From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Mon, 14 Nov 2011 21:40:05 +0000 (+0000)
Subject: Fixed: Redmine.pm considers all projects private when login_required is enabled ... 
X-Git-Tag: 1.3.0~203
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=26125be6b120c1196251ae8f42eddffc012b541a;p=redmine.git

Fixed: Redmine.pm considers all projects private when login_required is enabled (#9566).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7808 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm
index 8fbd229ff..6169f734a 100644
--- a/extra/svn/Redmine.pm
+++ b/extra/svn/Redmine.pm
@@ -204,6 +204,8 @@ sub access_handler {
 
   my $method = $r->method;
   return OK unless defined $read_only_methods{$method};
+    
+  return OK if is_authentication_forced($r);
 
   my $project_id = get_project_identifier($r);
 
@@ -219,6 +221,12 @@ sub authen_handler {
   my ($res, $redmine_pass) =  $r->get_basic_auth_pw();
   return $res unless $res == OK;
   
+  my $project_id = get_project_identifier($r);
+  my $method = $r->method;
+  if (defined $read_only_methods{$method} && is_public_project($project_id, $r) && non_member_role_allows_browse_repository($r)) {
+      return OK;
+  }
+  
   if (is_member($r->user, $redmine_pass, $r)) {
       return OK;
   } else {
@@ -255,10 +263,6 @@ sub is_authentication_forced {
 sub is_public_project {
     my $project_id = shift;
     my $r = shift;
-    
-    if (is_authentication_forced($r)) {
-      return 0;
-    }
 
     my $dbh = connect_database($r);
     my $sth = $dbh->prepare(
@@ -280,15 +284,16 @@ sub is_public_project {
     $ret;
 }
 
-sub anonymous_role_allows_browse_repository {
+sub system_role_allows_browse_repository {
   my $r = shift;
+  my $system_role = shift;
   
   my $dbh = connect_database($r);
   my $sth = $dbh->prepare(
-      "SELECT permissions FROM roles WHERE builtin = 2;"
+      "SELECT permissions FROM roles WHERE builtin = ?;"
   );
   
-  $sth->execute();
+  $sth->execute($system_role);
   my $ret = 0;
   if (my @row = $sth->fetchrow_array) {
     if ($row[0] =~ /:browse_repository/) {
@@ -303,6 +308,18 @@ sub anonymous_role_allows_browse_repository {
   $ret;
 }
 
+sub non_member_role_allows_browse_repository {
+  my $r = shift;
+  my $ret = system_role_allows_browse_repository($r, 1);
+  $ret;
+}
+
+sub anonymous_role_allows_browse_repository {
+  my $r = shift;
+  my $ret = system_role_allows_browse_repository($r, 2);
+  $ret;
+}
+
 # perhaps we should use repository right (other read right) to check public access.
 # it could be faster BUT it doesn't work for the moment.
 # sub is_public_project_by_file {