[usit-rt.git] / local / lib / RT / Interface / Email / Auth / MailFrom.pm

# BEGIN BPS TAGGED BLOCK {{{
#
# COPYRIGHT:
#
# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC
#                                          <sales@bestpractical.com>
#
# (Except where explicitly superseded by other copyright notices)
#
#
# LICENSE:
#
# This work is made available to you under the terms of Version 2 of
# the GNU General Public License. A copy of that license should have
# been provided with this software, but in any event can be snarfed
# from www.gnu.org.
#
# This work is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 or visit their web page on the internet at
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
#
#
# CONTRIBUTION SUBMISSION POLICY:
#
# (The following paragraph is not intended to limit the rights granted
# to you to modify and distribute this software under the terms of
# the GNU General Public License and is only of importance to you if
# you choose to contribute your changes and enhancements to the
# community by submitting them to Best Practical Solutions, LLC.)
#
# By intentionally submitting any modifications, corrections or
# derivatives to this work, or any other work intended for use with
# Request Tracker, to Best Practical Solutions, LLC, you confirm that
# you are the copyright holder for those contributions and you grant
# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
# royalty-free, perpetual, license to use, copy, create derivative
# works based on those contributions, and sublicense and distribute
# those contributions and any derivatives thereof.
#
# END BPS TAGGED BLOCK }}}

# Modified to lookup email-addresses using RT::Auth::ExternalAuth.
# Local modification for UiO.
# - mikalkg 2012-07-24

package RT::Interface::Email::Auth::MailFrom;

use strict;
use warnings;

use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser);

# This is what the ordinary, non-enhanced gateway does at the moment.

sub GetCurrentUser {
    my %args = ( Message     => undef,
                 CurrentUser => undef,
                 AuthLevel   => undef,
                 Ticket      => undef,
                 Queue       => undef,
                 Action      => undef,
                 @_ );


    # We don't need to do any external lookups
    my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head );
    unless ( $Address ) {
        $RT::Logger->error("Couldn't find sender's address");
        return ( $args{'CurrentUser'}, -1 );
    }

    my $CurrentUser = RT::CurrentUser->new;
    $CurrentUser->LoadByEmail( $Address );
    $CurrentUser->LoadByName( $Address ) unless $CurrentUser->Id;

    # Local mod for the LDAP lookup goes here:
    
    unless ($CurrentUser->Id) {
        my ( $found, %params );
        while (not $found) {
            my @auth_services = @$RT::ExternalAuthPriority;
            for my $service (@auth_services) {
                my $config = $RT::ExternalSettings->{$service};
                my $lookup_attr = $config->{'lookup_attr_map'}->{'EmailAddress'};
                next unless ($config->{'type'} eq 'ldap');
                ($found, %params) = 
                RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo ( $service, $lookup_attr, $Address );
                $CurrentUser->LoadByName( %params->{'Name'} ) if $found;
            }
        }
    }

    if ( $CurrentUser->Id ) {
        $RT::Logger->debug("Mail from user #". $CurrentUser->Id ." ($Address)" );
        return ( $CurrentUser, 1 );
    }

    # If the user can't be loaded, we may need to create one. Figure out the acl situation.
    my $unpriv = RT->UnprivilegedUsers();
    unless ( $unpriv->Id ) {
        $RT::Logger->crit("Couldn't find the 'Unprivileged' internal group");
        return ( $args{'CurrentUser'}, -1 );
    }

    my $everyone = RT::Group->new( RT->SystemUser );
    $everyone->LoadSystemInternalGroup('Everyone');
    unless ( $everyone->Id ) {
        $RT::Logger->crit("Couldn't find the 'Everyone' internal group");
        return ( $args{'CurrentUser'}, -1 );
    }

    $RT::Logger->debug("Going to create user with address '$Address'" );

    # but before we do that, we need to make sure that the created user would have the right
    # to do what we're doing.
    if ( $args{'Ticket'} && $args{'Ticket'}->Id ) {
        my $qname = $args{'Queue'}->Name;
        # We have a ticket. that means we're commenting or corresponding
        if ( $args{'Action'} =~ /^comment$/i ) {

            # check to see whether "Everyone" or "Unprivileged users" can comment on tickets
            unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                        Right => 'CommentOnTicket' )
                     || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                         Right => 'CommentOnTicket' ) )
            {
                $RT::Logger->debug("Unprivileged users have no right to comment on ticket in queue '$qname'");
                return ( $args{'CurrentUser'}, 0 );
            }
        }
        elsif ( $args{'Action'} =~ /^correspond$/i ) {

            # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
            unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                        Right  => 'ReplyToTicket' )
                     || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                         Right  => 'ReplyToTicket' ) )
            {
                $RT::Logger->debug("Unprivileged users have no right to reply to ticket in queue '$qname'");
                return ( $args{'CurrentUser'}, 0 );
            }
        }
        elsif ( $args{'Action'} =~ /^take$/i ) {

            # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
            unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                        Right  => 'OwnTicket' )
                     || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                         Right  => 'OwnTicket' ) )
            {
                $RT::Logger->debug("Unprivileged users have no right to own ticket in queue '$qname'");
                return ( $args{'CurrentUser'}, 0 );
            }

        }
        elsif ( $args{'Action'} =~ /^resolve$/i ) {

            # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
            unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                        Right  => 'ModifyTicket' )
                     || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                         Right  => 'ModifyTicket' ) )
            {
                $RT::Logger->debug("Unprivileged users have no right to resolve ticket in queue '$qname'");
                return ( $args{'CurrentUser'}, 0 );
            }

        }
        else {
            $RT::Logger->warning("Action '". ($args{'Action'}||'') ."' is unknown");
            return ( $args{'CurrentUser'}, 0 );
        }
    }

    # We're creating a ticket
    elsif ( $args{'Queue'} && $args{'Queue'}->Id ) {
        my $qname = $args{'Queue'}->Name;

        # check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue
        unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                    Right  => 'CreateTicket' )
                 || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
                                                     Right  => 'CreateTicket' ) )
        {
            $RT::Logger->debug("Unprivileged users have no right to create ticket in queue '$qname'");
            return ( $args{'CurrentUser'}, 0 );
        }
    }

    $CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} );

    return ( $CurrentUser, 1 );
}

RT::Base->_ImportOverlays();

