diff options
| author | Boris Stumm <bs@kedev.eu> | 2016-01-06 13:51:19 +0100 |
|---|---|---|
| committer | Boris Stumm <bs@kedev.eu> | 2016-01-06 13:51:19 +0100 |
| commit | d54bd60b923bbd703bb668601d412d4295d2f503 (patch) | |
| tree | 9eecf8ffc32c80bd5899105dc1f7a77c02315022 | |
| parent | 2539ceea0d47467d54cedd340afa6ede2909b2bd (diff) | |
| download | gitblit-d54bd60b923bbd703bb668601d412d4295d2f503.tar.gz gitblit-d54bd60b923bbd703bb668601d412d4295d2f503.zip | |
Fix for #993 LIST_BRANCHES without admin
Replaced the canAccess() method in RpcFilter with !adminRequest,
that should solve the problem.
| -rw-r--r-- | src/main/java/com/gitblit/servlet/RpcFilter.java | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/src/main/java/com/gitblit/servlet/RpcFilter.java b/src/main/java/com/gitblit/servlet/RpcFilter.java index 34474d55..355bcb96 100644 --- a/src/main/java/com/gitblit/servlet/RpcFilter.java +++ b/src/main/java/com/gitblit/servlet/RpcFilter.java @@ -128,7 +128,7 @@ public class RpcFilter extends AuthenticationFilter { return;
} else {
// check user access for request
- if (user.canAdmin() || canAccess(user, requestType)) {
+ if (user.canAdmin() || !adminRequest) {
// authenticated request permitted.
// pass processing to the restricted servlet.
newSession(authenticatedRequest, httpResponse);
@@ -153,15 +153,4 @@ public class RpcFilter extends AuthenticationFilter { // pass processing to the restricted servlet.
chain.doFilter(authenticatedRequest, httpResponse);
}
-
- private boolean canAccess(UserModel user, RpcRequest requestType) {
- switch (requestType) {
- case GET_PROTOCOL:
- return true;
- case LIST_REPOSITORIES:
- return true;
- default:
- return user.canAdmin();
- }
- }
-}
\ No newline at end of file +}
|