Upgrade to 4.0.8 with modification of ExternalAuth.
[usit-rt.git] / local / lib / RT / Interface / Email / Auth / MailFrom.pm
CommitLineData
08baa24e
MKG
1# BEGIN BPS TAGGED BLOCK {{{
2#
3# COPYRIGHT:
4#
5# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC
6# <sales@bestpractical.com>
7#
8# (Except where explicitly superseded by other copyright notices)
9#
10#
11# LICENSE:
12#
13# This work is made available to you under the terms of Version 2 of
14# the GNU General Public License. A copy of that license should have
15# been provided with this software, but in any event can be snarfed
16# from www.gnu.org.
17#
18# This work is distributed in the hope that it will be useful, but
19# WITHOUT ANY WARRANTY; without even the implied warranty of
20# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21# General Public License for more details.
22#
23# You should have received a copy of the GNU General Public License
24# along with this program; if not, write to the Free Software
25# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26# 02110-1301 or visit their web page on the internet at
27# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
28#
29#
30# CONTRIBUTION SUBMISSION POLICY:
31#
32# (The following paragraph is not intended to limit the rights granted
33# to you to modify and distribute this software under the terms of
34# the GNU General Public License and is only of importance to you if
35# you choose to contribute your changes and enhancements to the
36# community by submitting them to Best Practical Solutions, LLC.)
37#
38# By intentionally submitting any modifications, corrections or
39# derivatives to this work, or any other work intended for use with
40# Request Tracker, to Best Practical Solutions, LLC, you confirm that
41# you are the copyright holder for those contributions and you grant
42# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43# royalty-free, perpetual, license to use, copy, create derivative
44# works based on those contributions, and sublicense and distribute
45# those contributions and any derivatives thereof.
46#
47# END BPS TAGGED BLOCK }}}
48
49# Modified to lookup email-addresses using RT::Auth::ExternalAuth.
50# Local modification for UiO.
51# - mikalkg 2012-07-24
52
53package RT::Interface::Email::Auth::MailFrom;
54
55use strict;
56use warnings;
57
58use RT::Interface::Email qw(ParseSenderAddressFromHead CreateUser);
59
60# This is what the ordinary, non-enhanced gateway does at the moment.
61
62sub GetCurrentUser {
63 my %args = ( Message => undef,
64 CurrentUser => undef,
65 AuthLevel => undef,
66 Ticket => undef,
67 Queue => undef,
68 Action => undef,
69 @_ );
70
71
72 # We don't need to do any external lookups
73 my ( $Address, $Name ) = ParseSenderAddressFromHead( $args{'Message'}->head );
74 unless ( $Address ) {
75 $RT::Logger->error("Couldn't find sender's address");
76 return ( $args{'CurrentUser'}, -1 );
77 }
78
79 my $CurrentUser = RT::CurrentUser->new;
80 $CurrentUser->LoadByEmail( $Address );
81 $CurrentUser->LoadByName( $Address ) unless $CurrentUser->Id;
82
83 # Local mod for the LDAP lookup goes here:
84
85 unless ($CurrentUser->Id) {
86 my ( $found, %params );
86404187
MKG
87 while (not $found) {
88 my @auth_services = @$RT::ExternalAuthPriority;
89 for my $service (@auth_services) {
90 my $config = $RT::ExternalSettings->{$service};
91 my $lookup_attr = $config->{'lookup_attr_map'}->{'EmailAddress'};
92 next unless ($config->{'type'} eq 'ldap');
93 ($found, %params) =
94 RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo ( $service, $lookup_attr, $Address );
95 $CurrentUser->LoadByName( %params->{'Name'} ) if $found;
96 }
08baa24e
MKG
97 }
98 }
99
100 if ( $CurrentUser->Id ) {
101 $RT::Logger->debug("Mail from user #". $CurrentUser->Id ." ($Address)" );
102 return ( $CurrentUser, 1 );
103 }
104
105 # If the user can't be loaded, we may need to create one. Figure out the acl situation.
