diff --git a/app/jobs/scheduled/poll_mailbox.rb b/app/jobs/scheduled/poll_mailbox.rb index 6f43a6f34a9..608559dff6e 100644 --- a/app/jobs/scheduled/poll_mailbox.rb +++ b/app/jobs/scheduled/poll_mailbox.rb @@ -51,6 +51,8 @@ module Jobs message_template = :email_reject_topic_closed when Email::Receiver::AutoGeneratedEmailError message_template = :email_reject_auto_generated + when Discourse::InvalidAccess + message_template = :email_reject_invalid_access when ActiveRecord::Rollback message_template = :email_reject_post_error when Email::Receiver::InvalidPost diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index 30b1c8dd813..ee0ec4e0e5b 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -1632,6 +1632,13 @@ en: We couldn't find your reply in the provided email. **Make sure your reply is at the top of the email** -- we can't process inline replies. + email_reject_invalid_access: + subject_template: "[%{site_name}] Email issue -- Invalid Access" + text_body_template: | + We're sorry, but your email message to %{destination} (titled %{former_title}) didn't work. + + Your account does not have the privileges to post new topics in that category. If you believe this is in error, contact a staff member. + email_reject_post_error: subject_template: "[%{site_name}] Email issue -- Posting error" text_body_template: | diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb index dedb2a86355..ec0d69e0bae 100644 --- a/spec/components/email/receiver_spec.rb +++ b/spec/components/email/receiver_spec.rb @@ -562,6 +562,25 @@ greatest show ever created. Everyone should watch it. expect(e.message).to include("too short") end + + it "blocks user in restricted group from creating topic" do + to = "some@email.com" + + restricted_user = Fabricate(:user, trust_level: 4) + restricted_group = Fabricate(:group) + restricted_group.add(restricted_user) + restricted_group.save + + category = Fabricate(:category, email_in_allow_strangers: false, email_in: to) + category.set_permissions(restricted_group => :readonly) + category.save + + expect{ + process_email(from: restricted_user.email, to: to) + }.to raise_error(Discourse::InvalidAccess) + end + + end diff --git a/spec/jobs/poll_mailbox_spec.rb b/spec/jobs/poll_mailbox_spec.rb index 6c1423a8d8f..fc009bfb216 100644 --- a/spec/jobs/poll_mailbox_spec.rb +++ b/spec/jobs/poll_mailbox_spec.rb @@ -152,6 +152,23 @@ describe Jobs::PollMailbox do end end end + + describe "user in restricted group" do + + it "raises InvalidAccess error" do + restricted_group = Fabricate(:group) + restricted_group.add(user) + restricted_group.save + + category.set_permissions(restricted_group => :readonly) + category.save + + expect_exception Discourse::InvalidAccess + + poller.handle_mail(email) + expect(email).to be_deleted + end + end end describe "a valid reply" do