[#619] Restrict anonymous read access with Redmine.pm
Redmine.pm now also checks for public projects whether the anonymous user has the browse_repository right for a read operation.
This commit is contained in:
parent
e7f69d4236
commit
8fb8cd0ee5
|
@ -318,7 +318,7 @@ sub access_handler {
|
||||||
my $project_id = get_project_identifier($r);
|
my $project_id = get_project_identifier($r);
|
||||||
|
|
||||||
$r->set_handlers(PerlAuthenHandler => [\&OK])
|
$r->set_handlers(PerlAuthenHandler => [\&OK])
|
||||||
if is_public_project($project_id, $r);
|
if is_public_project($project_id, $r) && anonymous_role_allows_browse_repository($r);
|
||||||
|
|
||||||
return OK
|
return OK
|
||||||
}
|
}
|
||||||
|
@ -390,6 +390,29 @@ sub is_public_project {
|
||||||
$ret;
|
$ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub anonymous_role_allows_browse_repository {
|
||||||
|
my $r = shift;
|
||||||
|
|
||||||
|
my $dbh = connect_database($r);
|
||||||
|
my $sth = $dbh->prepare(
|
||||||
|
"SELECT permissions FROM roles WHERE builtin = 2;"
|
||||||
|
);
|
||||||
|
|
||||||
|
$sth->execute();
|
||||||
|
my $ret = 0;
|
||||||
|
if (my @row = $sth->fetchrow_array) {
|
||||||
|
if ($row[0] =~ /:browse_repository/) {
|
||||||
|
$ret = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
$sth->finish();
|
||||||
|
undef $sth;
|
||||||
|
$dbh->disconnect();
|
||||||
|
undef $dbh;
|
||||||
|
|
||||||
|
$ret;
|
||||||
|
}
|
||||||
|
|
||||||
# perhaps we should use repository right (other read right) to check public access.
|
# perhaps we should use repository right (other read right) to check public access.
|
||||||
# it could be faster BUT it doesn't work for the moment.
|
# it could be faster BUT it doesn't work for the moment.
|
||||||
# sub is_public_project_by_file {
|
# sub is_public_project_by_file {
|
||||||
|
|
Loading…
Reference in New Issue