mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 201 Wiki Activity
Browse Source

Redmine.pm: deny access if user doesn't have browse_repository permission (#4338). 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3215 e93f8b46-1217-0410-a6f0-8f06a7374b81
tags/0.9.0
Jean-Philippe Lang 14 years ago
parent
18c7c0d3ee
commit
ffe8222257
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1
    1
      extra/svn/Redmine.pm

+ 1
- 1
extra/svn/Redmine.pm View File

@@ -284,7 +284,7 @@ sub is_member {

unless ($auth_source_id) {
my $method = $r->method;
if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) {
if ($hashed_password eq $pass_digest && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
$ret = 1;
last;
}

Write Preview
Loading…
Cancel
Save