diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2014-09-28 14:51:08 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2014-09-28 14:51:08 +0000 |
| commit | 7e7ac5340a281ed767066af0b5f4dd45a3d7076f (patch) | |
| tree | 891640b0548c0d3063daddb219006d120fa312c3 /extra | |
| parent | 9a7fb0ad7be0ee3403f5b89eb0c16b68c991d519 (diff) | |
| download | redmine-7e7ac5340a281ed767066af0b5f4dd45a3d7076f.tar.gz redmine-7e7ac5340a281ed767066af0b5f4dd45a3d7076f.zip | |
Adds buit-in groups to give specific permissions to anonymous and non members users per project (#17976).
git-svn-id: http://svn.redmine.org/redmine/trunk@13417 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'extra')
| -rw-r--r-- | extra/svn/Redmine.pm | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm index ac7387122..ddad660b3 100644 --- a/extra/svn/Redmine.pm +++ b/extra/svn/Redmine.pm @@ -248,7 +248,12 @@ sub RedmineDSN { AND ( roles.id IN (SELECT member_roles.role_id FROM members, member_roles WHERE members.user_id = users.id AND members.project_id = projects.id AND members.id = member_roles.member_id) OR - (roles.builtin=1 AND cast(projects.is_public as CHAR) IN ('t', '1')) + (cast(projects.is_public as CHAR) IN ('t', '1') + AND (roles.builtin=1 + OR roles.id IN (SELECT member_roles.role_id FROM members, member_roles, users g + WHERE members.user_id = g.id AND members.project_id = projects.id AND members.id = member_roles.member_id + AND g.type = 'GroupNonMember')) + ) ) AND roles.permissions IS NOT NULL"; $self->{RedmineQuery} = trim($query); @@ -328,7 +333,7 @@ sub access_handler { my $project_id = get_project_identifier($r); $r->set_handlers(PerlAuthenHandler => [\&OK]) - if is_public_project($project_id, $r) && anonymous_role_allows_browse_repository($r); + if is_public_project($project_id, $r) && anonymous_allowed_to_browse_repository($project_id, $r); return OK } @@ -400,15 +405,20 @@ sub is_public_project { $ret; } -sub anonymous_role_allows_browse_repository { +sub anonymous_allowed_to_browse_repository { + my $project_id = shift; my $r = shift; my $dbh = connect_database($r); my $sth = $dbh->prepare( - "SELECT permissions FROM roles WHERE builtin = 2;" + "SELECT permissions FROM roles WHERE permissions like '%browse_repository%' + AND (roles.builtin = 2 + OR roles.id IN (SELECT member_roles.role_id FROM projects, members, member_roles, users + WHERE members.user_id = users.id AND members.project_id = projects.id AND members.id = member_roles.member_id + AND projects.identifier = ? AND users.type = 'GroupAnonymous'));" ); - $sth->execute(); + $sth->execute($project_id); my $ret = 0; if (my @row = $sth->fetchrow_array) { if ($row[0] =~ /:browse_repository/) { |