Defect #37187 » 37187.patch
| app/models/mail_handler.rb | ||
|---|---|---|
| 182 | 182 |
# Creates a new issue |
| 183 | 183 |
def receive_issue |
| 184 | 184 |
project = target_project |
| 185 | ||
| 186 |
# Never receive emails to projects where adding issues is not possible |
|
| 187 |
raise UnauthorizedAction, "not possible to add issues to project [#{project.name}]" unless project.allows_to?(:add_issues)
|
|
| 188 | ||
| 185 | 189 |
# check permission |
| 186 | 190 |
unless handler_options[:no_permission_check] |
| 187 | 191 |
raise UnauthorizedAction, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project)
|
| ... | ... | |
| 223 | 227 |
return nil |
| 224 | 228 |
end |
| 225 | 229 | |
| 230 |
# Never receive emails to projects where adding issue notes is not possible |
|
| 231 |
project = issue.project |
|
| 232 |
raise UnauthorizedAction, "not possible to add notes to project [#{project.name}]" unless project.allows_to?(:add_issue_notes)
|
|
| 233 | ||
| 226 | 234 |
# check permission |
| 227 | 235 |
unless handler_options[:no_permission_check] |
| 228 | 236 |
unless issue.notes_addable? |
| ... | ... | |
| 274 | 282 |
return nil |
| 275 | 283 |
end |
| 276 | 284 | |
| 285 |
# Never receive emails to projects where adding messages is not possible |
|
| 286 |
project = message.project |
|
| 287 |
raise UnauthorizedAction, "not possible to add messages to project [#{project.name}]" unless project.allows_to?(:add_messages)
|
|
| 288 | ||
| 277 | 289 |
unless handler_options[:no_permission_check] |
| 278 | 290 |
raise UnauthorizedAction, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project)
|
| 279 | 291 |
end |
| test/unit/mail_handler_test.rb | ||
|---|---|---|
| 403 | 403 |
end |
| 404 | 404 |
end |
| 405 | 405 | |
| 406 |
def test_no_issue_on_closed_project_without_permission_check |
|
| 407 |
Project.find(2).close |
|
| 408 |
assert_no_difference 'User.count' do |
|
| 409 |
assert_no_difference 'Issue.count' do |
|
| 410 |
submit_email( |
|
| 411 |
'ticket_by_unknown_user.eml', |
|
| 412 |
:issue => {:project => 'onlinestore'},
|
|
| 413 |
:no_permission_check => '1', |
|
| 414 |
:unknown_user => 'accept' |
|
| 415 |
) |
|
| 416 |
end |
|
| 417 |
end |
|
| 418 |
ensure |
|
| 419 |
Project.find(2).reopen |
|
| 420 |
end |
|
| 421 | ||
| 422 |
def test_no_issue_on_closed_project_without_issue_tracking_module |
|
| 423 |
assert_no_difference 'User.count' do |
|
| 424 |
assert_no_difference 'Issue.count' do |
|
| 425 |
submit_email( |
|
| 426 |
'ticket_by_unknown_user.eml', |
|
| 427 |
:issue => {:project => 'subproject2'},
|
|
| 428 |
:no_permission_check => '1', |
|
| 429 |
:unknown_user => 'accept' |
|
| 430 |
) |
|
| 431 |
end |
|
| 432 |
end |
|
| 433 |
end |
|
| 434 | ||
| 406 | 435 |
def test_add_issue_by_created_user |
| 407 | 436 |
Setting.default_language = 'en' |
| 408 | 437 |
assert_difference 'User.count' do |