1 files changed, 17 insertions, 3 deletions

diff --git a/app/models/mail_handler.rb b/app/models/mail_handler.rb
index 9afe2a170..8f7cef691 100644
--- a/app/models/mail_handler.rb
+++ b/app/models/mail_handler.rb
@@ -22,6 +22,8 @@ class MailHandler < ActionMailer::Base
   include Redmine::I18n
 
   class UnauthorizedAction < StandardError; end
+  class NotAllowedInProject < UnauthorizedAction; end
+  class InsufficientPermissions < UnauthorizedAction; end
   class MissingInformation < StandardError; end
 
   attr_reader :email, :user, :handler_options
@@ -182,9 +184,13 @@ class MailHandler < ActionMailer::Base
   # Creates a new issue
   def receive_issue
     project = target_project
+
+    # Never receive emails to projects where adding issues is not possible
+    raise NotAllowedInProject, "not possible to add issues to project [#{project.name}]" unless project.allows_to?(:add_issues)
+
     # check permission
     unless handler_options[:no_permission_check]
-      raise UnauthorizedAction, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project)
+      raise InsufficientPermissions, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project)
     end
 
     issue = Issue.new(:author => user, :project => project)
@@ -223,10 +229,14 @@ class MailHandler < ActionMailer::Base
       return nil
     end
 
+    # Never receive emails to projects where adding issue notes is not possible
+    project = issue.project
+    raise NotAllowedInProject, "not possible to add notes to project [#{project.name}]" unless project.allows_to?(:add_issue_notes)
+
     # check permission
     unless handler_options[:no_permission_check]
       unless issue.notes_addable?
-        raise UnauthorizedAction, "not allowed to add notes on issues to project [#{issue.project.name}]"
+        raise InsufficientPermissions, "not allowed to add notes on issues to project [#{issue.project.name}]"
       end
     end
 
@@ -274,8 +284,12 @@ class MailHandler < ActionMailer::Base
       return nil
     end
 
+    # Never receive emails to projects where adding messages is not possible
+    project = message.project
+    raise NotAllowedInProject, "not possible to add messages to project [#{project.name}]" unless project.allows_to?(:add_messages)
+
     unless handler_options[:no_permission_check]
-      raise UnauthorizedAction, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project)
+      raise InsufficientPermissions, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project)
     end
 
     if !message.locked?