GitLab steht Mittwoch, den 08. Juli, zwischen 09:00 und 13:00 Uhr aufgrund von Wartungsarbeiten nicht zur Verfügung.

Commit 264559ea authored by tmaruyama's avatar tmaruyama

Restrict anonymous read access with Redmine.pm

Redmine.pm now also checks for public projects whether the anonymous
user has the browse_repository right for a read operation.

Contributed by Holger Just.

git-svn-id: https://svn.redmine.org/redmine/trunk@7579 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 8c98f79f
......@@ -208,7 +208,7 @@ sub access_handler {
my $project_id = get_project_identifier($r);
$r->set_handlers(PerlAuthenHandler => [\&OK])
if is_public_project($project_id, $r);
if is_public_project($project_id, $r) && anonymous_role_allows_browse_repository($r);
return OK
}
......@@ -280,6 +280,29 @@ sub is_public_project {
$ret;
}
sub anonymous_role_allows_browse_repository {
my $r = shift;
my $dbh = connect_database($r);
my $sth = $dbh->prepare(
"SELECT permissions FROM roles WHERE builtin = 2;"
);
$sth->execute();
my $ret = 0;
if (my @row = $sth->fetchrow_array) {
if ($row[0] =~ /:browse_repository/) {
$ret = 1;
}
}
$sth->finish();
undef $sth;
$dbh->disconnect();
undef $dbh;
$ret;
}
# perhaps we should use repository right (other read right) to check public access.
# it could be faster BUT it doesn't work for the moment.
# sub is_public_project_by_file {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment