diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2009-12-22 18:08:19 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2009-12-22 18:08:19 +0000 |
| commit | ffe8222257d4d9da793c8085b3cca39599d2e812 (patch) | |
| tree | 0c871d595c443bf3d90ccd26f23cbb85daf55277 | |
| parent | 18c7c0d3ee29fc75d7cb7a2acdb8bdeee57ae9ca (diff) | |
| download | redmine-ffe8222257d4d9da793c8085b3cca39599d2e812.tar.gz redmine-ffe8222257d4d9da793c8085b3cca39599d2e812.zip | |
Redmine.pm: deny access if user doesn't have browse_repository permission (#4338).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3215 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | extra/svn/Redmine.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm index 20f795779..66dc6c03f 100644 --- a/extra/svn/Redmine.pm +++ b/extra/svn/Redmine.pm @@ -284,7 +284,7 @@ sub is_member { unless ($auth_source_id) { my $method = $r->method; - if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) { + if ($hashed_password eq $pass_digest && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) { $ret = 1; last; } |