do not allow users to manually specify their notification email address, construct it from their username and the "EmailDomain" option

2007-04-30 16:00:31 -04:00 · 2007-04-30 16:00:31 -04:00 · 9ed2f9f5e7
commit 9ed2f9f5e7
parent 6566f35deb
5 changed files with 20 additions and 25 deletions
--- a/hub/httpd.conf
+++ b/hub/httpd.conf
@ -29,6 +29,9 @@ Alias /kojihub "/usr/share/koji-hub/XMLRPC"

        PythonOption LoginCreatesUser On
        PythonOption KojiWebURL http://kojiweb.example.com/koji
+        # The domain name that will be appended to Koji usernames
+        # when creating email notifications
+        PythonOption EmailDomain example.org
        # PythonOption KojiDebug On
        # PythonOption KojiTraceback "extended"
        # sending tracebacks to the client isn't very helpful for debugging xmlrpc
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@ -5307,7 +5307,7 @@ class RootExports(object):
        """ % ', '.join(fields)
        return _singleRow(query, locals(), fields)

-    def updateNotification(self, id, package_id, tag_id, success_only, email):
+    def updateNotification(self, id, package_id, tag_id, success_only):
        """Update an existing build notification with new data.  If the notification
        with the given ID doesn't exist, or the currently logged-in user is not the
        owner or the notification or an admin, raise a GenericError."""
@ -5326,22 +5326,28 @@ class RootExports(object):
        update = """UPDATE build_notifications
        SET package_id = %(package_id)s,
        tag_id = %(tag_id)s,
-        success_only = %(success_only)s,
-        email = %(email)s
+        success_only = %(success_only)s
        WHERE id = %(id)i
        """

        _dml(update, locals())

-    def createNotification(self, user_id, package_id, tag_id, success_only, email):
+    def createNotification(self, user_id, package_id, tag_id, success_only):
        """Create a new notification.  If the user_id does not match the currently logged-in user
        and the currently logged-in user is not an admin, raise a GenericError."""
        currentUser = self.getLoggedInUser()
        if not currentUser:
            raise koji.GenericError, 'not logged in'
-        if not (user_id == currentUser['id'] or self.hasPerm('admin')):
-            raise koji.GenericError, 'user %i cannot create notifications for user %i' % \
-                  (currentUser['id'], user_id)
+
+        notificationUser = self.getUser(user_id)
+        if not notificationUser:
+            raise koji.GenericError, 'invalid user ID: %s' % user_id
+        
+        if not (notificationUser['id'] == currentUser['id'] or self.hasPerm('admin')):
+            raise koji.GenericError, 'user %s cannot create notifications for user %s' % \
+                  (currentUser['name'], notificationUser['name'])
+        
+        email = '%s@%s' % (notificationUser['name'], context.opts['EmailDomain'])
        insert = """INSERT INTO build_notifications
        (user_id, package_id, tag_id, success_only, email)
        VALUES
--- a/www/kojiweb/index.chtml
+++ b/www/kojiweb/index.chtml
@ -154,13 +154,12 @@
  <div class="dataHeader" id="notificationlist">Your Notifications</div>
  <table class="data-list">
    <tr>
-      <td colspan="6"></td>
+      <td colspan="5"></td>
    </tr>
    <tr class="list-header">
      <th>Package</th>
      <th>Tag</th>
      <th>Type</th>
-      <th>Email</th>
      <th></th>
      <th></th>
    </tr>
@ -169,14 +168,13 @@
      <td>#if $notif.package then $notif.package.name else 'all'#</td>
      <td>#if $notif.tag then $notif.tag.name else 'all'#</td>
      <td>#if $notif.success_only then 'success only' else 'all'#</td>
-      <td>$notif.email</td>
      <td><a href="notificationedit?notificationID=$notif.id">edit</a></td>
      <td><a href="notificationdelete?notificationID=$notif.id">delete</a></td>
    </tr>
    #end for
    #if $len($notifs) == 0
    <tr class="row-odd">
-      <td colspan="3">No notifications</td>
+      <td colspan="5">No notifications</td>
    </tr>
    #end if
  </table>
--- a/www/kojiweb/index.py
+++ b/www/kojiweb/index.py
@ -229,12 +229,8 @@ def notificationedit(req, notificationID):
            success_only = True
        else:
            success_only = False
-
-        email = form['email'].value
-        if not email:
-            raise koji.GenericError, 'an email address for the notification must be provided'
        
-        server.updateNotification(notification['id'], package_id, tag_id, success_only, email)
+        server.updateNotification(notification['id'], package_id, tag_id, success_only)
        
        mod_python.util.redirect(req, 'index')
    elif form.has_key('cancel'):
@ -278,12 +274,8 @@ def notificationcreate(req):
            success_only = True
        else:
            success_only = False
-
-        email = form['email'].value
-        if not email:
-            raise koji.GenericError, 'an email address for the notification must be provided'
        
-        server.createNotification(user['id'], package_id, tag_id, success_only, email)
+        server.createNotification(user['id'], package_id, tag_id, success_only)
        
        mod_python.util.redirect(req, 'index')
    elif form.has_key('cancel'):
--- a/www/kojiweb/notificationedit.chtml
+++ b/www/kojiweb/notificationedit.chtml
@ -39,10 +39,6 @@
        <th>Success Only?</th>
        <td><input type="checkbox" name="success_only" value="yes"#if $notif and $notif.success_only then ' checked' else ''#>
      </tr>
-      <tr>
-        <th>Email</th>
-        <td><input type="text" name="email" value="#if $notif then $notif.email else ''#"/></td>
-      </tr>
      <tr>
        <td>
          #if $notif