FIX: ensure email in address insn't used it both Groups & Categories

This commit is contained in:
Régis Hanol 2016-03-08 20:52:04 +01:00
parent cf140aaaec
commit 031146a821
4 changed files with 25 additions and 17 deletions

View File

@ -102,19 +102,16 @@ class CategoriesController < ApplicationController
json_result(@category, serializer: CategorySerializer) do |cat| json_result(@category, serializer: CategorySerializer) do |cat|
cat.move_to(category_params[:position].to_i) if category_params[:position] cat.move_to(category_params[:position].to_i) if category_params[:position]
category_params.delete(:position)
if category_params.key? :email_in and category_params[:email_in].length == 0 # properly null the value so the database constraint doesn't catch us
# properly null the value so the database constrain doesn't catch us if category_params.has_key?(:email_in) && category_params[:email_in].blank?
category_params[:email_in] = nil category_params[:email_in] = nil
elsif category_params.key? :email_in and existing_category = Category.find_by(email_in: category_params[:email_in]) and existing_category.id != @category.id
# check if email_in address is already in use for other category
return render_json_error I18n.t('category.errors.email_in_already_exist', {email_in: category_params[:email_in], category_name: existing_category.name})
end end
category_params.delete(:position) old_permissions = cat.permissions_params
old_permissions = Category.find(@category.id).permissions_params
if result = cat.update_attributes(category_params) if result = cat.update(category_params)
Scheduler::Defer.later "Log staff action change category settings" do Scheduler::Defer.later "Log staff action change category settings" do
@staff_action_logger.log_category_settings_change(@category, category_params, old_permissions) @staff_action_logger.log_category_settings_change(@category, category_params, old_permissions)
end end

View File

@ -316,8 +316,12 @@ SQL
def email_in_validator def email_in_validator
return if self.email_in.blank? return if self.email_in.blank?
email_in.split("|").each do |email| email_in.split("|").each do |email|
unless Email.is_valid?(email) if !Email.is_valid?(email)
self.errors.add(:base, I18n.t('category.errors.invalid_email_in', email_in: email)) self.errors.add(:base, I18n.t('category.errors.invalid_email_in', email: email))
elsif group = Group.find_by_email(email)
self.errors.add(:base, I18n.t('category.errors.email_already_used_in_group', email: email, group_name: group.name))
elsif category = Category.where.not(id: self.id).find_by_email(email)
self.errors.add(:base, I18n.t('category.errors.email_already_used_in_category', email: email, category_name: category.name))
end end
end end
end end
@ -391,7 +395,7 @@ SQL
end end
def self.find_by_email(email) def self.find_by_email(email)
self.where("email_in LIKE ?", "%#{Email.downcase(email)}%").first self.where("string_to_array(email_in, '|') @> ARRAY[?]", Email.downcase(email)).first
end end
def has_children? def has_children?

View File

@ -82,8 +82,12 @@ class Group < ActiveRecord::Base
def incoming_email_validator def incoming_email_validator
return if self.automatic || self.incoming_email.blank? return if self.automatic || self.incoming_email.blank?
incoming_email.split("|").each do |email| incoming_email.split("|").each do |email|
unless Email.is_valid?(email) if !Email.is_valid?(email)
self.errors.add(:base, I18n.t('groups.errors.invalid_incoming_email', incoming_email: email)) self.errors.add(:base, I18n.t('groups.errors.invalid_incoming_email', email: email))
elsif group = Group.where.not(id: self.id).find_by_email(email)
self.errors.add(:base, I18n.t('groups.errors.email_already_used_in_group', email: email, group_name: group.name))
elsif category = Category.find_by_email(email)
self.errors.add(:base, I18n.t('groups.errors.email_already_used_in_category', email: email, category_name: category.name))
end end
end end
end end
@ -334,7 +338,7 @@ class Group < ActiveRecord::Base
end end
def self.find_by_email(email) def self.find_by_email(email)
self.where("incoming_email LIKE ?", "%#{Email.downcase(email)}%").first self.where("string_to_array(incoming_email, '|') @> ARRAY[?]", Email.downcase(email)).first
end end
def bulk_add(user_ids) def bulk_add(user_ids)

View File

@ -215,7 +215,9 @@ en:
can_not_modify_automatic: "You can not modify an automatic group" can_not_modify_automatic: "You can not modify an automatic group"
member_already_exist: "'%{username}' is already a member of this group." member_already_exist: "'%{username}' is already a member of this group."
invalid_domain: "'%{domain}' is not a valid domain." invalid_domain: "'%{domain}' is not a valid domain."
invalid_incoming_email: "'%{incoming_email}' is not a valid email address." invalid_incoming_email: "'%{email}' is not a valid email address."
email_already_used_in_group: "'%{email}' is already used by the group '%{group_name}'."
email_already_used_in_category: "'%{email}' is already used by the category '%{category_name}'."
default_names: default_names:
everyone: "everyone" everyone: "everyone"
admins: "admins" admins: "admins"
@ -374,8 +376,9 @@ en:
uncategorized_parent: "Uncategorized can't have a parent category" uncategorized_parent: "Uncategorized can't have a parent category"
self_parent: "A subcategory's parent cannot be itself" self_parent: "A subcategory's parent cannot be itself"
depth: "You can't nest a subcategory under another" depth: "You can't nest a subcategory under another"
email_in_already_exist: "Incoming email address '%{email_in}' is already in use for '%{category_name}' category." invalid_email_in: "'%{email}' is not a valid email address."
invalid_email_in: "'%{email_in}' is not a valid email address." email_already_used_in_group: "'%{email}' is already used by the group '%{group_name}'."
email_already_used_in_category: "'%{email}' is already used by the category '%{category_name}'."
cannot_delete: cannot_delete:
uncategorized: "Can't delete Uncategorized" uncategorized: "Can't delete Uncategorized"
has_subcategories: "Can't delete this category because it has sub-categories." has_subcategories: "Can't delete this category because it has sub-categories."