37187.patch

Felix Schäfer, 2022-06-02 11:17

Download (2.86 KB)

View differences:

app/models/mail_handler.rb
182 182
  # Creates a new issue
183 183
  def receive_issue
184 184
    project = target_project
185

  
186
    # Never receive emails to projects where adding issues is not possible
187
    raise UnauthorizedAction, "not possible to add issues to project [#{project.name}]" unless project.allows_to?(:add_issues)
188

  
185 189
    # check permission
186 190
    unless handler_options[:no_permission_check]
187 191
      raise UnauthorizedAction, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project)
......
223 227
      return nil
224 228
    end
225 229

  
230
    # Never receive emails to projects where adding issue notes is not possible
231
    project = issue.project
232
    raise UnauthorizedAction, "not possible to add notes to project [#{project.name}]" unless project.allows_to?(:add_issue_notes)
233

  
226 234
    # check permission
227 235
    unless handler_options[:no_permission_check]
228 236
      unless issue.notes_addable?
......
274 282
      return nil
275 283
    end
276 284

  
285
    # Never receive emails to projects where adding messages is not possible
286
    project = message.project
287
    raise UnauthorizedAction, "not possible to add messages to project [#{project.name}]" unless project.allows_to?(:add_messages)
288

  
277 289
    unless handler_options[:no_permission_check]
278 290
      raise UnauthorizedAction, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project)
279 291
    end
test/unit/mail_handler_test.rb
403 403
    end
404 404
  end
405 405

  
406
  def test_no_issue_on_closed_project_without_permission_check
407
    Project.find(2).close
408
    assert_no_difference 'User.count' do
409
      assert_no_difference 'Issue.count' do
410
        submit_email(
411
          'ticket_by_unknown_user.eml',
412
          :issue => {:project => 'onlinestore'},
413
          :no_permission_check => '1',
414
          :unknown_user => 'accept'
415
        )
416
      end
417
    end
418
  ensure
419
    Project.find(2).reopen
420
  end
421

  
422
  def test_no_issue_on_closed_project_without_issue_tracking_module
423
    assert_no_difference 'User.count' do
424
      assert_no_difference 'Issue.count' do
425
        submit_email(
426
          'ticket_by_unknown_user.eml',
427
          :issue => {:project => 'subproject2'},
428
          :no_permission_check => '1',
429
          :unknown_user => 'accept'
430
        )
431
      end
432
    end
433
  end
434

  
406 435
  def test_add_issue_by_created_user
407 436
    Setting.default_language = 'en'
408 437
    assert_difference 'User.count' do