]>
Commit | Line | Data |
---|---|---|
08baa24e MKG |
1 | # BEGIN BPS TAGGED BLOCK {{{ |
2 | # | |
3 | # COPYRIGHT: | |
4 | # | |
5 | # This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC | |
6 | # <sales@bestpractical.com> | |
7 | # | |
8 | # (Except where explicitly superseded by other copyright notices) | |
9 | # | |
10 | # | |
11 | # LICENSE: | |
12 | # | |
13 | # This work is made available to you under the terms of Version 2 of | |
14 | # the GNU General Public License. A copy of that license should have | |
15 | # been provided with this software, but in any event can be snarfed | |
16 | # from www.gnu.org. | |
17 | # | |
18 | # This work is distributed in the hope that it will be useful, but | |
19 | # WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
21 | # General Public License for more details. | |
22 | # | |
23 | # You should have received a copy of the GNU General Public License | |
24 | # along with this program; if not, write to the Free Software | |
25 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
26 | # 02110-1301 or visit their web page on the internet at | |
27 | # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. | |
28 | # | |
29 | # | |
30 | # CONTRIBUTION SUBMISSION POLICY: | |
31 | # | |
32 | # (The following paragraph is not intended to limit the rights granted | |
33 | # to you to modify and distribute this software under the terms of | |
34 | # the GNU General Public License and is only of importance to you if | |
35 | # you choose to contribute your changes and enhancements to the | |
36 | # community by submitting them to Best Practical Solutions, LLC.) | |
37 | # | |
38 | # By intentionally submitting any modifications, corrections or | |
39 | # derivatives to this work, or any other work intended for use with | |
40 | # Request Tracker, to Best Practical Solutions, LLC, you confirm that | |
41 | # you are the copyright holder for those contributions and you grant | |
42 | # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, | |
43 | # royalty-free, perpetual, license to use, copy, create derivative | |
44 | # works based on those contributions, and sublicense and distribute | |
45 | # those contributions and any derivatives thereof. | |
46 | # | |
47 | # END BPS TAGGED BLOCK }}} | |
48 | ||
49 | # Modified to lookup email-addresses using RT::Auth::ExternalAuth. | |
50 | # Local modification for UiO. | |
51 | # - mikalkg 2012-07-24 | |
52 | ||
53 | package RT::Interface::Email::Auth::MailFrom; | |
54 | ||
55 | use strict; | |
56 | use warnings; | |
57 | ||
58 | use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser); | |
59 | ||
60 | # This is what the ordinary, non-enhanced gateway does at the moment. | |
61 | ||
62 | sub GetCurrentUser { | |
63 | my %args = ( Message => undef, | |
64 | CurrentUser => undef, | |
65 | AuthLevel => undef, | |
66 | Ticket => undef, | |
67 | Queue => undef, | |
68 | Action => undef, | |
69 | @_ ); | |
70 | ||
71 | ||
72 | # We don't need to do any external lookups | |
73 | my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head ); | |
74 | unless ( $Address ) { | |
75 | $RT::Logger->error("Couldn't find sender's address"); | |
76 | return ( $args{'CurrentUser'}, -1 ); | |
77 | } | |
78 | ||
79 | my $CurrentUser = RT::CurrentUser->new; | |
80 | $CurrentUser->LoadByEmail( $Address ); | |
81 | $CurrentUser->LoadByName( $Address ) unless $CurrentUser->Id; | |
82 | ||
83 | # Local mod for the LDAP lookup goes here: | |
84 | ||
85 | unless ($CurrentUser->Id) { | |
86 | my ( $found, %params ); | |
87 | while (not $found) { | |
88 | my @auth_services = @$RT::ExternalAuthPriority; | |
89 | for my $service (@auth_services) { | |
90 | my $config = $RT::ExternalSettings->{$service}; | |
91 | my $lookup_attr = $config->{'lookup_attr_map'}->{'EmailAddress'}; | |
92 | next unless ($config->{'type'} eq 'ldap'); | |
93 | ($found, %params) = | |
94 | RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo ( $service, $lookup_attr, $Address ); | |
95 | $CurrentUser->LoadByName( %params->{'Name'} ) if $found; | |
96 | } | |
97 | } | |
98 | } | |
99 | ||
100 | if ( $CurrentUser->Id ) { | |
101 | $RT::Logger->debug("Mail from user #". $CurrentUser->Id ." ($Address)" ); | |
