (#37187).
Patch by Felix Schäfer.
git-svn-id: https://svn.redmine.org/redmine/trunk@21641 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/mail_handler.rb | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/app/models/mail_handler.rb b/app/models/mail_handler.rb index 9afe2a170..8f7cef691 100644 --- a/app/models/mail_handler.rb +++ b/app/models/mail_handler.rb @@ -22,6 +22,8 @@ class MailHandler < ActionMailer::Base include Redmine::I18n class UnauthorizedAction < StandardError; end + class NotAllowedInProject < UnauthorizedAction; end + class InsufficientPermissions < UnauthorizedAction; end class MissingInformation < StandardError; end attr_reader :email, :user, :handler_options @@ -182,9 +184,13 @@ class MailHandler < ActionMailer::Base # Creates a new issue def receive_issue project = target_project + + # Never receive emails to projects where adding issues is not possible + raise NotAllowedInProject, "not possible to add issues to project [#{project.name}]" unless project.allows_to?(:add_issues) + # check permission unless handler_options[:no_permission_check] - raise UnauthorizedAction, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project) + raise InsufficientPermissions, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project) end issue = Issue.new(:author => user, :project => project) @@ -223,10 +229,14 @@ class MailHandler < ActionMailer::Base return nil end + # Never receive emails to projects where adding issue notes is not possible + project = issue.project + raise NotAllowedInProject, "not possible to add notes to project [#{project.name}]" unless project.allows_to?(:add_issue_notes) + # check permission unless handler_options[:no_permission_check] unless issue.notes_addable? - raise UnauthorizedAction, "not allowed to add notes on issues to project [#{issue.project.name}]" + raise InsufficientPermissions, "not allowed to add notes on issues to project [#{issue.project.name}]" end end @@ -274,8 +284,12 @@ class MailHandler < ActionMailer::Base return nil end + # Never receive emails to projects where adding messages is not possible + project = message.project + raise NotAllowedInProject, "not possible to add messages to project [#{project.name}]" unless project.allows_to?(:add_messages) + unless handler_options[:no_permission_check] - raise UnauthorizedAction, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project) + raise InsufficientPermissions, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project) end if !message.locked? |