From d54bd60b923bbd703bb668601d412d4295d2f503 Mon Sep 17 00:00:00 2001
From: Boris Stumm <bs@kedev.eu>
Date: Wed, 6 Jan 2016 13:51:19 +0100
Subject: [PATCH] Fix for #993 LIST_BRANCHES without admin

Replaced the canAccess() method in RpcFilter with !adminRequest,
that should solve the problem.
---
 src/main/java/com/gitblit/servlet/RpcFilter.java | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/src/main/java/com/gitblit/servlet/RpcFilter.java b/src/main/java/com/gitblit/servlet/RpcFilter.java
index 34474d55..355bcb96 100644
--- a/src/main/java/com/gitblit/servlet/RpcFilter.java
+++ b/src/main/java/com/gitblit/servlet/RpcFilter.java
@@ -128,7 +128,7 @@ public class RpcFilter extends AuthenticationFilter {
 				return;
 			} else {
 				// check user access for request
-				if (user.canAdmin() || canAccess(user, requestType)) {
+				if (user.canAdmin() || !adminRequest) {
 					// authenticated request permitted.
 					// pass processing to the restricted servlet.
 					newSession(authenticatedRequest, httpResponse);
@@ -153,15 +153,4 @@ public class RpcFilter extends AuthenticationFilter {
 		// pass processing to the restricted servlet.
 		chain.doFilter(authenticatedRequest, httpResponse);
 	}
-
-	private boolean canAccess(UserModel user, RpcRequest requestType) {
-		switch (requestType) {
-		case GET_PROTOCOL:
-			return true;
-		case LIST_REPOSITORIES:
-			return true;
-		default:
-			return user.canAdmin();
-		}
-	}
-}
\ No newline at end of file
+}
-- 
2.39.5