Fixed: Redmine.pm considers all projects private when login_required is enabled (#9566).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7808 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2011-11-14 21:40:05 +00:00
parent 7afb775286
commit 26125be6b1
1 changed files with 24 additions and 7 deletions

View File

@ -204,6 +204,8 @@ sub access_handler {
my $method = $r->method; my $method = $r->method;
return OK unless defined $read_only_methods{$method}; return OK unless defined $read_only_methods{$method};
return OK if is_authentication_forced($r);
my $project_id = get_project_identifier($r); my $project_id = get_project_identifier($r);
@ -219,6 +221,12 @@ sub authen_handler {
my ($res, $redmine_pass) = $r->get_basic_auth_pw(); my ($res, $redmine_pass) = $r->get_basic_auth_pw();
return $res unless $res == OK; return $res unless $res == OK;
my $project_id = get_project_identifier($r);
my $method = $r->method;
if (defined $read_only_methods{$method} && is_public_project($project_id, $r) && non_member_role_allows_browse_repository($r)) {
return OK;
}
if (is_member($r->user, $redmine_pass, $r)) { if (is_member($r->user, $redmine_pass, $r)) {
return OK; return OK;
} else { } else {
@ -255,10 +263,6 @@ sub is_authentication_forced {
sub is_public_project { sub is_public_project {
my $project_id = shift; my $project_id = shift;
my $r = shift; my $r = shift;
if (is_authentication_forced($r)) {
return 0;
}
my $dbh = connect_database($r); my $dbh = connect_database($r);
my $sth = $dbh->prepare( my $sth = $dbh->prepare(
@ -280,15 +284,16 @@ sub is_public_project {
$ret; $ret;
} }
sub anonymous_role_allows_browse_repository { sub system_role_allows_browse_repository {
my $r = shift; my $r = shift;
my $system_role = shift;
my $dbh = connect_database($r); my $dbh = connect_database($r);
my $sth = $dbh->prepare( my $sth = $dbh->prepare(
"SELECT permissions FROM roles WHERE builtin = 2;" "SELECT permissions FROM roles WHERE builtin = ?;"
); );
$sth->execute(); $sth->execute($system_role);
my $ret = 0; my $ret = 0;
if (my @row = $sth->fetchrow_array) { if (my @row = $sth->fetchrow_array) {
if ($row[0] =~ /:browse_repository/) { if ($row[0] =~ /:browse_repository/) {
@ -303,6 +308,18 @@ sub anonymous_role_allows_browse_repository {
$ret; $ret;
} }
sub non_member_role_allows_browse_repository {
my $r = shift;
my $ret = system_role_allows_browse_repository($r, 1);
$ret;
}
sub anonymous_role_allows_browse_repository {
my $r = shift;
my $ret = system_role_allows_browse_repository($r, 2);
$ret;
}
# perhaps we should use repository right (other read right) to check public access. # perhaps we should use repository right (other read right) to check public access.
# it could be faster BUT it doesn't work for the moment. # it could be faster BUT it doesn't work for the moment.
# sub is_public_project_by_file { # sub is_public_project_by_file {