Making Mailhandler reject post to OG if author is a not member of OG

Mailhandler passes the node to hook_nodeapi() which is where OG would have the opportunity to reject the post.

Because OG normally accepts posts via the forms API, OG depends on that to restrict the list of available groups that a user can post in. (extract below from D6-2.0 og.module)

function og_nodeapi(&$node, $op, $teaser = NULL, $page = NULL) {
  global $user;
  switch ($op) {
/* ... snip ... */
    case 'validate':
      // Ensure that a group is selected if groups are required. needed when
      // author has no groups. In other cases, fapi does the validation.
      if (og_is_group_post_type($node->type) && variable_get('og_audience_required', FALSE) && !user_access('administer nodes')) {
        if (!isset($node->og_groups)) {
          form_set_error('title', t('You must <a href="@join">join a group</a> before posting on this web site.', array('@join' => url('og'))));
        }
      }
      break;
/* ... snip ... */
}
 

Here's a quick hook_nodeapi() addition which seems to apply this check for us, although I'm sure it can be a lot more beautiful.

function mymodule_nodeapi(&$node, $op, $a3=NULL, $a4=NULL) {
  switch( $op ) {
  case 'validate' :
    if ( og_is_group_post_type($node->type) ) {
      if ( !isset($node->uid) || $node->uid == '0' ) {
        form_set_error('',"Rejecting submission from unrecognised email address.");
        watchdog('maawg','Rejecting OG group post from unknown email via mailhandler.');
      } else {
        $args['!uid'] = $node->uid ;
        if ( isset($node->og_groups) ) {
          $account = user_load($node->uid) ;
          foreach( $node->og_groups as $k => $gid ) {
            $args = array('!name'=>$account->name,'!gid'=>$gid) ;
            if ( !og_is_group_member($gid, TRUE, $account->uid) ) {
              unset($node->og_groups[$k]) ;
              watchdog('maawg',t('Post by !name to OG Group !gid is not allowed',$args));
            }
          }
          if ( empty($node->og_groups) ) {
            form_set_error('',t('Rejected post by !name',$args));
            watchdog('maawg',t('Rejected post by !name',$args));
          }
        }
      }
    }
    break ;
  }
}
 

If OG depends on FAPI to control access to OG posts, and MailHandler circumvents those FAPI checks, then hopefully one or the other module will be able to implement something like this to handle the bridging of MailHandler <=> OG.

I'm happy to provide a patch to OG, if given indication that including code like the above in OG is desirable to the maintainers.

Alternatively, perhaps we can create a little Make OG & Mailhandler Play Nicely module to incorporate some of these needs?

Hmmm. I have long standing gripe with node validation being tied to form api. This is a good example of the problems that ensue.

The code could be even uglier than that. Do we allow admins to email in posts affiliated with unsubscribed groups? The audience selection widget is really complicated. Or, consider the case where a long time group member leaves the group. His posts can no longer be edited by group members (assume wiki content type).

I think this could eventually go into og module itself, but for the moment I'd like to see the code developed in a contrib module and mature there. Let me know if I can help. Feel free to discuss here.

Thanks for your offer Moshe. Have done as you requested (I hope!)

See http://drupal.org/project/og_mailhandler

Currently the module contains two pieces of additional code for OG / Mailhandler interoperability: the code above, and the code from http://drupal.org/node/136606#comment-1860524 as well.

This issue is over a year old without followup. Marking as Cannot Reproduce and clearing the books. If this remains a genuine issue, please reopen and provide the necessary information.