Make sure users don't get notified for thing they can not view (#3589).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3169 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2009-12-13 14:26:54 +00:00
parent 6610bb6b6c
commit bb477a3a0f
7 changed files with 97 additions and 22 deletions

View File

@ -29,6 +29,10 @@ class Document < ActiveRecord::Base
validates_presence_of :project, :title, :category
validates_length_of :title, :maximum => 60
def visible?(user=User.current)
!user.nil? && user.allowed_to?(:view_documents, project)
end
def after_initialize
if new_record?
self.category ||= DocumentCategory.default
@ -42,4 +46,11 @@ class Document < ActiveRecord::Base
end
@updated_on
end
# Returns the mail adresses of users that should be notified
def recipients
notified = project.notified_users
notified.reject! {|user| !visible?(user)}
notified.collect(&:mail)
end
end

View File

@ -94,7 +94,7 @@ class Mailer < ActionMailer::Base
# Mailer.deliver_document_added(document) => sends an email to the document's project recipients
def document_added(document)
redmine_headers 'Project' => document.project.identifier
recipients document.project.recipients
recipients document.recipients
subject "[#{document.project.name}] #{l(:label_document_new)}: #{document.title}"
body :document => document,
:document_url => url_for(:controller => 'documents', :action => 'show', :id => document)
@ -114,15 +114,17 @@ class Mailer < ActionMailer::Base
when 'Project'
added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container)
added_to = "#{l(:label_project)}: #{container}"
recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}
when 'Version'
added_to_url = url_for(:controller => 'projects', :action => 'list_files', :id => container.project_id)
added_to = "#{l(:label_version)}: #{container.name}"
recipients container.project.notified_users.select {|user| user.allowed_to?(:view_files, container.project)}
when 'Document'
added_to_url = url_for(:controller => 'documents', :action => 'show', :id => container.id)
added_to = "#{l(:label_document)}: #{container.title}"
recipients container.recipients
end
redmine_headers 'Project' => container.project.identifier
recipients container.project.recipients
subject "[#{container.project.name}] #{l(:label_attachment_new)}"
body :attachments => attachments,
:added_to => added_to,
@ -138,24 +140,25 @@ class Mailer < ActionMailer::Base
def news_added(news)
redmine_headers 'Project' => news.project.identifier
message_id news
recipients news.project.recipients
recipients news.recipients
subject "[#{news.project.name}] #{l(:label_news)}: #{news.title}"
body :news => news,
:news_url => url_for(:controller => 'news', :action => 'show', :id => news)
render_multipart('news_added', body)
end
# Builds a tmail object used to email the specified recipients of the specified message that was posted.
# Builds a tmail object used to email the recipients of the specified message that was posted.
#
# Example:
# message_posted(message, recipients) => tmail object
# Mailer.deliver_message_posted(message, recipients) => sends an email to the recipients
def message_posted(message, recipients)
# message_posted(message) => tmail object
# Mailer.deliver_message_posted(message) => sends an email to the recipients
def message_posted(message)
redmine_headers 'Project' => message.project.identifier,
'Topic-Id' => (message.parent_id || message.id)
message_id message
references message.parent unless message.parent.nil?
recipients(recipients)
recipients(message.recipients)
cc((message.root.watcher_recipients + message.board.watcher_recipients).uniq - @recipients)
subject "[#{message.board.project.name} - #{message.board.name} - msg#{message.root.id}] #{message.subject}"
body :message => message,
:message_url => url_for(:controller => 'messages', :action => 'show', :board_id => message.board_id, :id => message.root)
@ -171,7 +174,7 @@ class Mailer < ActionMailer::Base
redmine_headers 'Project' => wiki_content.project.identifier,
'Wiki-Page-Id' => wiki_content.page.id
message_id wiki_content
recipients wiki_content.project.recipients
recipients wiki_content.recipients
cc(wiki_content.page.wiki.watcher_recipients - recipients)
subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_added, :page => wiki_content.page.pretty_title)}"
body :wiki_content => wiki_content,
@ -188,7 +191,7 @@ class Mailer < ActionMailer::Base
redmine_headers 'Project' => wiki_content.project.identifier,
'Wiki-Page-Id' => wiki_content.page.id
message_id wiki_content
recipients wiki_content.project.recipients
recipients wiki_content.recipients
cc(wiki_content.page.wiki.watcher_recipients + wiki_content.page.watcher_recipients - recipients)
subject "[#{wiki_content.project.name}] #{l(:mail_subject_wiki_content_updated, :page => wiki_content.page.pretty_title)}"
body :wiki_content => wiki_content,

View File

@ -90,6 +90,13 @@ class Message < ActiveRecord::Base
usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project)))
end
# Returns the mail adresses of users that should be notified
def recipients
notified = project.notified_users
notified.reject! {|user| !visible?(user)}
notified.collect(&:mail)
end
private
def add_author_as_watcher