1;
Commit	Line	Data
08baa24e MKG	1	# BEGIN BPS TAGGED BLOCK {{{
	2	#
	3	# COPYRIGHT:
	4	#
	5	# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC
	6	# <sales@bestpractical.com>
	7	#
	8	# (Except where explicitly superseded by other copyright notices)
	9	#
	10	#
	11	# LICENSE:
	12	#
	13	# This work is made available to you under the terms of Version 2 of
	14	# the GNU General Public License. A copy of that license should have
	15	# been provided with this software, but in any event can be snarfed
	16	# from www.gnu.org.
	17	#
	18	# This work is distributed in the hope that it will be useful, but
	19	# WITHOUT ANY WARRANTY; without even the implied warranty of
	20	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	21	# General Public License for more details.
	22	#
	23	# You should have received a copy of the GNU General Public License
	24	# along with this program; if not, write to the Free Software
	25	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	26	# 02110-1301 or visit their web page on the internet at
	27	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
	28	#
	29	#
	30	# CONTRIBUTION SUBMISSION POLICY:
	31	#
	32	# (The following paragraph is not intended to limit the rights granted
	33	# to you to modify and distribute this software under the terms of
	34	# the GNU General Public License and is only of importance to you if
	35	# you choose to contribute your changes and enhancements to the
	36	# community by submitting them to Best Practical Solutions, LLC.)
	37	#
	38	# By intentionally submitting any modifications, corrections or
	39	# derivatives to this work, or any other work intended for use with
	40	# Request Tracker, to Best Practical Solutions, LLC, you confirm that
	41	# you are the copyright holder for those contributions and you grant
	42	# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
	43	# royalty-free, perpetual, license to use, copy, create derivative
	44	# works based on those contributions, and sublicense and distribute
	45	# those contributions and any derivatives thereof.
	46	#
	47	# END BPS TAGGED BLOCK }}}
	48
	49	# Modified to lookup email-addresses using RT::Auth::ExternalAuth.
	50	# Local modification for UiO.
	51	# - mikalkg 2012-07-24
	52
	53	package RT::Interface::Email::Auth::MailFrom;
	54
	55	use strict;
	56	use warnings;
	57
	58	use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser);
	59
	60	# This is what the ordinary, non-enhanced gateway does at the moment.
	61
	62	sub GetCurrentUser {
	63	my %args = ( Message => undef,
	64	CurrentUser => undef,
65	AuthLevel => undef,
66	Ticket => undef,
67	Queue => undef,
68	Action => undef,
69	@_ );
70
71
72	# We don't need to do any external lookups
73	my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head );
74	unless ( $Address ) {
75	$RT::Logger->error("Couldn't find sender's address");
76	return ( $args{'CurrentUser'}, -1 );
77	}
78
79	my $CurrentUser = RT::CurrentUser->new;
80	$CurrentUser->LoadByEmail( $Address );
81	$CurrentUser->LoadByName( $Address ) unless $CurrentUser->Id;
82
83	# Local mod for the LDAP lookup goes here:
84
85	unless ($CurrentUser->Id) {
86	my ( $found, %params );
87	while (not $found) {
88	my @auth_services = @$RT::ExternalAuthPriority;
89	for my $service (@auth_services) {
90	my $config = $RT::ExternalSettings->{$service};
91	my $lookup_attr = $config->{'lookup_attr_map'}->{'EmailAddress'};
92	next unless ($config->{'type'} eq 'ldap');
93	($found, %params) =
94	RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo ( $service, $lookup_attr, $Address );
95	$CurrentUser->LoadByName( %params->{'Name'} ) if $found;
96	}
97	}
98	}
99
100	if ( $CurrentUser->Id ) {
101	$RT::Logger->debug("Mail from user #". $CurrentUser->Id ." ($Address)" );
102	return ( $CurrentUser, 1 );
103	}
104
105	# If the user can't be loaded, we may need to create one. Figure out the acl situation.
106	my $unpriv = RT->UnprivilegedUsers();
107	unless ( $unpriv->Id ) {
108	$RT::Logger->crit("Couldn't find the 'Unprivileged' internal group");
109	return ( $args{'CurrentUser'}, -1 );
110	}
111
112	my $everyone = RT::Group->new( RT->SystemUser );
113	$everyone->LoadSystemInternalGroup('Everyone');
114	unless ( $everyone->Id ) {
115	$RT::Logger->crit("Couldn't find the 'Everyone' internal group");
116	return ( $args{'CurrentUser'}, -1 );
117	}
118
119	$RT::Logger->debug("Going to create user with address '$Address'" );
120
121	# but before we do that, we need to make sure that the created user would have the right
122	# to do what we're doing.
123	if ( $args{'Ticket'} && $args{'Ticket'}->Id ) {
124	my $qname = $args{'Queue'}->Name;
125	# We have a ticket. that means we're commenting or corresponding
126	if ( $args{'Action'} =~ /^comment$/i ) {
127
128	# check to see whether "Everyone" or "Unprivileged users" can comment on tickets
129	unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
130	Right => 'CommentOnTicket' )
131	\|\| $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
132	Right => 'CommentOnTicket' ) )
133	{
134	$RT::Logger->debug("Unprivileged users have no right to comment on ticket in queue '$qname'");
135	return ( $args{'CurrentUser'}, 0 );
136	}
137	}
138	elsif ( $args{'Action'} =~ /^correspond$/i ) {
139
140	# check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
141	unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
142	Right => 'ReplyToTicket' )
143	\|\| $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
144	Right => 'ReplyToTicket' ) )
145	{
146	$RT::Logger->debug("Unprivileged users have no right to reply to ticket in queue '$qname'");
147	return ( $args{'CurrentUser'}, 0 );
148	}
149	}
150	elsif ( $args{'Action'} =~ /^take$/i ) {
151
152	# check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
153	unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
154	Right => 'OwnTicket' )
155	\|\| $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
156	Right => 'OwnTicket' ) )
157	{
158	$RT::Logger->debug("Unprivileged users have no right to own ticket in queue '$qname'");
159	return ( $args{'CurrentUser'}, 0 );
160	}
161
162	}
163	elsif ( $args{'Action'} =~ /^resolve$/i ) {
164
165	# check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
166	unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
167	Right => 'ModifyTicket' )
168	\|\| $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
169	Right => 'ModifyTicket' ) )
170	{
171	$RT::Logger->debug("Unprivileged users have no right to resolve ticket in queue '$qname'");
172	return ( $args{'CurrentUser'}, 0 );
173	}
174
175	}
176	else {
177	$RT::Logger->warning("Action '". ($args{'Action'}\|\|'') ."' is unknown");
178	return ( $args{'CurrentUser'}, 0 );
179	}
180	}
181
182	# We're creating a ticket
183	elsif ( $args{'Queue'} && $args{'Queue'}->Id ) {
184	my $qname = $args{'Queue'}->Name;
185
186	# check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue
187	unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
188	Right => 'CreateTicket' )
189	\|\| $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
190	Right => 'CreateTicket' ) )
191	{
192	$RT::Logger->debug("Unprivileged users have no right to create ticket in queue '$qname'");
193	return ( $args{'CurrentUser'}, 0 );
194	}
195	}
196
197	$CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} );
198
199	return ( $CurrentUser, 1 );
200	}
201
202	RT::Base->_ImportOverlays();
203
204	1;