diff --git a/app/models/mail_handler.rb b/app/models/mail_handler.rb index cda556f8e..2ecf3734e 100644 --- a/app/models/mail_handler.rb +++ b/app/models/mail_handler.rb @@ -34,6 +34,8 @@ class MailHandler < ActionMailer::Base @@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project) # Status overridable by default @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status) + + @@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false) super email end @@ -120,7 +122,10 @@ class MailHandler < ActionMailer::Base status = (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status))) # check permission - raise UnauthorizedAction unless user.allowed_to?(:add_issues, project) + unless @@handler_options[:no_permission_check] + raise UnauthorizedAction unless user.allowed_to?(:add_issues, project) + end + issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority) # check workflow if status && issue.new_statuses_allowed_to(user).include?(status) @@ -163,8 +168,10 @@ class MailHandler < ActionMailer::Base issue = Issue.find_by_id(issue_id) return unless issue # check permission - raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project) - raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project) + unless @@handler_options[:no_permission_check] + raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project) + raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project) + end # add the note journal = issue.init_journal(user, plain_text_body) @@ -191,7 +198,12 @@ class MailHandler < ActionMailer::Base message = Message.find_by_id(message_id) if message message = message.root - if user.allowed_to?(:add_messages, message.project) && !message.locked? + + unless @@handler_options[:no_permission_check] + raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project) + end + + if !message.locked? reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip, :content => plain_text_body) reply.author = user @@ -200,7 +212,7 @@ class MailHandler < ActionMailer::Base add_attachments(reply) reply else - raise UnauthorizedAction + logger.info "MailHandler: ignoring reply from [#{sender_email}] to a locked topic" if logger && logger.info end end end diff --git a/extra/mail_handler/rdm-mailhandler.rb b/extra/mail_handler/rdm-mailhandler.rb index 91bb771b9..fe9460a6b 100644 --- a/extra/mail_handler/rdm-mailhandler.rb +++ b/extra/mail_handler/rdm-mailhandler.rb @@ -20,6 +20,8 @@ # ignore: email is ignored (default) # accept: accept as anonymous user # create: create a user account +# --no-permission-check disable permission checking when receiving +# the email # -h, --help show this help # -v, --verbose show extra information # -V, --version show version information and exit @@ -69,7 +71,7 @@ end class RedmineMailHandler VERSION = '0.1' - attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :url, :key + attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :no_permission_check, :url, :key def initialize self.issue_attributes = {} @@ -86,7 +88,8 @@ class RedmineMailHandler [ '--category', GetoptLong::REQUIRED_ARGUMENT], [ '--priority', GetoptLong::REQUIRED_ARGUMENT], [ '--allow-override', '-o', GetoptLong::REQUIRED_ARGUMENT], - [ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT] + [ '--unknown-user', GetoptLong::REQUIRED_ARGUMENT], + [ '--no-permission-check', GetoptLong::NO_ARGUMENT] ) opts.each do |opt, arg| @@ -107,6 +110,8 @@ class RedmineMailHandler self.allow_override = arg.dup when '--unknown-user' self.unknown_user = arg.dup + when '--no-permission-check' + self.no_permission_check = '1' end end @@ -118,7 +123,8 @@ class RedmineMailHandler data = { 'key' => key, 'email' => email, 'allow_override' => allow_override, - 'unknown_user' => unknown_user } + 'unknown_user' => unknown_user, + 'no_permission_check' => no_permission_check} issue_attributes.each { |attr, value| data["issue[#{attr}]"] = value } debug "Posting to #{uri}..." diff --git a/lib/tasks/email.rake b/lib/tasks/email.rake index 487ce506b..37fbd4261 100644 --- a/lib/tasks/email.rake +++ b/lib/tasks/email.rake @@ -27,6 +27,8 @@ General options: ignore: email is ignored (default) accept: accept as anonymous user create: create a user account + no_permission_check=1 disable permission checking when receiving + the email Issue attributes control options: project=PROJECT identifier of the target project @@ -55,6 +57,7 @@ END_DESC %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] } options[:allow_override] = ENV['allow_override'] if ENV['allow_override'] options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user'] + options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check'] MailHandler.receive(STDIN.read, options) end @@ -68,6 +71,8 @@ General options: ignore: email is ignored (default) accept: accept as anonymous user create: create a user account + no_permission_check=1 disable permission checking when receiving + the email Available IMAP options: host=HOST IMAP server host (default: 127.0.0.1) @@ -123,6 +128,7 @@ END_DESC %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] } options[:allow_override] = ENV['allow_override'] if ENV['allow_override'] options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user'] + options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check'] Redmine::IMAP.check(imap_options, options) end diff --git a/test/unit/mail_handler_test.rb b/test/unit/mail_handler_test.rb index 79cddd93c..a4ae37345 100644 --- a/test/unit/mail_handler_test.rb +++ b/test/unit/mail_handler_test.rb @@ -165,6 +165,26 @@ class MailHandlerTest < ActiveSupport::TestCase end end + def test_add_issue_by_anonymous_user_on_private_project + Role.anonymous.add_permission!(:add_issues) + assert_no_difference 'User.count' do + assert_no_difference 'Issue.count' do + assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :unknown_user => 'accept') + end + end + end + + def test_add_issue_by_anonymous_user_on_private_project_without_permission_check + assert_no_difference 'User.count' do + assert_difference 'Issue.count' do + issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :no_permission_check => '1', :unknown_user => 'accept') + assert issue.is_a?(Issue) + assert issue.author.anonymous? + assert !issue.project.is_public? + end + end + end + def test_add_issue_by_created_user Setting.default_language = 'en' assert_difference 'User.count' do