mirror of
https://github.com/redmine/redmine.git
synced 2024-09-13 23:56:26 +02:00
Redmine.pm: deny access if user doesn't have browse_repository permission (#4338).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3215 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
18c7c0d3ee
commit
ffe8222257
@ -284,7 +284,7 @@ sub is_member {
|
||||
|
||||
unless ($auth_source_id) {
|
||||
my $method = $r->method;
|
||||
if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) {
|
||||
if ($hashed_password eq $pass_digest && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
|
||||
$ret = 1;
|
||||
last;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user