Skip Menu |

This queue is for tickets about the RT-Extension-CommandByMail CPAN distribution.

Report information
The Basics
Id: 27333
Status: open
Priority: 0/
Queue: RT-Extension-CommandByMail
People
Owner: Nobody in particular
Requestors: ROSCH [...] cpan.org
Cc: jason [...] long.name
AdminCc:
Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue May 29 13:53:45 2007 ROSCH [...] cpan.org - Ticket created
Subject: don't try to process commands from unpriviliged users?
Sometimes somebody emails the ticket system and the start of their message happens to look like a command to be processed, eg: Guys: My computer is on fire! RT::Interface::Email::Filter::TakeAction sees this, tries to process it, fails, and sends an error back to the user, who becomes confused. I don't know what the best fix for this is, but my current thought is that it shouldn't try to process commands from unpriviliged users. If you have any other opinions I'd love to hear them. Otherwise I'll likely try to come up with a patch for this, if I do I'll let you know.
  Tue May 29 14:04:35 2007 ROSCH [...] cpan.org - Subject changed from 'don't try to process commands from unpriviliged users?' to 'don't try to process commands from unprivileged users?'
  Mon Jun 11 15:00:14 2007 ROSCH [...] cpan.org - Correspondence added
From: ROSCH [...] cpan.org
Here's what I came up with.
diff -ur RT-Extension-CommandByMail-0.05/lib/RT/Interface/Email/Filter/TakeAction.pm RT-Extension-CommandByMail/lib/RT/Interface/Email/Filter/TakeAction.pm --- RT-Extension-CommandByMail-0.05/lib/RT/Interface/Email/Filter/TakeAction.pm 2006-09-03 20:07:39.000000000 -0400 +++ RT-Extension-CommandByMail/lib/RT/Interface/Email/Filter/TakeAction.pm 2007-06-08 17:27:09.000000000 -0400 @@ -157,6 +157,14 @@ return ( $args{'CurrentUser'}, $args{'AuthLevel'} ); } + # Non-privileged users can't use this extension. The main benefit + # here is they won't accidentally try to ("Guys: My computer is on + # fire!") and get errors. + unless ( $args{'CurrentUser'}->Privileged ) { + $RT::Logger->debug("Filter::TakeAction ignoring non-privileged user"); + return ( $args{'CurrentUser'}, $args{'AuthLevel'} ); + } + # If the user isn't asking for a comment or a correspond, # bail out unless ( $args{'Action'} =~ /^(?:comment|correspond)$/i ) {
  Thu Jun 05 20:30:29 2008 RUZ [...] cpan.org - Severity Normal added
  Thu Jun 12 12:13:50 2008 jason [...] long.name - Cc JASLONG added
  Mon Jun 14 14:25:22 2010 stefan [...] cae.wisc.edu - Correspondence added
From: stefan [...] cae.wisc.edu
Here's another version that adds in a toggle. The variable $CommandByMailOnlyPrivileged can be set to 1 in RT_SiteConfig.pm Otherwise there are no changes. -stefan On Mon Jun 11 15:00:14 2007, ROSCH wrote: Show quoted text
> Here's what I came up with.
Subject: CommandsToPrivileged.diff
--- TakeAction.pm.orig 2010-06-14 13:20:54.000010000 -0500 +++ TakeAction.pm 2010-06-14 13:21:12.000401000 -0500 @@ -158,6 +158,17 @@ return ( $args{'CurrentUser'}, $args{'AuthLevel'} ); } + # If we have $RT::CommandByMailOnlyPrivileged set, then + # Non-privileged users can't use this extension. The main benefit + # here is they won't accidentally try to ("Guys: My computer is on + # fire!") and get errors. + if ($RT::CommandByMailOnlyPrivileged) { + unless ( $args{'CurrentUser'}->Privileged ) { + $RT::Logger->debug("Filter::TakeAction ignoring non-privileged user"); + return ( $args{'CurrentUser'}, $args{'AuthLevel'} ); + } + } + # If the user isn't asking for a comment or a correspond, # bail out unless ( $args{'Action'} =~ /^(?:comment|correspond)$/i ) {
  Mon Jun 14 14:25:24 2010 The RT System itself - Status changed from 'new' to 'open'