From: Jean-Philippe Lang Date: Sun, 29 Jan 2017 10:41:33 +0000 (+0000) Subject: Merged r16286 (#24307). X-Git-Tag: 3.2.6~24 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=83921f27d4aff8b24c3a3e4685b92196d3439424;p=redmine.git Merged r16286 (#24307). git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16297 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm index bac1cb2fc..0cb99b632 100644 --- a/extra/svn/Redmine.pm +++ b/extra/svn/Redmine.pm @@ -244,6 +244,7 @@ sub RedmineDSN { WHERE users.login=? AND projects.identifier=? + AND EXISTS (SELECT 1 FROM enabled_modules em WHERE em.project_id = projects.id AND em.name = 'repository') AND users.type='User' AND users.status=1 AND ( @@ -390,7 +391,9 @@ sub is_public_project { my $dbh = connect_database($r); my $sth = $dbh->prepare( - "SELECT is_public FROM projects WHERE projects.identifier = ? AND projects.status <> 9;" + "SELECT is_public FROM projects + WHERE projects.identifier = ? AND projects.status <> 9 + AND EXISTS (SELECT 1 FROM enabled_modules em WHERE em.project_id = projects.id AND em.name = 'repository');" ); $sth->execute($project_id); diff --git a/test/extra/redmine_pm/repository_subversion_test_pm.rb b/test/extra/redmine_pm/repository_subversion_test_pm.rb index e031bba19..336619cf6 100644 --- a/test/extra/redmine_pm/repository_subversion_test_pm.rb +++ b/test/extra/redmine_pm/repository_subversion_test_pm.rb @@ -19,7 +19,7 @@ require File.expand_path('../test_case', __FILE__) require 'tmpdir' class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase - fixtures :projects, :users, :members, :roles, :member_roles, :auth_sources + fixtures :projects, :users, :members, :roles, :member_roles, :auth_sources, :enabled_modules SVN_BIN = Redmine::Configuration['scm_subversion_command'] || "svn" @@ -38,6 +38,11 @@ class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase assert_failure "ls", svn_url end + def test_anonymous_read_on_public_project_with_module_disabled_should_fail + Project.find(1).disable_module! :repository + assert_failure "ls", svn_url + end + def test_anonymous_read_on_private_repo_should_fail Project.find(1).update_attribute :is_public, false assert_failure "ls", svn_url @@ -128,6 +133,15 @@ class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase end end + def test_member_read_on_private_repo_with_module_disabled_should_fail + Role.find(2).add_permission! :browse_repository + Project.find(1).update_attribute :is_public, false + Project.find(1).disable_module! :repository + with_credentials "dlopper", "foo" do + assert_failure "ls", svn_url + end + end + def test_member_commit_on_public_repo_with_permission_should_succeed Role.find(2).add_permission! :commit_access with_credentials "dlopper", "foo" do @@ -158,6 +172,15 @@ class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase end end + def test_member_commit_on_private_repo_with_module_disabled_should_fail + Role.find(2).add_permission! :commit_access + Project.find(1).update_attribute :is_public, false + Project.find(1).disable_module! :repository + with_credentials "dlopper", "foo" do + assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename) + end + end + def test_invalid_credentials_should_fail Project.find(1).update_attribute :is_public, false with_credentials "dlopper", "foo" do