WHERE
users.login=?
AND projects.identifier=?
+ AND EXISTS (SELECT 1 FROM enabled_modules em WHERE em.project_id = projects.id AND em.name = 'repository')
AND users.type='User'
AND users.status=1
AND (
my $dbh = connect_database($r);
my $sth = $dbh->prepare(
- "SELECT is_public FROM projects WHERE projects.identifier = ? AND projects.status <> 9;"
+ "SELECT is_public FROM projects
+ WHERE projects.identifier = ? AND projects.status <> 9
+ AND EXISTS (SELECT 1 FROM enabled_modules em WHERE em.project_id = projects.id AND em.name = 'repository');"
);
$sth->execute($project_id);
require 'tmpdir'
class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase
- fixtures :projects, :users, :members, :roles, :member_roles, :auth_sources
+ fixtures :projects, :users, :members, :roles, :member_roles, :auth_sources, :enabled_modules
SVN_BIN = Redmine::Configuration['scm_subversion_command'] || "svn"
assert_failure "ls", svn_url
end
+ def test_anonymous_read_on_public_project_with_module_disabled_should_fail
+ Project.find(1).disable_module! :repository
+ assert_failure "ls", svn_url
+ end
+
def test_anonymous_read_on_private_repo_should_fail
Project.find(1).update_attribute :is_public, false
assert_failure "ls", svn_url
end
end
+ def test_member_read_on_private_repo_with_module_disabled_should_fail
+ Role.find(2).add_permission! :browse_repository
+ Project.find(1).update_attribute :is_public, false
+ Project.find(1).disable_module! :repository
+ with_credentials "dlopper", "foo" do
+ assert_failure "ls", svn_url
+ end
+ end
+
def test_member_commit_on_public_repo_with_permission_should_succeed
Role.find(2).add_permission! :commit_access
with_credentials "dlopper", "foo" do
end
end
+ def test_member_commit_on_private_repo_with_module_disabled_should_fail
+ Role.find(2).add_permission! :commit_access
+ Project.find(1).update_attribute :is_public, false
+ Project.find(1).disable_module! :repository
+ with_credentials "dlopper", "foo" do
+ assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)
+ end
+ end
+
def test_invalid_credentials_should_fail
Project.find(1).update_attribute :is_public, false
with_credentials "dlopper", "foo" do