From 91b37bb6048693af87da5b0ae1a193c160e8e15a Mon Sep 17 00:00:00 2001 From: richard Date: Thu, 26 Sep 2002 22:15:54 +0000 Subject: [PATCH] fixed the mailgw so that anonymous users may still access it git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1271 57a73879-2fb5-44c3-a270-3262357dd7e2 --- CHANGES.txt | 1 + doc/customizing.txt | 23 ++++++++++++++++++++++- roundup/mailgw.py | 21 ++++++++++++++------- 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 95d61b7..b83149e 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -43,6 +43,7 @@ are given with the most recent entry first. - merge Zope Collector #580 fix from ZPT CVS trunk - added "crypt" password encoding and ability to set password with already encrypted password through roundup-admin +- fixed the mailgw so that anonymous users may still access it 2002-09-13 0.5.0 beta2 diff --git a/doc/customizing.txt b/doc/customizing.txt index ce2782e..bb85c1c 100644 --- a/doc/customizing.txt +++ b/doc/customizing.txt @@ -2,7 +2,7 @@ Customising Roundup =================== -:Version: $Revision: 1.47 $ +:Version: $Revision: 1.48 $ .. This document borrows from the ZopeBook section on ZPT. The original is at: http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx @@ -1483,6 +1483,27 @@ When adding a new Permission, you will need to: 4. add it to the appropriate xxxPermission methods on in your tracker interfaces module +Example Scenarios +----------------- + +**automatic registration of users in the e-mail gateway** + By giving the "anonymous" user the "Email Registration" Role, any + unidentified user will automatically be registered with the tracker (with + no password, so they won't be able to log in through the web until an admin + sets them a password). Note: this is the default behaviour in the tracker + templates that ship with Roundup. + +**anonymous access through the e-mail gateway** + Give the "anonymous" user the "Email Access" and ("Edit", "issue") Roles + but not giving them the "Email Registration" Role. This means that when an + unknown user sends email into the tracker, they're automatically logged in + as "anonymous". Since they don't have the "Email Registration" Role, they + won't be automatically registered, but since "anonymous" has permission + to use the gateway, they'll still be able to submit issues. Note that the + Sender information - their email address - will not be available - they're + *anonymous*. + +XXX more examples needed Examples diff --git a/roundup/mailgw.py b/roundup/mailgw.py index 726cee0..4cabc09 100644 --- a/roundup/mailgw.py +++ b/roundup/mailgw.py @@ -73,7 +73,7 @@ are calling the create() method to create a new node). If an auditor raises an exception, the original message is bounced back to the sender with the explanatory message given in the exception. -$Id: mailgw.py,v 1.92 2002-09-26 03:03:18 richard Exp $ +$Id: mailgw.py,v 1.93 2002-09-26 22:15:54 richard Exp $ ''' import string, re, os, mimetools, cStringIO, smtplib, socket, binascii, quopri @@ -483,17 +483,24 @@ Subject was: "%s" author = uidFromAddress(self.db, message.getaddrlist('from')[0], create=create) - # no author? means we're not author + # if we're not recognised, and we don't get added as a user, then we + # must be anonymous if not author: - raise Unauthorized, ''' + author = anonid + + # make sure the author has permission to use the email interface + if not self.db.security.hasPermission('Email Access', author): + if author == anonid: + # we're anonymous and we need to be a registered user + raise Unauthorized, ''' You are not a registered user. Unknown address: %s '''%message.getaddrlist('from')[0][1] - - # make sure the author has permission to use the email interface - if not self.db.security.hasPermission('Email Access', author): - raise Unauthorized, 'You are not permitted to access this tracker.' + else: + # we're registered and we're _still_ not allowed access + raise Unauthorized, 'You are not permitted to access '\ + 'this tracker.' # make sure they're allowed to edit this class of information if not self.db.security.hasPermission('Edit', author, classname): -- 2.30.2