diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-08-21 10:14:45 -0700 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-08-21 10:14:45 -0700 |
| commit | 69708dab9f6e1c265dd2bf80eafc39bf68c356e0 (patch) | |
| tree | 08ebea572ea31c46d77fdc7c24f729325279a25f | |
| parent | 35224d5e7f3e0c978640b7a6dd64e9778c4d1c60 (diff) | |
| download | gitlab-ce-reply-by-email.tar.gz | |
Block blocked users from replying to threads by email.reply-by-email
| -rw-r--r-- | app/workers/email_receiver_worker.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/email/receiver.rb | 3 | ||||
| -rw-r--r-- | spec/lib/gitlab/email/receiver_spec.rb | 10 |
3 files changed, 15 insertions, 0 deletions
diff --git a/app/workers/email_receiver_worker.rb b/app/workers/email_receiver_worker.rb index 8f6c27ce4af..a588a1f45ee 100644 --- a/app/workers/email_receiver_worker.rb +++ b/app/workers/email_receiver_worker.rb @@ -31,6 +31,8 @@ class EmailReceiverWorker reason = "The email was marked as 'auto generated', which we can't accept. Please create your comment through the web interface." when Gitlab::Email::Receiver::UserNotFoundError reason = "We couldn't figure out what user corresponds to the email. Please create your comment through the web interface." + when Gitlab::Email::Receiver::UserBlockedError + reason = "Your account has been blocked. If you believe this is in error, contact a staff member." when Gitlab::Email::Receiver::UserNotAuthorizedError reason = "You are not allowed to respond to the thread you are replying to. If you believe this is in error, contact a staff member." when Gitlab::Email::Receiver::NoteableNotFoundError diff --git a/lib/gitlab/email/receiver.rb b/lib/gitlab/email/receiver.rb index 17b8339edcd..355fbd27898 100644 --- a/lib/gitlab/email/receiver.rb +++ b/lib/gitlab/email/receiver.rb @@ -8,6 +8,7 @@ module Gitlab class EmptyEmailError < ProcessingError; end class AutoGeneratedEmailError < ProcessingError; end class UserNotFoundError < ProcessingError; end + class UserBlockedError < ProcessingError; end class UserNotAuthorizedError < ProcessingError; end class NoteableNotFoundError < ProcessingError; end class InvalidNoteError < ProcessingError; end @@ -27,6 +28,8 @@ module Gitlab raise UserNotFoundError unless author + raise UserBlockedError if author.blocked? + project = sent_notification.project raise UserNotAuthorizedError unless project && author.can?(:create_note, project) diff --git a/spec/lib/gitlab/email/receiver_spec.rb b/spec/lib/gitlab/email/receiver_spec.rb index af44c1242ed..1cc80f35f98 100644 --- a/spec/lib/gitlab/email/receiver_spec.rb +++ b/spec/lib/gitlab/email/receiver_spec.rb @@ -58,6 +58,16 @@ describe Gitlab::Email::Receiver do end end + context "when the user has been blocked" do + before do + user.block + end + + it "raises a UserBlockedError" do + expect { receiver.execute }.to raise_error(Gitlab::Email::Receiver::UserBlockedError) + end + end + context "when the user is not authorized to create a note" do before do project.update_attribute(:visibility_level, Project::PRIVATE) |