my $method = $r->method;
return OK unless defined $read_only_methods{$method};
+
+ return OK if is_authentication_forced($r);
my $project_id = get_project_identifier($r);
my ($res, $redmine_pass) = $r->get_basic_auth_pw();
return $res unless $res == OK;
+ my $project_id = get_project_identifier($r);
+ my $method = $r->method;
+ if (defined $read_only_methods{$method} && is_public_project($project_id, $r) && non_member_role_allows_browse_repository($r)) {
+ return OK;
+ }
+
if (is_member($r->user, $redmine_pass, $r)) {
return OK;
} else {
sub is_public_project {
my $project_id = shift;
my $r = shift;
-
- if (is_authentication_forced($r)) {
- return 0;
- }
my $dbh = connect_database($r);
my $sth = $dbh->prepare(
$ret;
}
-sub anonymous_role_allows_browse_repository {
+sub system_role_allows_browse_repository {
my $r = shift;
+ my $system_role = shift;
my $dbh = connect_database($r);
my $sth = $dbh->prepare(
- "SELECT permissions FROM roles WHERE builtin = 2;"
+ "SELECT permissions FROM roles WHERE builtin = ?;"
);
- $sth->execute();
+ $sth->execute($system_role);
my $ret = 0;
if (my @row = $sth->fetchrow_array) {
if ($row[0] =~ /:browse_repository/) {
$ret;
}
+sub non_member_role_allows_browse_repository {
+ my $r = shift;
+ my $ret = system_role_allows_browse_repository($r, 1);
+ $ret;
+}
+
+sub anonymous_role_allows_browse_repository {
+ my $r = shift;
+ my $ret = system_role_allows_browse_repository($r, 2);
+ $ret;
+}
+
# perhaps we should use repository right (other read right) to check public access.
# it could be faster BUT it doesn't work for the moment.
# sub is_public_project_by_file {
projects / redmine.git / commitdiff