Project

General

Profile

Actions

Defect #37187

closed

no-permission-check allows issue creation in closed/archived projects

Added by Felix Schäfer over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Email receiving
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

Setting --no-permission-check in the mail receiver allows creating issues and probably other objects in closed and archived projects. This is probably not what this option is intended for.


Files

37187.patch (2.86 KB) 37187.patch Felix Schäfer, 2022-06-02 11:17
37187-different_errors.patch (3.83 KB) 37187-different_errors.patch Felix Schäfer, 2022-06-07 11:38
Actions #1

Updated by Felix Schäfer over 2 years ago

We will work on a patch and submit it here.

Actions #2

Updated by Felix Schäfer over 2 years ago

The attached patch adds 2 tests demonstrating the problem when sending an email that would created a new issue. The patch also contains a proposed fix.

Actions #3

Updated by Go MAEDA over 2 years ago

  • Target version set to 4.2.7

Setting the target version to 4.2.7.

Actions #4

Updated by Felix Schäfer over 2 years ago

Thank you. We are currently working on another patch that would introduce a different Error class for this case. This would be useful for plugins that need to differentiate between "this is not possible in that project" and "this is not possible for this user".

Could you please hold back on applying this patch? Do you think having different Error classes for those 2 cases could be useful? We will propose another one shortly.

Actions #5

Updated by Felix Schäfer over 2 years ago

Please see the attached patch. It adds subclasses for UnauthorizedAction that allows backwards compatibility for code using UnauthorizedAction but still allows differentiating the error cases.

Actions #6

Updated by Marius BĂLTEANU over 2 years ago

  • Status changed from New to Closed
  • Assignee set to Marius BĂLTEANU
  • Resolution set to Fixed

Felix, patch committed and merged to stable branches. Thanks for reporting and fixing the issue!

Actions

Also available in: Atom PDF