[Rt-commit] r4532 - in rt/branches/3.7-EXPERIMENTAL: .
ruz at bestpractical.com
ruz at bestpractical.com
Tue Feb 14 18:28:47 EST 2006
Author: ruz
Date: Tue Feb 14 18:28:46 2006
New Revision: 4532
Modified:
rt/branches/3.7-EXPERIMENTAL/ (props changed)
rt/branches/3.7-EXPERIMENTAL/lib/RT/Interface/Email/Auth/MailFrom.pm
Log:
r1703 at cubic-pc: cubic | 2006-02-15 02:30:17 +0300
* we didn't check rights of unprivileged group when
not existant user creates new ticket
* add debug output to log which one right check
failed and on which queue. Would help users to debug
errors in setup.
Modified: rt/branches/3.7-EXPERIMENTAL/lib/RT/Interface/Email/Auth/MailFrom.pm
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL/lib/RT/Interface/Email/Auth/MailFrom.pm (original)
+++ rt/branches/3.7-EXPERIMENTAL/lib/RT/Interface/Email/Auth/MailFrom.pm Tue Feb 14 18:28:46 2006
@@ -60,79 +60,64 @@
# We don't need to do any external lookups
my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head );
- my $CurrentUser = RT::CurrentUser->new();
- $CurrentUser->LoadByEmail($Address);
-
- unless ( $CurrentUser->Id ) {
- $CurrentUser->LoadByName($Address);
- }
-
- if ( $CurrentUser->Id ) {
- return ( $CurrentUser, 1 );
- }
-
-
+ my $CurrentUser = new RT::CurrentUser;
+ $CurrentUser->LoadByEmail( $Address );
+ $CurrentUser->LoadByName( $Address ) unless $CurrentUser->Id;
+ return ( $CurrentUser, 1 ) if $CurrentUser->Id;
# If the user can't be loaded, we may need to create one. Figure out the acl situation.
- my $unpriv = RT::Group->new($RT::SystemUser);
+ my $unpriv = RT::Group->new( $RT::SystemUser );
$unpriv->LoadSystemInternalGroup('Unprivileged');
unless ( $unpriv->Id ) {
- $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Unprivileged' internal group" );
+ $RT::Logger->crit("Couldn't find the 'Unprivileged' internal group");
return ( $args{'CurrentUser'}, -1 );
}
- my $everyone = RT::Group->new($RT::SystemUser);
+ my $everyone = RT::Group->new( $RT::SystemUser );
$everyone->LoadSystemInternalGroup('Everyone');
unless ( $everyone->Id ) {
- $RT::Logger->crit( "Auth::MailFrom couldn't find the 'Everyone' internal group");
+ $RT::Logger->crit("Couldn't find the 'Everyone' internal group");
return ( $args{'CurrentUser'}, -1 );
}
# but before we do that, we need to make sure that the created user would have the right
# to do what we're doing.
if ( $args{'Ticket'} && $args{'Ticket'}->Id ) {
+ my $qname = $args{'Queue'}->Name;
# We have a ticket. that means we're commenting or corresponding
if ( $args{'Action'} =~ /^comment$/i ) {
# check to see whether "Everyone" or "Unprivileged users" can comment on tickets
- unless ( $everyone->PrincipalObj->HasRight(
- Object => $args{'Queue'},
- Right => 'CommentOnTicket'
- )
- || $unpriv->PrincipalObj->HasRight(
- Object => $args{'Queue'},
- Right => 'CommentOnTicket'
- )
- ) {
+ unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
+ Right => 'CommentOnTicket' )
+ || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
+ Right => 'CommentOnTicket' ) )
+ {
+ $RT::Logger->debug("Unprivileged users have no right to comment on ticket in queue '$qname'");
return ( $args{'CurrentUser'}, 0 );
}
}
elsif ( $args{'Action'} =~ /^correspond$/i ) {
# check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
- unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
- Right => 'ReplyToTicket'
- )
- || $unpriv->PrincipalObj->HasRight(
- Object => $args{'Queue'},
- Right => 'ReplyToTicket'
- )
- ) {
+ unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
+ Right => 'ReplyToTicket' )
+ || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
+ Right => 'ReplyToTicket' ) )
+ {
+ $RT::Logger->debug("Unprivileged users have no right to reply to ticket in queue '$qname'");
return ( $args{'CurrentUser'}, 0 );
}
-
}
elsif ( $args{'Action'} =~ /^take$/i ) {
# check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
- unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
- Right => 'OwnTicket'
- )
- || $unpriv->PrincipalObj->HasRight(
- Object => $args{'Queue'},
- Right => 'OwnTicket'
- )
- ) {
+ unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
+ Right => 'OwnTicket' )
+ || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
+ Right => 'OwnTicket' ) )
+ {
+ $RT::Logger->debug("Unprivileged users have no right to own ticket in queue '$qname'");
return ( $args{'CurrentUser'}, 0 );
}
@@ -140,14 +125,12 @@
elsif ( $args{'Action'} =~ /^resolve$/i ) {
# check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
- unless ( $everyone->PrincipalObj->HasRight(Object => $args{'Queue'},
- Right => 'ModifyTicket'
- )
- || $unpriv->PrincipalObj->HasRight(
- Object => $args{'Queue'},
- Right => 'ModifyTicket'
- )
- ) {
+ unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
+ Right => 'ModifyTicket' )
+ || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
+ Right => 'ModifyTicket' ) )
+ {
+ $RT::Logger->debug("Unprivileged users have no right to resolve ticket in queue '$qname'");
return ( $args{'CurrentUser'}, 0 );
}
@@ -159,14 +142,17 @@
# We're creating a ticket
elsif ( $args{'Queue'} && $args{'Queue'}->Id ) {
+ my $qname = $args{'Queue'}->Name;
# check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue
unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
Right => 'CreateTicket' )
- ) {
+ || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
+ Right => 'ModifyTicket' ) )
+ {
+ $RT::Logger->debug("Unprivileged users have no right to create ticket in queue '$qname'");
return ( $args{'CurrentUser'}, 0 );
}
-
}
$CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} );
More information about the Rt-commit
mailing list