mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 01:16:38 -06:00
FIX: better error message when user without permissions replies via email
This commit is contained in:
parent
70b73c2159
commit
87d3b86484
@ -2867,6 +2867,14 @@ en:
|
||||
|
||||
If you believe this is an error, [contact a staff member](%{base_url}/about).
|
||||
|
||||
email_reject_reply_not_allowed:
|
||||
title: "Email Reject Reply Not Allowed"
|
||||
subject_template: "[%{email_prefix}] Email issue -- Reply Not Allowed"
|
||||
text_body_template: |
|
||||
We're sorry, but your email message to %{destination} (titled %{former_title}) didn't work.
|
||||
|
||||
You don't have permissions to reply to the topic. If you believe this is an error, [contact a staff member](%{base_url}/about).
|
||||
|
||||
email_error_notification:
|
||||
title: "Email Error Notification"
|
||||
subject_template: "[%{email_prefix}] Email issue -- POP authentication error"
|
||||
|
@ -65,6 +65,7 @@ module Email
|
||||
when Email::Receiver::InvalidPostAction then :email_reject_invalid_post_action
|
||||
when Discourse::InvalidAccess then :email_reject_invalid_access
|
||||
when Email::Receiver::OldDestinationError then :email_reject_old_destination
|
||||
when Email::Receiver::ReplyNotAllowedError then :email_reject_reply_not_allowed
|
||||
else :email_reject_unrecognized_error
|
||||
end
|
||||
|
||||
|
@ -27,6 +27,7 @@ module Email
|
||||
class SilencedUserError < ProcessingError; end
|
||||
class BadDestinationAddress < ProcessingError; end
|
||||
class StrangersNotAllowedError < ProcessingError; end
|
||||
class ReplyNotAllowedError < ProcessingError; end
|
||||
class InsufficientTrustLevelError < ProcessingError; end
|
||||
class ReplyUserNotMatchingError < ProcessingError; end
|
||||
class TopicNotFoundError < ProcessingError; end
|
||||
@ -694,13 +695,13 @@ module Email
|
||||
raise BadDestinationAddress if user.blank?
|
||||
|
||||
post_reply_key = destination[:obj]
|
||||
post = Post.with_deleted.find(post_reply_key.post_id)
|
||||
raise ReplyNotAllowedError if !Guardian.new(user).can_create_post?(post&.topic)
|
||||
|
||||
if post_reply_key.user_id != user.id && !forwarded_reply_key?(post_reply_key, user)
|
||||
raise ReplyUserNotMatchingError, "post_reply_key.user_id => #{post_reply_key.user_id.inspect}, user.id => #{user.id.inspect}"
|
||||
end
|
||||
|
||||
post = Post.with_deleted.find(post_reply_key.post_id)
|
||||
|
||||
create_reply(user: user,
|
||||
raw: body,
|
||||
elided: elided,
|
||||
|
@ -298,6 +298,13 @@ describe Email::Receiver do
|
||||
expect(post.user).to eq(user)
|
||||
end
|
||||
|
||||
it "raises a ReplyNotAllowedError when user without permissions is replying" do
|
||||
Fabricate(:user, email: "bob@bar.com")
|
||||
category.set_permissions(admins: :full)
|
||||
category.save
|
||||
expect { process(:reply_user_not_matching_but_known) }.to raise_error(Email::Receiver::ReplyNotAllowedError)
|
||||
end
|
||||
|
||||
it "raises a TopicNotFoundError when the topic was deleted" do
|
||||
topic.update_columns(deleted_at: 1.day.ago)
|
||||
expect { process(:reply_user_matching) }.to raise_error(Email::Receiver::TopicNotFoundError)
|
||||
|
Loading…
Reference in New Issue
Block a user