rt/lib/RT/Interface/Email/Auth/MailFrom.pm

   1 # BEGIN LICENSE BLOCK
   2 #
   3 # Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
   4 #
   5 # (Except where explictly superceded by other copyright notices)
   6 #
   7 # This work is made available to you under the terms of Version 2 of
   8 # the GNU General Public License. A copy of that license should have
   9 # been provided with this software, but in any event can be snarfed
  10 # from www.gnu.org.
  11 #
  12 # This work is distributed in the hope that it will be useful, but
  13 # WITHOUT ANY WARRANTY; without even the implied warranty of
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15 # General Public License for more details.
  16 #
  17 # Unless otherwise specified, all modifications, corrections or
  18 # extensions to this work which alter its source code become the
  19 # property of Best Practical Solutions, LLC when submitted for
  20 # inclusion in the work.
  21 #
  22 #
  23 # END LICENSE BLOCK
  24 package RT::Interface::Email::Auth::MailFrom;
  25 use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser);
  26
  27 # This is what the ordinary, non-enhanced gateway does at the moment.
  28
  29 sub GetCurrentUser {
  30     my %args = ( Message     => undef,
  31                  CurrentUser => undef,
  32                  AuthLevel   => undef,
  33                  Ticket      => undef,
  34                  Queue       => undef,
  35                  Action      => undef,
  36                  @_ );
  37
  38     # We don't need to do any external lookups
  39     my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head );
  40     my $CurrentUser = RT::CurrentUser->new();
  41     $CurrentUser->LoadByEmail($Address);
  42
  43     unless ( $CurrentUser->Id ) {
  44         $CurrentUser->LoadByName($Address);
  45     }
  46
  47     if ( $CurrentUser->Id ) {
  48         return ( $CurrentUser, 1 );
  49     }
  50
  51
  52
  53     # If the user can't be loaded, we may need to create one. Figure out the acl situation.
  54     my $unpriv = RT::Group->new($RT::SystemUser);
  55     $unpriv->LoadSystemInternalGroup('Unprivileged');
  56     unless ( $unpriv->Id ) {
  57         $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Unprivileged' internal group" );
  58         return ( $args{'CurrentUser'}, -1 );
  59     }
  60
  61     my $everyone = RT::Group->new($RT::SystemUser);
  62     $everyone->LoadSystemInternalGroup('Everyone');
  63     unless ( $everyone->Id ) {
  64         $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Everyone' internal group");
  65         return ( $args{'CurrentUser'}, -1 );
  66     }
  67
  68     # but before we do that, we need to make sure that the created user would have the right
  69     # to do what we're doing.
  70     if ( $args{'Ticket'} && $args{'Ticket'}->Id ) {
  71         # We have a ticket. that means we're commenting or corresponding
  72         if ( $args{'Action'} =~ /^comment$/i ) {
  73
  74             # check to see whether "Everybody" or "Unprivileged users" can comment on tickets
  75             unless ( $everyone->PrincipalObj->HasRight(
  76                                                       Object => $args{'Queue'},
  77                                                       Right => 'CommentOnTicket'
  78                      )
  79                      || $unpriv->PrincipalObj->HasRight(
  80                                                       Object => $args{'Queue'},
  81                                                       Right => 'CommentOnTicket'
  82                      )
  83               ) {
  84                 return ( $args{'CurrentUser'}, 0 );
  85             }
  86         }
  87         elsif ( $args{'Action'} =~ /^correspond$/i ) {
  88
  89             # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
  90             unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
  91                                                        Right  => 'ReplyToTicket'
  92                      )
  93                      || $unpriv->PrincipalObj->HasRight(
  94                                                        Object => $args{'Queue'},
  95                                                        Right  => 'ReplyToTicket'
  96                      )
  97               ) {
  98                 return ( $args{'CurrentUser'}, 0 );
  99             }
 100
 101         }
 102         else {
 103             return ( $args{'CurrentUser'}, 0 );
 104         }
 105     }
 106
 107     # We're creating a ticket
 108     elsif ( $args{'Queue'} && $args{'Queue'}->Id ) {
 109
 110         # check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue
 111         unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
 112                                                     Right  => 'CreateTicket' )
 113                  || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
 114                                                      Right  => 'CreateTicket' )
 115           ) {
 116             return ( $args{'CurrentUser'}, 0 );
 117         }
 118
 119     }
 120
 121     $CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} );
 122
 123     return ( $CurrentUser, 1 );
 124 }
 125
 126 eval "require RT::Interface::Email::Auth::MailFrom_Vendor";
 127 die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Vendor.pm});
 128 eval "require RT::Interface::Email::Auth::MailFrom_Local";
 129 die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Local.pm});
 130
 131 1;