102 | return ( $CurrentUser, 1 ); | |
103 | } | |
104 | ||
105 | # If the user can't be loaded, we may need to create one. Figure out the acl situation. | |
106 | my $unpriv = RT->UnprivilegedUsers(); | |
107 | unless ( $unpriv->Id ) { | |
108 | $RT::Logger->crit("Couldn't find the 'Unprivileged' internal group"); | |
109 | return ( $args{'CurrentUser'}, -1 ); | |
110 | } | |
111 | ||
112 | my $everyone = RT::Group->new( RT->SystemUser ); | |
113 | $everyone->LoadSystemInternalGroup('Everyone'); | |
114 | unless ( $everyone->Id ) { | |
115 | $RT::Logger->crit("Couldn't find the 'Everyone' internal group"); | |
116 | return ( $args{'CurrentUser'}, -1 ); | |
117 | } | |
118 | ||
119 | $RT::Logger->debug("Going to create user with address '$Address'" ); | |
120 | ||
121 | # but before we do that, we need to make sure that the created user would have the right | |
122 | # to do what we're doing. | |
123 | if ( $args{'Ticket'} && $args{'Ticket'}->Id ) { | |
124 | my $qname = $args{'Queue'}->Name; | |
125 | # We have a ticket. that means we're commenting or corresponding | |
126 | if ( $args{'Action'} =~ /^comment$/i ) { | |
127 | ||
128 | # check to see whether "Everyone" or "Unprivileged users" can comment on tickets | |
129 | unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
130 | Right => 'CommentOnTicket' ) | |
131 | || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
132 | Right => 'CommentOnTicket' ) ) | |
133 | { | |
134 | $RT::Logger->debug("Unprivileged users have no right to comment on ticket in queue '$qname'"); | |
135 | return ( $args{'CurrentUser'}, 0 ); | |
136 | } | |
137 | } | |
138 | elsif ( $args{'Action'} =~ /^correspond$/i ) { | |
139 | ||
140 | # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets | |
141 | unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
142 | Right => 'ReplyToTicket' ) | |
143 | || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
144 | Right => 'ReplyToTicket' ) ) | |
145 | { | |
146 | $RT::Logger->debug("Unprivileged users have no right to reply to ticket in queue '$qname'"); | |
147 | return ( $args{'CurrentUser'}, 0 ); | |
148 | } | |
149 | } | |
150 | elsif ( $args{'Action'} =~ /^take$/i ) { | |
151 | ||
152 | # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets | |
153 | unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
154 | Right => 'OwnTicket' ) | |
155 | || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
156 | Right => 'OwnTicket' ) ) | |
157 | { | |
158 | $RT::Logger->debug("Unprivileged users have no right to own ticket in queue '$qname'"); | |
159 | return ( $args{'CurrentUser'}, 0 ); | |
160 | } | |
161 | ||
162 | } | |
163 | elsif ( $args{'Action'} =~ /^resolve$/i ) { | |
164 | ||
165 | # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets | |
166 | unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
167 | Right => 'ModifyTicket' ) | |
168 | || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
169 | Right => 'ModifyTicket' ) ) | |
170 | { | |
171 | $RT::Logger->debug("Unprivileged users have no right to resolve ticket in queue '$qname'"); | |
172 | return ( $args{'CurrentUser'}, 0 ); | |
173 | } | |
174 | ||
175 | } | |
176 | else { | |
177 | $RT::Logger->warning("Action '". ($args{'Action'}||'') ."' is unknown"); | |
178 | return ( $args{'CurrentUser'}, 0 ); | |
179 | } | |
180 | } | |
181 | ||
182 | # We're creating a ticket | |
183 | elsif ( $args{'Queue'} && $args{'Queue'}->Id ) { | |
184 | my $qname = $args{'Queue'}->Name; | |
185 | ||
186 | # check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue | |
187 | unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
188 | Right => 'CreateTicket' ) | |
189 | || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'}, | |
190 | Right => 'CreateTicket' ) ) | |
191 | { | |
192 | $RT::Logger->debug("Unprivileged users have no right to create ticket in queue '$qname'"); | |
193 | return ( $args{'CurrentUser'}, 0 ); | |
194 | } | |
195 | } | |
196 | ||
197 | $CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} ); | |
198 | ||
199 | return ( $CurrentUser, 1 ); | |
200 | } | |
201 | ||
202 | RT::Base->_ImportOverlays(); | |
203 | ||
204 | 1; |