From 26125be6b120c1196251ae8f42eddffc012b541a Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Mon, 14 Nov 2011 21:40:05 +0000 Subject: [PATCH] Fixed: Redmine.pm considers all projects private when login_required is enabled (#9566). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7808 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- extra/svn/Redmine.pm | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm index 8fbd229ff..6169f734a 100644 --- a/extra/svn/Redmine.pm +++ b/extra/svn/Redmine.pm @@ -204,6 +204,8 @@ sub access_handler { my $method = $r->method; return OK unless defined $read_only_methods{$method}; + + return OK if is_authentication_forced($r); my $project_id = get_project_identifier($r); @@ -219,6 +221,12 @@ sub authen_handler { my ($res, $redmine_pass) = $r->get_basic_auth_pw(); return $res unless $res == OK; + my $project_id = get_project_identifier($r); + my $method = $r->method; + if (defined $read_only_methods{$method} && is_public_project($project_id, $r) && non_member_role_allows_browse_repository($r)) { + return OK; + } + if (is_member($r->user, $redmine_pass, $r)) { return OK; } else { @@ -255,10 +263,6 @@ sub is_authentication_forced { sub is_public_project { my $project_id = shift; my $r = shift; - - if (is_authentication_forced($r)) { - return 0; - } my $dbh = connect_database($r); my $sth = $dbh->prepare( @@ -280,15 +284,16 @@ sub is_public_project { $ret; } -sub anonymous_role_allows_browse_repository { +sub system_role_allows_browse_repository { my $r = shift; + my $system_role = shift; my $dbh = connect_database($r); my $sth = $dbh->prepare( - "SELECT permissions FROM roles WHERE builtin = 2;" + "SELECT permissions FROM roles WHERE builtin = ?;" ); - $sth->execute(); + $sth->execute($system_role); my $ret = 0; if (my @row = $sth->fetchrow_array) { if ($row[0] =~ /:browse_repository/) { @@ -303,6 +308,18 @@ sub anonymous_role_allows_browse_repository { $ret; } +sub non_member_role_allows_browse_repository { + my $r = shift; + my $ret = system_role_allows_browse_repository($r, 1); + $ret; +} + +sub anonymous_role_allows_browse_repository { + my $r = shift; + my $ret = system_role_allows_browse_repository($r, 2); + $ret; +} + # perhaps we should use repository right (other read right) to check public access. # it could be faster BUT it doesn't work for the moment. # sub is_public_project_by_file { -- 2.39.5