106 my $unpriv = RT->UnprivilegedUsers();
107 unless ( $unpriv->Id ) {
108 $RT::Logger->crit("Couldn't find the 'Unprivileged' internal group");
109 return ( $args{'CurrentUser'}, -1 );
110 }
111
112 my $everyone = RT::Group->new( RT->SystemUser );
113 $everyone->LoadSystemInternalGroup('Everyone');
114 unless ( $everyone->Id ) {
115 $RT::Logger->crit("Couldn't find the 'Everyone' internal group");
116 return ( $args{'CurrentUser'}, -1 );
117 }
118
119 $RT::Logger->debug("Going to create user with address '$Address'" );
120
121 # but before we do that, we need to make sure that the created user would have the right
122 # to do what we're doing.
123 if ( $args{'Ticket'} && $args{'Ticket'}->Id ) {
124 my $qname = $args{'Queue'}->Name;
125 # We have a ticket. that means we're commenting or corresponding
126 if ( $args{'Action'} =~ /^comment$/i ) {
127
128 # check to see whether "Everyone" or "Unprivileged users" can comment on tickets
129 unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
130 Right => 'CommentOnTicket' )
131 || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
132 Right => 'CommentOnTicket' ) )
133 {
134 $RT::Logger->debug("Unprivileged users have no right to comment on ticket in queue '$qname'");
135 return ( $args{'CurrentUser'}, 0 );
136 }
137 }
138 elsif ( $args{'Action'} =~ /^correspond$/i ) {
139
140 # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
141 unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
142 Right => 'ReplyToTicket' )
143 || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
144 Right => 'ReplyToTicket' ) )
145 {
146 $RT::Logger->debug("Unprivileged users have no right to reply to ticket in queue '$qname'");
147 return ( $args{'CurrentUser'}, 0 );
148 }
149 }
150 elsif ( $args{'Action'} =~ /^take$/i ) {
151
152 # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
153 unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
154 Right => 'OwnTicket' )
155 || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
156 Right => 'OwnTicket' ) )
157 {
158 $RT::Logger->debug("Unprivileged users have no right to own ticket in queue '$qname'");
159 return ( $args{'CurrentUser'}, 0 );
160 }
161
162 }
163 elsif ( $args{'Action'} =~ /^resolve$/i ) {
164
165 # check to see whether "Everybody" or "Unprivileged users" can correspond on tickets
166 unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
167 Right => 'ModifyTicket' )
168 || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
169 Right => 'ModifyTicket' ) )
170 {
171 $RT::Logger->debug("Unprivileged users have no right to resolve ticket in queue '$qname'");
172 return ( $args{'CurrentUser'}, 0 );
173 }
174
175 }
176 else {
177 $RT::Logger->warning("Action '". ($args{'Action'}||'') ."' is unknown");
178 return ( $args{'CurrentUser'}, 0 );
179 }
180 }
181
182 # We're creating a ticket
183 elsif ( $args{'Queue'} && $args{'Queue'}->Id ) {
184 my $qname = $args{'Queue'}->Name;
185
186 # check to see whether "Everybody" or "Unprivileged users" can create tickets in this queue
187 unless ( $everyone->PrincipalObj->HasRight( Object => $args{'Queue'},
188 Right => 'CreateTicket' )
189 || $unpriv->PrincipalObj->HasRight( Object => $args{'Queue'},
190 Right => 'CreateTicket' ) )
191 {
192 $RT::Logger->debug("Unprivileged users have no right to create ticket in queue '$qname'");
193 return ( $args{'CurrentUser'}, 0 );
194 }
195 }
196
197 $CurrentUser = CreateUser( undef, $Address, $Name, $Address, $args{'Message'} );
198
199 return ( $CurrentUser, 1 );
200}
201
202RT::Base->_ImportOverlays();
203
2041;