X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Flib%2FRT%2FInterface%2FEmail%2FAuth%2FMailFrom.pm;h=c678360a072ad952a30986b6c3ed3b246df55c28;hp=0efadb1cde6a4479e205ff681e58057ef47c8e0f;hb=187086c479a09629b7d180eec513fb7657f4e291;hpb=d39d52aac8f38ea9115628039f0df5aa3ac826de diff --git a/rt/lib/RT/Interface/Email/Auth/MailFrom.pm b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm index 0efadb1cd..c678360a0 100644 --- a/rt/lib/RT/Interface/Email/Auth/MailFrom.pm +++ b/rt/lib/RT/Interface/Email/Auth/MailFrom.pm @@ -1,38 +1,40 @@ -# {{{ BEGIN BPS TAGGED BLOCK -# +# BEGIN BPS TAGGED BLOCK {{{ +# # COPYRIGHT: -# -# This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC -# -# +# +# This software is Copyright (c) 1996-2018 Best Practical Solutions, LLC +# +# # (Except where explicitly superseded by other copyright notices) -# -# +# +# # LICENSE: -# +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -# -# +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# # CONTRIBUTION SUBMISSION POLICY: -# +# # (The following paragraph is not intended to limit the rights granted # to you to modify and distribute this software under the terms of # the GNU General Public License and is only of importance to you if # you choose to contribute your changes and enhancements to the # community by submitting them to Best Practical Solutions, LLC.) -# +# # By intentionally submitting any modifications, corrections or # derivatives to this work, or any other work intended for use with # Request Tracker, to Best Practical Solutions, LLC, you confirm that @@ -41,9 +43,14 @@ # royalty-free, perpetual, license to use, copy, create derivative # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. -# -# }}} END BPS TAGGED BLOCK +# +# END BPS TAGGED BLOCK }}} + package RT::Interface::Email::Auth::MailFrom; + +use strict; +use warnings; + use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser); # This is what the ordinary, non-enhanced gateway does at the moment. @@ -59,84 +66,113 @@ sub GetCurrentUser { # We don't need to do any external lookups - my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head ); - my $CurrentUser = RT::CurrentUser->new(); - $CurrentUser->LoadByEmail($Address); + my ( $Address, $Name, @errors ) = ParseSenderAddressFromHead( $args{'Message'}->head ); + $RT::Logger->warning("Failed to parse ".join(', ', @errors)) + if @errors; - unless ( $CurrentUser->Id ) { - $CurrentUser->LoadByName($Address); + unless ( $Address ) { + $RT::Logger->error("Couldn't parse or find sender's address"); + return ( $args{'CurrentUser'}, -1 ); } + my $CurrentUser = RT::CurrentUser->new; + $CurrentUser->LoadByEmail( $Address ); + $CurrentUser->LoadByName( $Address ) unless $CurrentUser->Id; if ( $CurrentUser->Id ) { + $RT::Logger->debug("Mail from user #". $CurrentUser->Id ." ($Address)" ); return ( $CurrentUser, 1 ); } - - # If the user can't be loaded, we may need to create one. Figure out the acl situation. - my $unpriv = RT::Group->new($RT::SystemUser); - $unpriv->LoadSystemInternalGroup('Unprivileged'); + my $unpriv = RT->UnprivilegedUsers(); unless ( $unpriv->Id ) { - $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Unprivileged' internal group" ); + $RT::Logger->crit("Couldn't find the 'Unprivileged' internal group"); return ( $args{'CurrentUser'}, -1 ); } - my $everyone = RT::Group->new($RT::SystemUser); + my $everyone = RT::Group->new( RT->SystemUser ); $everyone->LoadSystemInternalGroup('Everyone'); unless ( $everyone->Id ) { - $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Everyone' internal group"); + $RT::Logger->crit("Couldn't find the 'Everyone' internal group"); return ( $args{'CurrentUser'}, -1 ); } + $RT::Logger->debug("Going to create user with address '$Address'" ); + # but before we do that, we need to make sure that the created user would have the right # to do what we're doing. if ( $args{'Ticket'} && $args{'Ticket'}->Id ) { + my $qname = $args{'Queue'}->Name; # We have a ticket. that means we're commenting or corresponding if ( $args{'Action'} =~ /^comment$/i ) { # check to see whether "Everyone" or "Unprivileged users" can comment on tickets - unless ( $everyone->PrincipalObj->HasRight( - Object => $args{'Queue'}, - Right => 'CommentOnTicket' - ) - || $unpriv->PrincipalObj->HasRight( - Object => $args{'Queue'}, - Right => 'CommentOnTicket' - ) - ) { + unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'CommentOnTicket' ) + || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'CommentOnTicket' ) ) + { + $RT::Logger->debug("Unprivileged users have no right to comment on ticket in queue '$qname'"); return ( $args{'CurrentUser'}, 0 ); } } elsif ( $args{'Action'} =~ /^correspond$/i ) { # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets - unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'}, - Right => 'ReplyToTicket' - ) - || $unpriv->PrincipalObj->HasRight( - Object => $args{'Queue'}, - Right => 'ReplyToTicket' - ) - ) { + unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'ReplyToTicket' ) + || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'ReplyToTicket' ) ) + { + $RT::Logger->debug("Unprivileged users have no right to reply to ticket in queue '$qname'"); + return ( $args{'CurrentUser'}, 0 ); + } + } + elsif ( $args{'Action'} =~ /^take$/i ) { + + # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets + unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'OwnTicket' ) + || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'OwnTicket' ) ) + { + $RT::Logger->debug("Unprivileged users have no right to own ticket in queue '$qname'"); + return ( $args{'CurrentUser'}, 0 ); + } + + } + elsif ( $args{'Action'} =~ /^resolve$/i ) { + + # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets + unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'ModifyTicket' ) + || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'ModifyTicket' ) ) + { + $RT::Logger->debug("Unprivileged users have no right to resolve ticket in queue '$qname'"); return ( $args{'CurrentUser'}, 0 ); } } else { + $RT::Logger->warning("Action '". ($args{'Action'}||'') ."' is unknown"); return ( $args{'CurrentUser'}, 0 ); } } # We're creating a ticket elsif ( $args{'Queue'} && $args{'Queue'}->Id ) { + my $qname = $args{'Queue'}->Name; # check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, Right => 'CreateTicket' ) - ) { + || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, + Right => 'CreateTicket' ) ) + { + $RT::Logger->debug("Unprivileged users have no right to create ticket in queue '$qname'"); return ( $args{'CurrentUser'}, 0 ); } - } $CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} ); @@ -144,9 +180,6 @@ sub GetCurrentUser { return ( $CurrentUser, 1 ); } -eval "require RT::Interface::Email::Auth::MailFrom_Vendor"; -die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Vendor.pm}); -eval "require RT::Interface::Email::Auth::MailFrom_Local"; -die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Email/Auth/MailFrom_Local.pm}); +RT::Base->_ImportOverlays(); 1;