From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 29 Jan 2017 10:41:33 +0000 (+0000)
Subject: Merged r16286 (#24307).
X-Git-Tag: 3.2.6~24
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=83921f27d4aff8b24c3a3e4685b92196d3439424;p=redmine.git

Merged r16286 (#24307).

git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@16297 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm
index bac1cb2fc..0cb99b632 100644
--- a/extra/svn/Redmine.pm
+++ b/extra/svn/Redmine.pm
@@ -244,6 +244,7 @@ sub RedmineDSN {
               WHERE 
                 users.login=? 
                 AND projects.identifier=?
+                AND EXISTS (SELECT 1 FROM enabled_modules em WHERE em.project_id = projects.id AND em.name = 'repository')
                 AND users.type='User'
                 AND users.status=1 
                 AND (
@@ -390,7 +391,9 @@ sub is_public_project {
 
     my $dbh = connect_database($r);
     my $sth = $dbh->prepare(
-        "SELECT is_public FROM projects WHERE projects.identifier = ? AND projects.status <> 9;"
+        "SELECT is_public FROM projects
+          WHERE projects.identifier = ? AND projects.status <> 9
+          AND EXISTS (SELECT 1 FROM enabled_modules em WHERE em.project_id = projects.id AND em.name = 'repository');"
     );
 
     $sth->execute($project_id);
diff --git a/test/extra/redmine_pm/repository_subversion_test_pm.rb b/test/extra/redmine_pm/repository_subversion_test_pm.rb
index e031bba19..336619cf6 100644
--- a/test/extra/redmine_pm/repository_subversion_test_pm.rb
+++ b/test/extra/redmine_pm/repository_subversion_test_pm.rb
@@ -19,7 +19,7 @@ require File.expand_path('../test_case', __FILE__)
 require 'tmpdir'
 
 class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase
-  fixtures :projects, :users, :members, :roles, :member_roles, :auth_sources
+  fixtures :projects, :users, :members, :roles, :member_roles, :auth_sources, :enabled_modules
 
   SVN_BIN = Redmine::Configuration['scm_subversion_command'] || "svn"
 
@@ -38,6 +38,11 @@ class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase
     assert_failure "ls", svn_url
   end
 
+  def test_anonymous_read_on_public_project_with_module_disabled_should_fail
+    Project.find(1).disable_module! :repository
+    assert_failure "ls", svn_url
+  end
+
   def test_anonymous_read_on_private_repo_should_fail
     Project.find(1).update_attribute :is_public, false
     assert_failure "ls", svn_url
@@ -128,6 +133,15 @@ class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase
     end
   end
 
+  def test_member_read_on_private_repo_with_module_disabled_should_fail
+    Role.find(2).add_permission! :browse_repository
+    Project.find(1).update_attribute :is_public, false
+    Project.find(1).disable_module! :repository
+    with_credentials "dlopper", "foo" do
+      assert_failure "ls", svn_url
+    end
+  end
+
   def test_member_commit_on_public_repo_with_permission_should_succeed
     Role.find(2).add_permission! :commit_access
     with_credentials "dlopper", "foo" do
@@ -158,6 +172,15 @@ class RedminePmTest::RepositorySubversionTest < RedminePmTest::TestCase
     end
   end
 
+  def test_member_commit_on_private_repo_with_module_disabled_should_fail
+    Role.find(2).add_permission! :commit_access
+    Project.find(1).update_attribute :is_public, false
+    Project.find(1).disable_module! :repository
+    with_credentials "dlopper", "foo" do
+      assert_failure "mkdir --message Creating_a_directory", svn_url(random_filename)
+    end
+  end
+
   def test_invalid_credentials_should_fail
     Project.find(1).update_attribute :is_public, false
     with_credentials "dlopper", "foo" do