| @@ -204,6 +204,8 sub access_handler { | |||
|
|
204 | 204 | |
|
|
205 | 205 | my $method = $r->method; |
|
|
206 | 206 | return OK unless defined $read_only_methods{$method}; |
|
|
207 | ||
|
|
208 | return OK if is_authentication_forced($r); | |
|
|
207 | 209 | |
|
|
208 | 210 | my $project_id = get_project_identifier($r); |
|
|
209 | 211 | |
| @@ -219,6 +221,12 sub authen_handler { | |||
|
|
219 | 221 | my ($res, $redmine_pass) = $r->get_basic_auth_pw(); |
|
|
220 | 222 | return $res unless $res == OK; |
|
|
221 | 223 | |
|
|
224 | my $project_id = get_project_identifier($r); | |
|
|
225 | my $method = $r->method; | |
|
|
226 | if (defined $read_only_methods{$method} && is_public_project($project_id, $r) && non_member_role_allows_browse_repository($r)) { | |
|
|
227 | return OK; | |
|
|
228 | } | |
|
|
229 | ||
|
|
222 | 230 | if (is_member($r->user, $redmine_pass, $r)) { |
|
|
223 | 231 | return OK; |
|
|
224 | 232 | } else { |
| @@ -255,10 +263,6 sub is_authentication_forced { | |||
|
|
255 | 263 | sub is_public_project { |
|
|
256 | 264 | my $project_id = shift; |
|
|
257 | 265 | my $r = shift; |
|
|
258 | ||
|
|
259 | if (is_authentication_forced($r)) { | |
|
|
260 | return 0; | |
|
|
261 | } | |
|
|
262 | 266 | |
|
|
263 | 267 | my $dbh = connect_database($r); |
|
|
264 | 268 | my $sth = $dbh->prepare( |
| @@ -280,15 +284,16 sub is_public_project { | |||
|
|
280 | 284 | $ret; |
|
|
281 | 285 | } |
|
|
282 | 286 | |
|
|
283 |
sub |
|
|
|
287 | sub system_role_allows_browse_repository { | |
|
|
284 | 288 | my $r = shift; |
|
|
289 | my $system_role = shift; | |
|
|
285 | 290 | |
|
|
286 | 291 | my $dbh = connect_database($r); |
|
|
287 | 292 | my $sth = $dbh->prepare( |
|
|
288 |
"SELECT permissions FROM roles WHERE builtin = |
|
|
|
293 | "SELECT permissions FROM roles WHERE builtin = ?;" | |
|
|
289 | 294 | ); |
|
|
290 | 295 | |
|
|
291 | $sth->execute(); | |
|
|
296 | $sth->execute($system_role); | |
|
|
292 | 297 | my $ret = 0; |
|
|
293 | 298 | if (my @row = $sth->fetchrow_array) { |
|
|
294 | 299 | if ($row[0] =~ /:browse_repository/) { |
| @@ -303,6 +308,18 sub anonymous_role_allows_browse_repository { | |||
|
|
303 | 308 | $ret; |
|
|
304 | 309 | } |
|
|
305 | 310 | |
|
|
311 | sub non_member_role_allows_browse_repository { | |
|
|
312 | my $r = shift; | |
|
|
313 | my $ret = system_role_allows_browse_repository($r, 1); | |
|
|
314 | $ret; | |
|
|
315 | } | |
|
|
316 | ||
|
|
317 | sub anonymous_role_allows_browse_repository { | |
|
|
318 | my $r = shift; | |
|
|
319 | my $ret = system_role_allows_browse_repository($r, 2); | |
|
|
320 | $ret; | |
|
|
321 | } | |
|
|
322 | ||
|
|
306 | 323 | # perhaps we should use repository right (other read right) to check public access. |
|
|
307 | 324 | # it could be faster BUT it doesn't work for the moment. |
|
|
308 | 325 | # sub is_public_project_by_file { |
General Comments 0
You need to be logged in to leave comments.
Login now