1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC
6 # <jesse@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 # CONTRIBUTION SUBMISSION POLICY:
30 # (The following paragraph is not intended to limit the rights granted
31 # to you to modify and distribute this software under the terms of
32 # the GNU General Public License and is only of importance to you if
33 # you choose to contribute your changes and enhancements to the
34 # community by submitting them to Best Practical Solutions, LLC.)
36 # By intentionally submitting any modifications, corrections or
37 # derivatives to this work, or any other work intended for use with
38 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
39 # you are the copyright holder for those contributions and you grant
40 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
41 # royalty-free, perpetual, license to use, copy, create derivative
42 # works based on those contributions, and sublicense and distribute
43 # those contributions and any derivatives thereof.
45 # END BPS TAGGED BLOCK }}}
46 package RT::Interface::Email::Auth::MailFrom;
47 use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser);
49 # This is what the ordinary, non-enhanced gateway does at the moment.
52 my %args = ( Message => undef,
61 # We don't need to do any external lookups
62 my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head );
65 return ( $args{'CurrentUser'}, -1 );
68 my $CurrentUser = RT::CurrentUser->new();
69 $CurrentUser->LoadByEmail($Address);
71 unless ( $CurrentUser->Id ) {
72 $CurrentUser->LoadByName($Address);
75 if ( $CurrentUser->Id ) {
76 return ( $CurrentUser, 1 );
81 # If the user can't be loaded, we may need to create one. Figure out the acl situation.
82 my $unpriv = RT::Group->new($RT::SystemUser);
83 $unpriv->LoadSystemInternalGroup('Unprivileged');
84 unless ( $unpriv->Id ) {
85 $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Unprivileged' internal group" );
86 return ( $args{'CurrentUser'}, -1 );
89 my $everyone = RT::Group->new($RT::SystemUser);
90 $everyone->LoadSystemInternalGroup('Everyone');
91 unless ( $everyone->Id ) {
92 $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Everyone' internal group");
93 return ( $args{'CurrentUser'}, -1 );
96 # but before we do that, we need to make sure that the created user would have the right
97 # to do what we're doing.
98 if ( $args{'Ticket'} && $args{'Ticket'}->Id ) {
99 # We have a ticket. that means we're commenting or corresponding
100 if ( $args{'Action'} =~ /^comment$/i ) {
102 # check to see whether "Everyone" or "Unprivileged users" can comment on tickets
103 unless ( $everyone->PrincipalObj->HasRight(
104 Object => $args{'Queue'},
105 Right => 'CommentOnTicket'
107 || $unpriv->PrincipalObj->HasRight(
108 Object => $args{'Queue'},
109 Right => 'CommentOnTicket'
112 return ( $args{'CurrentUser'}, 0 );
115 elsif ( $args{'Action'} =~ /^correspond$/i ) {
117 # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
118 unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
119 Right => 'ReplyToTicket'
121 || $unpriv->PrincipalObj->HasRight(
122 Object => $args{'Queue'},
123 Right => 'ReplyToTicket'
126 return ( $args{'CurrentUser'}, 0 );
130 elsif ( $args{'Action'} =~ /^take$/i ) {
132 # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
133 unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
136 || $unpriv->PrincipalObj->HasRight(
137 Object => $args{'Queue'},
141 return ( $args{'CurrentUser'}, 0 );
145 elsif ( $args{'Action'} =~ /^resolve$/i ) {
147 # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
148 unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
149 Right => 'ModifyTicket'
151 || $unpriv->PrincipalObj->HasRight(
152 Object => $args{'Queue'},
153 Right => 'ModifyTicket'
156 return ( $args{'CurrentUser'}, 0 );
161 return ( $args{'CurrentUser'}, 0 );
165 # We're creating a ticket
166 elsif ( $args{'Queue'} && $args{'Queue'}->Id ) {
168 # check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue
169 unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
170 Right => 'CreateTicket' )
172 return ( $args{'CurrentUser'}, 0 );
177 $CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} );
179 return ( $CurrentUser, 1 );
182 eval "require RT::Interface::Email::Auth::MailFrom_Vendor";
183 die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Vendor.pm});
184 eval "require RT::Interface::Email::Auth::MailFrom_Local";
185 die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Local.pm});