Restrict anonymous read access with Redmine.pm

Redmine.pm now also checks for public projects whether the anonymous
user has the browse_repository right for a read operation.

Contributed by Holger Just.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7579 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Toshi MARUYAMA 2011-10-04 21:47:55 +00:00
parent 1a23663176
commit 1de0714fda
1 changed files with 24 additions and 1 deletions

View File

@ -208,7 +208,7 @@ sub access_handler {
my $project_id = get_project_identifier($r); my $project_id = get_project_identifier($r);
$r->set_handlers(PerlAuthenHandler => [\&OK]) $r->set_handlers(PerlAuthenHandler => [\&OK])
if is_public_project($project_id, $r); if is_public_project($project_id, $r) && anonymous_role_allows_browse_repository($r);
return OK return OK
} }
@ -280,6 +280,29 @@ sub is_public_project {
$ret; $ret;
} }
sub anonymous_role_allows_browse_repository {
my $r = shift;
my $dbh = connect_database($r);
my $sth = $dbh->prepare(
"SELECT permissions FROM roles WHERE builtin = 2;"
);
$sth->execute();
my $ret = 0;
if (my @row = $sth->fetchrow_array) {
if ($row[0] =~ /:browse_repository/) {
$ret = 1;
}
}
$sth->finish();
undef $sth;
$dbh->disconnect();
undef $dbh;
$ret;
}
# perhaps we should use repository right (other read right) to check public access. # perhaps we should use repository right (other read right) to check public access.
# it could be faster BUT it doesn't work for the moment. # it could be faster BUT it doesn't work for the moment.
# sub is_public_project_by_file { # sub is_public_project_by_file {