37187-different_errors.patch

Felix Schäfer, 2022-06-07 11:38

Download (3.83 KB)

View differences:

app/models/mail_handler.rb
22 22
  include Redmine::I18n
23 23

  
24 24
  class UnauthorizedAction < StandardError; end
25
  class NotAllowedInProject < UnauthorizedAction; end
26
  class InsufficientPermissions < UnauthorizedAction; end
25 27
  class MissingInformation < StandardError; end
26 28

  
27 29
  attr_reader :email, :user, :handler_options
......
182 184
  # Creates a new issue
183 185
  def receive_issue
184 186
    project = target_project
187

  
188
    # Never receive emails to projects where adding issues is not possible
189
    raise NotAllowedInProject, "not possible to add issues to project [#{project.name}]" unless project.allows_to?(:add_issues)
190

  
185 191
    # check permission
186 192
    unless handler_options[:no_permission_check]
187
      raise UnauthorizedAction, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project)
193
      raise InsufficientPermissions, "not allowed to add issues to project [#{project.name}]" unless user.allowed_to?(:add_issues, project)
188 194
    end
189 195

  
190 196
    issue = Issue.new(:author => user, :project => project)
......
223 229
      return nil
224 230
    end
225 231

  
232
    # Never receive emails to projects where adding issue notes is not possible
233
    project = issue.project
234
    raise NotAllowedInProject, "not possible to add notes to project [#{project.name}]" unless project.allows_to?(:add_issue_notes)
235

  
226 236
    # check permission
227 237
    unless handler_options[:no_permission_check]
228 238
      unless issue.notes_addable?
229
        raise UnauthorizedAction, "not allowed to add notes on issues to project [#{issue.project.name}]"
239
        raise InsufficientPermissions, "not allowed to add notes on issues to project [#{issue.project.name}]"
230 240
      end
231 241
    end
232 242

  
......
274 284
      return nil
275 285
    end
276 286

  
287
    # Never receive emails to projects where adding messages is not possible
288
    project = message.project
289
    raise NotAllowedInProject, "not possible to add messages to project [#{project.name}]" unless project.allows_to?(:add_messages)
290

  
277 291
    unless handler_options[:no_permission_check]
278
      raise UnauthorizedAction, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project)
292
      raise InsufficientPermissions, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project)
279 293
    end
280 294

  
281 295
    if !message.locked?
test/unit/mail_handler_test.rb
403 403
    end
404 404
  end
405 405

  
406
  def test_no_issue_on_closed_project_without_permission_check
407
    Project.find(2).close
408
    assert_no_difference 'User.count' do
409
      assert_no_difference 'Issue.count' do
410
        submit_email(
411
          'ticket_by_unknown_user.eml',
412
          :issue => {:project => 'onlinestore'},
413
          :no_permission_check => '1',
414
          :unknown_user => 'accept'
415
        )
416
      end
417
    end
418
  ensure
419
    Project.find(2).reopen
420
  end
421

  
422
  def test_no_issue_on_closed_project_without_issue_tracking_module
423
    assert_no_difference 'User.count' do
424
      assert_no_difference 'Issue.count' do
425
        submit_email(
426
          'ticket_by_unknown_user.eml',
427
          :issue => {:project => 'subproject2'},
428
          :no_permission_check => '1',
429
          :unknown_user => 'accept'
430
        )
431
      end
432
    end
433
  end
434

  
406 435
  def test_add_issue_by_created_user
407 436
    Setting.default_language = 'en'
408 437
    assert_difference 'User.count' do