Adds a 'no_permission_check' option to the MailHandler.

Used with the 'project' option, it allows anyone to submit emails to a private inbox project (#4407). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3195 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-12-19 14:08:48 +00:00 · 2009-12-19 14:08:48 +00:00 · 06ca18b042
parent 9d120c872c
commit 06ca18b042
4 changed files with 52 additions and 8 deletions
--- a/app/models/mail_handler.rb
+++ b/app/models/mail_handler.rb
@ -34,6 +34,8 @@ class MailHandler < ActionMailer::Base
    @@handler_options[:allow_override] << 'project' unless @@handler_options[:issue].has_key?(:project)
    # Status overridable by default
    @@handler_options[:allow_override] << 'status' unless @@handler_options[:issue].has_key?(:status)    
+    
+    @@handler_options[:no_permission_check] = (@@handler_options[:no_permission_check].to_s == '1' ? true : false)
    super email
  end
  
@ -120,7 +122,10 @@ class MailHandler < ActionMailer::Base
    status =  (get_keyword(:status) && IssueStatus.find_by_name(get_keyword(:status)))

    # check permission
+    unless @@handler_options[:no_permission_check]
      raise UnauthorizedAction unless user.allowed_to?(:add_issues, project)
+    end
+    
    issue = Issue.new(:author => user, :project => project, :tracker => tracker, :category => category, :priority => priority)
    # check workflow
    if status && issue.new_statuses_allowed_to(user).include?(status)
@ -163,8 +168,10 @@ class MailHandler < ActionMailer::Base
    issue = Issue.find_by_id(issue_id)
    return unless issue
    # check permission
+    unless @@handler_options[:no_permission_check]
      raise UnauthorizedAction unless user.allowed_to?(:add_issue_notes, issue.project) || user.allowed_to?(:edit_issues, issue.project)
      raise UnauthorizedAction unless status.nil? || user.allowed_to?(:edit_issues, issue.project)
+    end

    # add the note
    journal = issue.init_journal(user, plain_text_body)
@ -191,7 +198,12 @@ class MailHandler < ActionMailer::Base
    message = Message.find_by_id(message_id)
    if message
      message = message.root
-      if user.allowed_to?(:add_messages, message.project) && !message.locked?
+      
+      unless @@handler_options[:no_permission_check]
+        raise UnauthorizedAction unless user.allowed_to?(:add_messages, message.project)
+      end
+      
+      if !message.locked?
        reply = Message.new(:subject => email.subject.gsub(%r{^.*msg\d+\]}, '').strip,
                            :content => plain_text_body)
        reply.author = user
@ -200,7 +212,7 @@ class MailHandler < ActionMailer::Base
        add_attachments(reply)
        reply
      else
-        raise UnauthorizedAction
+        logger.info "MailHandler: ignoring reply from [#{sender_email}] to a locked topic" if logger && logger.info
      end
    end
  end
--- a/extra/mail_handler/rdm-mailhandler.rb
+++ b/extra/mail_handler/rdm-mailhandler.rb
@ -20,6 +20,8 @@
 #                                  ignore: email is ignored (default)
 #                                  accept: accept as anonymous user
 #                                  create: create a user account
+#       --no-permission-check      disable permission checking when receiving
+#                                  the email
 #   -h, --help                     show this help
 #   -v, --verbose                  show extra information
 #   -V, --version                  show version information and exit
@ -69,7 +71,7 @@ end
 class RedmineMailHandler
  VERSION = '0.1'
  
-  attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :url, :key
+  attr_accessor :verbose, :issue_attributes, :allow_override, :unknown_user, :no_permission_check, :url, :key

  def initialize
    self.issue_attributes = {}
@ -86,7 +88,8 @@ class RedmineMailHandler
      [ '--category',             GetoptLong::REQUIRED_ARGUMENT],
      [ '--priority',             GetoptLong::REQUIRED_ARGUMENT],
      [ '--allow-override', '-o', GetoptLong::REQUIRED_ARGUMENT],
-      [ '--unknown-user',         GetoptLong::REQUIRED_ARGUMENT]
+      [ '--unknown-user',         GetoptLong::REQUIRED_ARGUMENT],
+      [ '--no-permission-check',  GetoptLong::NO_ARGUMENT]
    )

    opts.each do |opt, arg|
@ -107,6 +110,8 @@ class RedmineMailHandler
        self.allow_override = arg.dup
      when '--unknown-user'
        self.unknown_user = arg.dup
+      when '--no-permission-check'
+        self.no_permission_check = '1'
      end
    end
    
@ -118,7 +123,8 @@ class RedmineMailHandler
    
    data = { 'key' => key, 'email' => email, 
                           'allow_override' => allow_override,
-                           'unknown_user' => unknown_user }
+                           'unknown_user' => unknown_user,
+                           'no_permission_check' => no_permission_check}
    issue_attributes.each { |attr, value| data["issue[#{attr}]"] = value }
             
    debug "Posting to #{uri}..."
--- a/lib/tasks/email.rake
+++ b/lib/tasks/email.rake
@ -27,6 +27,8 @@ General options:
                           ignore: email is ignored (default)
                           accept: accept as anonymous user
                           create: create a user account
+  no_permission_check=1    disable permission checking when receiving
+                           the email
  
 Issue attributes control options:
  project=PROJECT          identifier of the target project
@ -55,6 +57,7 @@ END_DESC
      %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }
      options[:allow_override] = ENV['allow_override'] if ENV['allow_override']
      options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']
+      options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']
      
      MailHandler.receive(STDIN.read, options)
    end
@ -68,6 +71,8 @@ General options:
                           ignore: email is ignored (default)
                           accept: accept as anonymous user
                           create: create a user account
+  no_permission_check=1    disable permission checking when receiving
+                           the email
  
 Available IMAP options:
  host=HOST                IMAP server host (default: 127.0.0.1)
@ -123,6 +128,7 @@ END_DESC
      %w(project status tracker category priority).each { |a| options[:issue][a.to_sym] = ENV[a] if ENV[a] }
      options[:allow_override] = ENV['allow_override'] if ENV['allow_override']
      options[:unknown_user] = ENV['unknown_user'] if ENV['unknown_user']
+      options[:no_permission_check] = ENV['no_permission_check'] if ENV['no_permission_check']

      Redmine::IMAP.check(imap_options, options)
    end
--- a/test/unit/mail_handler_test.rb
+++ b/test/unit/mail_handler_test.rb
@ -165,6 +165,26 @@ class MailHandlerTest < ActiveSupport::TestCase
    end
  end
  
+  def test_add_issue_by_anonymous_user_on_private_project
+    Role.anonymous.add_permission!(:add_issues)
+    assert_no_difference 'User.count' do
+      assert_no_difference 'Issue.count' do
+        assert_equal false, submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :unknown_user => 'accept')
+      end
+    end
+  end
+  
+  def test_add_issue_by_anonymous_user_on_private_project_without_permission_check
+    assert_no_difference 'User.count' do
+      assert_difference 'Issue.count' do
+        issue = submit_email('ticket_by_unknown_user.eml', :issue => {:project => 'onlinestore'}, :no_permission_check => '1', :unknown_user => 'accept')
+        assert issue.is_a?(Issue)
+        assert issue.author.anonymous?
+        assert !issue.project.is_public?
+      end
+    end
+  end
+  
  def test_add_issue_by_created_user
    Setting.default_language = 'en'
    assert_difference 'User.count' do