FIX: ensure email in address insn't used it both Groups & Categories

2024-11-29 20:24:05 -06:00 · 2016-03-08 20:52:04 +01:00 · 2016-03-08 20:52:04 +01:00 · 031146a821
commit 031146a821
parent cf140aaaec
4 changed files with 25 additions and 17 deletions
--- a/app/controllers/categories_controller.rb
+++ b/app/controllers/categories_controller.rb
@ -102,19 +102,16 @@ class CategoriesController < ApplicationController
    json_result(@category, serializer: CategorySerializer) do |cat|

      cat.move_to(category_params[:position].to_i) if category_params[:position]
+      category_params.delete(:position)

-      if category_params.key? :email_in and category_params[:email_in].length == 0
-        # properly null the value so the database constrain doesn't catch us
+      # properly null the value so the database constraint doesn't catch us
+      if category_params.has_key?(:email_in) && category_params[:email_in].blank?
        category_params[:email_in] = nil
-      elsif category_params.key? :email_in and existing_category = Category.find_by(email_in: category_params[:email_in]) and existing_category.id != @category.id
-        # check if email_in address is already in use for other category
-        return render_json_error I18n.t('category.errors.email_in_already_exist', {email_in: category_params[:email_in], category_name: existing_category.name})
      end

-      category_params.delete(:position)
-      old_permissions = Category.find(@category.id).permissions_params
+      old_permissions = cat.permissions_params

-      if result = cat.update_attributes(category_params)
+      if result = cat.update(category_params)
        Scheduler::Defer.later "Log staff action change category settings" do
          @staff_action_logger.log_category_settings_change(@category, category_params, old_permissions)
        end
--- a/app/models/category.rb
+++ b/app/models/category.rb
@ -316,8 +316,12 @@ SQL
  def email_in_validator
    return if self.email_in.blank?
    email_in.split("|").each do |email|
-      unless Email.is_valid?(email)
-        self.errors.add(:base, I18n.t('category.errors.invalid_email_in', email_in: email))
+      if !Email.is_valid?(email)
+        self.errors.add(:base, I18n.t('category.errors.invalid_email_in', email: email))
+      elsif group = Group.find_by_email(email)
+        self.errors.add(:base, I18n.t('category.errors.email_already_used_in_group', email: email, group_name: group.name))
+      elsif category = Category.where.not(id: self.id).find_by_email(email)
+        self.errors.add(:base, I18n.t('category.errors.email_already_used_in_category', email: email, category_name: category.name))
      end
    end
  end
@ -391,7 +395,7 @@ SQL
  end

  def self.find_by_email(email)
-    self.where("email_in LIKE ?", "%#{Email.downcase(email)}%").first
+    self.where("string_to_array(email_in, '|') @> ARRAY[?]", Email.downcase(email)).first
  end

  def has_children?
--- a/app/models/group.rb
+++ b/app/models/group.rb
@ -82,8 +82,12 @@ class Group < ActiveRecord::Base
  def incoming_email_validator
    return if self.automatic || self.incoming_email.blank?
    incoming_email.split("|").each do |email|
-      unless Email.is_valid?(email)
-        self.errors.add(:base, I18n.t('groups.errors.invalid_incoming_email', incoming_email: email))
+      if !Email.is_valid?(email)
+        self.errors.add(:base, I18n.t('groups.errors.invalid_incoming_email', email: email))
+      elsif group = Group.where.not(id: self.id).find_by_email(email)
+        self.errors.add(:base, I18n.t('groups.errors.email_already_used_in_group', email: email, group_name: group.name))
+      elsif category = Category.find_by_email(email)
+        self.errors.add(:base, I18n.t('groups.errors.email_already_used_in_category', email: email, category_name: category.name))
      end
    end
  end
@ -334,7 +338,7 @@ class Group < ActiveRecord::Base
  end

  def self.find_by_email(email)
-    self.where("incoming_email LIKE ?", "%#{Email.downcase(email)}%").first
+    self.where("string_to_array(incoming_email, '|') @> ARRAY[?]", Email.downcase(email)).first
  end

  def bulk_add(user_ids)
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@ -215,7 +215,9 @@ en:
      can_not_modify_automatic: "You can not modify an automatic group"
      member_already_exist: "'%{username}' is already a member of this group."
      invalid_domain: "'%{domain}' is not a valid domain."
-      invalid_incoming_email: "'%{incoming_email}' is not a valid email address."
+      invalid_incoming_email: "'%{email}' is not a valid email address."
+      email_already_used_in_group: "'%{email}' is already used by the group '%{group_name}'."
+      email_already_used_in_category: "'%{email}' is already used by the category '%{category_name}'."
    default_names:
      everyone: "everyone"
      admins: "admins"
@ -374,8 +376,9 @@ en:
      uncategorized_parent: "Uncategorized can't have a parent category"
      self_parent: "A subcategory's parent cannot be itself"
      depth: "You can't nest a subcategory under another"
-      email_in_already_exist: "Incoming email address '%{email_in}' is already in use for '%{category_name}' category."
-      invalid_email_in: "'%{email_in}' is not a valid email address."
+      invalid_email_in: "'%{email}' is not a valid email address."
+      email_already_used_in_group: "'%{email}' is already used by the group '%{group_name}'."
+      email_already_used_in_category: "'%{email}' is already used by the category '%{category_name}'."
    cannot_delete:
      uncategorized: "Can't delete Uncategorized"
      has_subcategories: "Can't delete this category because it has sub-categories."