View File

@ -17,14 +17,6 @@
class MessageObserver < ActiveRecord::Observer
def after_create(message)
recipients = []
# send notification to the topic watchers
recipients += message.root.watcher_recipients
# send notification to the board watchers
recipients += message.board.watcher_recipients
# send notification to project members who want to be notified
recipients += message.board.project.recipients
recipients = recipients.compact.uniq
Mailer.deliver_message_posted(message, recipients) if !recipients.empty? && Setting.notified_events.include?('message_posted')
Mailer.deliver_message_posted(message) if Setting.notified_events.include?('message_posted')
end
end

View File

@ -29,6 +29,17 @@ class News < ActiveRecord::Base
acts_as_activity_provider :find_options => {:include => [:project, :author]},
:author_key => :author_id
def visible?(user=User.current)
!user.nil? && user.allowed_to?(:view_news, project)
end
# Returns the mail adresses of users that should be notified
def recipients
notified = project.notified_users
notified.reject! {|user| !visible?(user)}
notified.collect(&:mail)
end
# returns latest news for projects visible by user
def self.latest(user = User.current, count = 5)
find(:all, :limit => count, :conditions => Project.allowed_to_condition(user, :view_news), :include => [ :author, :project ], :order => "#{News.table_name}.created_on DESC")

View File

@ -25,11 +25,22 @@ class WikiContent < ActiveRecord::Base
validates_length_of :comments, :maximum => 255, :allow_nil => true
acts_as_versioned
def visible?(user=User.current)
page.visible?(user)
end
def project
page.project
end
# Returns the mail adresses of users that should be notified
def recipients
notified = project.notified_users
notified.reject! {|user| !visible?(user)}
notified.collect(&:mail)
end
class Version
belongs_to :page, :class_name => '::WikiPage', :foreign_key => 'page_id'
belongs_to :author, :class_name => '::User', :foreign_key => 'author_id'

View File

@ -147,7 +147,7 @@ class MailerTest < ActiveSupport::TestCase
def test_message_posted_message_id
ActionMailer::Base.deliveries.clear
message = Message.find(1)
Mailer.deliver_message_posted(message, message.author.mail)
Mailer.deliver_message_posted(message)
mail = ActionMailer::Base.deliveries.last
assert_not_nil mail
assert_equal Mailer.message_id_for(message), mail.message_id
@ -157,13 +157,47 @@ class MailerTest < ActiveSupport::TestCase
def test_reply_posted_message_id
ActionMailer::Base.deliveries.clear
message = Message.find(3)
Mailer.deliver_message_posted(message, message.author.mail)
Mailer.deliver_message_posted(message)
mail = ActionMailer::Base.deliveries.last
assert_not_nil mail
assert_equal Mailer.message_id_for(message), mail.message_id
assert_equal Mailer.message_id_for(message.parent), mail.references.first.to_s
end
context("#issue_add") do
setup do
ActionMailer::Base.deliveries.clear
Setting.bcc_recipients = '1'
@issue = Issue.find(1)
end
should "notify project members" do
assert Mailer.deliver_issue_add(@issue)
assert last_email.bcc.include?('dlopper@somenet.foo')
end
should "not notify project members that are not allow to view the issue" do
Role.find(2).remove_permission!(:view_issues)
assert Mailer.deliver_issue_add(@issue)
assert !last_email.bcc.include?('dlopper@somenet.foo')
end
should "notify issue watchers" do
user = User.find(9)
Watcher.create!(:watchable => @issue, :user => user)
assert Mailer.deliver_issue_add(@issue)
assert last_email.bcc.include?(user.mail)
end
should "not notify watchers not allowed to view the issue" do
user = User.find(9)
Watcher.create!(:watchable => @issue, :user => user)
Role.non_member.remove_permission!(:view_issues)
assert Mailer.deliver_issue_add(@issue)
assert !last_email.bcc.include?(user.mail)
end
end
# test mailer methods for each language
def test_issue_add
issue = Issue.find(1)
@ -211,7 +245,7 @@ class MailerTest < ActiveSupport::TestCase
recipients = recipients.compact.uniq
valid_languages.each do |lang|
Setting.default_language = lang.to_s
assert Mailer.deliver_message_posted(message, recipients)
assert Mailer.deliver_message_posted(message)
end
end
@ -256,4 +290,10 @@ class MailerTest < ActiveSupport::TestCase
assert mail.bcc.include?('dlopper@somenet.foo')
assert mail.body.include?('Bug #3: Error 281 when updating a recipe')
end
def last_email
mail = ActionMailer::Base.deliveries.last
assert_not_nil mail
mail
end
end