Feature #13919 » 0003-Add-permission-check-before-sending-email.patch
| app/models/document.rb | ||
|---|---|---|
| 63 | 63 |
end |
| 64 | 64 | |
| 65 | 65 |
def notified_users |
| 66 |
project.notified_users.reject {|user| !visible?(user)}
|
|
| 66 |
project.notified_users.select {|user| user.allowed_to_view_notify_target?(self) }
|
|
| 67 | 67 |
end |
| 68 | 68 | |
| 69 | 69 |
private |
| app/models/issue.rb | ||
|---|---|---|
| 1070 | 1070 |
notified += project.users.preload(:preference).select(&:notify_about_high_priority_issues?) if priority.high? |
| 1071 | 1071 |
notified.uniq! |
| 1072 | 1072 |
# Remove users that can not view the issue |
| 1073 |
notified.reject! {|user| !visible?(user)}
|
|
| 1074 |
notified |
|
| 1073 |
notified.select {|user| user.allowed_to_view_notify_target?(self)}
|
|
| 1075 | 1074 |
end |
| 1076 | 1075 | |
| 1077 | 1076 |
# Returns the email addresses that should be notified |
| app/models/journal.rb | ||
|---|---|---|
| 146 | 146 | |
| 147 | 147 |
def notified_users |
| 148 | 148 |
notified = journalized.notified_users |
| 149 |
if private_notes? |
|
| 150 |
notified = notified.select {|user| user.allowed_to?(:view_private_notes, journalized.project)}
|
|
| 151 |
end |
|
| 152 |
notified |
|
| 149 |
notified.select{ |u| u.allowed_to_view_notify_target?(self) }
|
|
| 153 | 150 |
end |
| 154 | 151 | |
| 155 | 152 |
def recipients |
| app/models/message.rb | ||
|---|---|---|
| 114 | 114 |
end |
| 115 | 115 | |
| 116 | 116 |
def notified_users |
| 117 |
project.notified_users.reject {|user| !visible?(user)}
|
|
| 117 |
project.notified_users.select {|user| user.allowed_to_view_notify_target?(self) }
|
|
| 118 | 118 |
end |
| 119 | 119 | |
| 120 | 120 |
private |
| app/models/news.rb | ||
|---|---|---|
| 56 | 56 |
end |
| 57 | 57 | |
| 58 | 58 |
def notified_users |
| 59 |
project.users.select {|user| user.notify_about?(self) && user.allowed_to?(:view_news, project)}
|
|
| 59 |
project.users.select {|user| user.notify_about?(self) && user.allowed_to_view_notify_target?(self)}
|
|
| 60 | 60 |
end |
| 61 | 61 | |
| 62 | 62 |
def recipients |
| app/models/user.rb | ||
|---|---|---|
| 855 | 855 |
project_ids.map(&:to_i) |
| 856 | 856 |
end |
| 857 | 857 | |
| 858 |
# Return true if notify the mentioned user. |
|
| 859 |
def notify_mentioned_user?(object) |
|
| 860 |
self.active? && |
|
| 861 |
self.mail.present? && |
|
| 862 |
self.mail_notification.present? && self.mail_notification != 'none' && |
|
| 863 |
self.allowed_to_view_notify_target?(object) |
|
| 864 |
end |
|
| 865 | ||
| 866 |
# Return true if the user is allowed to view the notify target. |
|
| 867 |
def allowed_to_view_notify_target?(object) |
|
| 868 |
case object |
|
| 869 |
when Journal |
|
| 870 |
self.allowed_to_view_notify_target?(object.journalized) && |
|
| 871 |
(!object.private_notes? || self.allowed_to?(:view_private_notes, object.journalized.project)) |
|
| 872 |
when Comment |
|
| 873 |
self.allowed_to_view_notify_target?(object.commented) |
|
| 874 |
when nil |
|
| 875 |
false |
|
| 876 |
else |
|
| 877 |
object.visible?(self) |
|
| 878 |
end |
|
| 879 |
end |
|
| 880 | ||
| 858 | 881 |
protected |
| 859 | 882 | |
| 860 | 883 |
def validate_password_length |
| lib/redmine/acts/mentionable.rb | ||
|---|---|---|
| 44 | 44 | |
| 45 | 45 |
def notified_mentions |
| 46 | 46 |
notified = mentioned_users.to_a |
| 47 |
notified.reject! {|user| user.mail.blank? || user.mail_notification == 'none'}
|
|
| 48 |
notified |
|
| 47 |
notified.select{|user| user.notify_mentioned_user?(self) }
|
|
| 49 | 48 |
end |
| 50 | 49 | |
| 51 | 50 |
private |
