fixed the mailgw so that anonymous users may still access it

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1271 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/CHANGES.txt b/CHANGES.txt
index 95d61b7e3497927ba0c4293f16179ec02e0cba7f..b83149ea0c75c171a2854ce6483acbea360d10ad 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -43,6 +43,7 @@ are given with the most recent entry first.
 - merge Zope Collector #580 fix from ZPT CVS trunk
 - added "crypt" password encoding and ability to set password with
   already encrypted password through roundup-admin
+- fixed the mailgw so that anonymous users may still access it
 
 
 2002-09-13 0.5.0 beta2

diff --git a/doc/customizing.txt b/doc/customizing.txt
index ce2782e3ce05406658c191fd5bb37812a74ab8ff..bb85c1c8417c2c965ccdb7d47796c0a7f359c5b4 100644 (file)
--- a/doc/customizing.txt
+++ b/doc/customizing.txt
@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.47 $
+:Version: $Revision: 1.48 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -1483,6 +1483,27 @@ When adding a new Permission, you will need to:
 4. add it to the appropriate xxxPermission methods on in your tracker
    interfaces module
 
+Example Scenarios
+-----------------
+
+**automatic registration of users in the e-mail gateway**
+ By giving the "anonymous" user the "Email Registration" Role, any
+ unidentified user will automatically be registered with the tracker (with
+ no password, so they won't be able to log in through the web until an admin
+ sets them a password). Note: this is the default behaviour in the tracker
+ templates that ship with Roundup.
+
+**anonymous access through the e-mail gateway**
+ Give the "anonymous" user the "Email Access" and ("Edit", "issue") Roles
+ but not giving them the "Email Registration" Role. This means that when an
+ unknown user sends email into the tracker, they're automatically logged in
+ as "anonymous". Since they don't have the "Email Registration" Role, they
+ won't be automatically registered, but since "anonymous" has permission
+ to use the gateway, they'll still be able to submit issues. Note that the
+ Sender information - their email address - will not be available - they're
+ *anonymous*.
+
+XXX more examples needed
 
 
 Examples

diff --git a/roundup/mailgw.py b/roundup/mailgw.py
index 726cee0929918a0e442b22c3b97ead985b2436b4..4cabc099c05c706f8c017eaa7568b3823e86c366 100644 (file)
--- a/roundup/mailgw.py
+++ b/roundup/mailgw.py
@@ -73,7 +73,7 @@ are calling the create() method to create a new node). If an auditor raises
 an exception, the original message is bounced back to the sender with the
 explanatory message given in the exception. 
 
-$Id: mailgw.py,v 1.92 2002-09-26 03:03:18 richard Exp $
+$Id: mailgw.py,v 1.93 2002-09-26 22:15:54 richard Exp $
 '''
 
 import string, re, os, mimetools, cStringIO, smtplib, socket, binascii, quopri
@@ -483,17 +483,24 @@ Subject was: "%s"
         author = uidFromAddress(self.db, message.getaddrlist('from')[0],
             create=create)
 
-        # no author? means we're not author
+        # if we're not recognised, and we don't get added as a user, then we
+        # must be anonymous
         if not author:
-            raise Unauthorized, '''
+            author = anonid
+
+        # make sure the author has permission to use the email interface
+        if not self.db.security.hasPermission('Email Access', author):
+            if author == anonid:
+                # we're anonymous and we need to be a registered user
+                raise Unauthorized, '''
 You are not a registered user.
 
 Unknown address: %s
 '''%message.getaddrlist('from')[0][1]
-
-        # make sure the author has permission to use the email interface
-        if not self.db.security.hasPermission('Email Access', author):
-            raise Unauthorized, 'You are not permitted to access this tracker.'
+            else:
+                # we're registered and we're _still_ not allowed access
+                raise Unauthorized, 'You are not permitted to access '\
+                    'this tracker.'
 
         # make sure they're allowed to edit this class of information
         if not self.db.security.hasPermission('Edit', author, classname):