rt/lib/RT/Interface/Email/Auth/MailFrom.pm

   1 # BEGIN BPS TAGGED BLOCK {{{
   2 #
   3 # COPYRIGHT:
   4 #
   5 # This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC
   6 #                                          <jesse@bestpractical.com>
   7 #
   8 # (Except where explicitly superseded by other copyright notices)
   9 #
  10 #
  11 # LICENSE:
  12 #
  13 # This work is made available to you under the terms of Version 2 of
  14 # the GNU General Public License. A copy of that license should have
  15 # been provided with this software, but in any event can be snarfed
  16 # from www.gnu.org.
  17 #
  18 # This work is distributed in the hope that it will be useful, but
  19 # WITHOUT ANY WARRANTY; without even the implied warranty of
  20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  21 # General Public License for more details.
  22 #
  23 # You should have received a copy of the GNU General Public License
  24 # along with this program; if not, write to the Free Software
  25 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  26 #
  27 #
  28 # CONTRIBUTION SUBMISSION POLICY:
  29 #
  30 # (The following paragraph is not intended to limit the rights granted
  31 # to you to modify and distribute this software under the terms of
  32 # the GNU General Public License and is only of importance to you if
  33 # you choose to contribute your changes and enhancements to the
  34 # community by submitting them to Best Practical Solutions, LLC.)
  35 #
  36 # By intentionally submitting any modifications, corrections or
  37 # derivatives to this work, or any other work intended for use with
  38 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
  39 # you are the copyright holder for those contributions and you grant
  40 # Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
  41 # royalty-free, perpetual, license to use, copy, create derivative
  42 # works based on those contributions, and sublicense and distribute
  43 # those contributions and any derivatives thereof.
  44 #
  45 # END BPS TAGGED BLOCK }}}
  46 package RT::Interface::Email::Auth::MailFrom;
  47 use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser);
  48
  49 # This is what the ordinary, non-enhanced gateway does at the moment.
  50
  51 sub GetCurrentUser {
  52     my %args = ( Message     => undef,
  53                  CurrentUser => undef,
  54                  AuthLevel   => undef,
  55                  Ticket      => undef,
  56                  Queue       => undef,
  57                  Action      => undef,
  58                  @_ );
  59
  60
  61     # We don't need to do any external lookups
  62     my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head );
  63     my $CurrentUser = RT::CurrentUser->new();
  64     $CurrentUser->LoadByEmail($Address);
  65
  66     unless ( $CurrentUser->Id ) {
  67         $CurrentUser->LoadByName($Address);
  68     }
  69
  70     if ( $CurrentUser->Id ) {
  71         return ( $CurrentUser, 1 );
  72     }
  73
  74
  75
  76     # If the user can't be loaded, we may need to create one. Figure out the acl situation.
  77     my $unpriv = RT::Group->new($RT::SystemUser);
  78     $unpriv->LoadSystemInternalGroup('Unprivileged');
  79     unless ( $unpriv->Id ) {
  80         $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Unprivileged' internal group" );
  81         return ( $args{'CurrentUser'}, -1 );
  82     }
  83
  84     my $everyone = RT::Group->new($RT::SystemUser);
  85     $everyone->LoadSystemInternalGroup('Everyone');
  86     unless ( $everyone->Id ) {
  87         $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Everyone' internal group");
  88         return ( $args{'CurrentUser'}, -1 );
  89     }
  90
  91     # but before we do that, we need to make sure that the created user would have the right
  92     # to do what we're doing.
  93     if ( $args{'Ticket'} && $args{'Ticket'}->Id ) {
  94         # We have a ticket. that means we're commenting or corresponding
  95         if ( $args{'Action'} =~ /^comment$/i ) {
  96
  97             # check to see whether "Everyone" or "Unprivileged users" can comment on tickets
  98             unless ( $everyone->PrincipalObj->HasRight(
  99                                                       Object => $args{'Queue'},
 100                                                       Right => 'CommentOnTicket'
 101                      )
 102                      || $unpriv->PrincipalObj->HasRight(
 103                                                       Object => $args{'Queue'},
 104                                                       Right => 'CommentOnTicket'
 105                      )
 106               ) {
 107                 return ( $args{'CurrentUser'}, 0 );
 108             }
 109         }
 110         elsif ( $args{'Action'} =~ /^correspond$/i ) {
 111
 112             # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
 113             unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
 114                                                        Right  => 'ReplyToTicket'
 115                      )
 116                      || $unpriv->PrincipalObj->HasRight(
 117                                                        Object => $args{'Queue'},
 118                                                        Right  => 'ReplyToTicket'
 119                      )
 120               ) {
 121                 return ( $args{'CurrentUser'}, 0 );
 122             }
 123
 124         }
 125         elsif ( $args{'Action'} =~ /^take$/i ) {
 126
 127             # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
 128             unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
 129                                                        Right  => 'OwnTicket'
 130                      )
 131                      || $unpriv->PrincipalObj->HasRight(
 132                                                        Object => $args{'Queue'},
 133                                                        Right  => 'OwnTicket'
 134                      )
 135               ) {
 136                 return ( $args{'CurrentUser'}, 0 );
 137             }
 138
 139         }
 140         elsif ( $args{'Action'} =~ /^resolve$/i ) {
 141
 142             # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
 143             unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
 144                                                        Right  => 'ModifyTicket'
 145                      )
 146                      || $unpriv->PrincipalObj->HasRight(
 147                                                        Object => $args{'Queue'},
 148                                                        Right  => 'ModifyTicket'
 149                      )
 150               ) {
 151                 return ( $args{'CurrentUser'}, 0 );
 152             }
 153
 154         }
 155         else {
 156             return ( $args{'CurrentUser'}, 0 );
 157         }
 158     }
 159
 160     # We're creating a ticket
 161     elsif ( $args{'Queue'} && $args{'Queue'}->Id ) {
 162
 163         # check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue
 164         unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
 165                                                     Right  => 'CreateTicket' )
 166           ) {
 167             return ( $args{'CurrentUser'}, 0 );
 168         }
 169
 170     }
 171
 172     $CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} );
 173
 174     return ( $CurrentUser, 1 );
 175 }
 176
 177 eval "require RT::Interface::Email::Auth::MailFrom_Vendor";
 178 die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Vendor.pm});
 179 eval "require RT::Interface::Email::Auth::MailFrom_Local";
 180 die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Local.pm});
 181
 182 1;