| @@ -204,8 +204,6 sub access_handler { | |||
|
|
204 | 204 | |
|
|
205 | 205 | my $method = $r->method; |
|
|
206 | 206 | return OK unless defined $read_only_methods{$method}; |
|
|
207 | ||
|
|
208 | return OK if is_authentication_forced($r); | |
|
|
209 | 207 | |
|
|
210 | 208 | my $project_id = get_project_identifier($r); |
|
|
211 | 209 | |
| @@ -221,12 +219,6 sub authen_handler { | |||
|
|
221 | 219 | my ($res, $redmine_pass) = $r->get_basic_auth_pw(); |
|
|
222 | 220 | return $res unless $res == OK; |
|
|
223 | 221 | |
|
|
224 | my $project_id = get_project_identifier($r); | |
|
|
225 | my $method = $r->method; | |
|
|
226 | if (defined $read_only_methods{$method} && is_public_project($project_id, $r) && non_member_role_allows_browse_repository($r)) { | |
|
|
227 | return OK; | |
|
|
228 | } | |
|
|
229 | ||
|
|
230 | 222 | if (is_member($r->user, $redmine_pass, $r)) { |
|
|
231 | 223 | return OK; |
|
|
232 | 224 | } else { |
| @@ -263,6 +255,10 sub is_authentication_forced { | |||
|
|
263 | 255 | sub is_public_project { |
|
|
264 | 256 | my $project_id = shift; |
|
|
265 | 257 | my $r = shift; |
|
|
258 | ||
|
|
259 | if (is_authentication_forced($r)) { | |
|
|
260 | return 0; | |
|
|
261 | } | |
|
|
266 | 262 | |
|
|
267 | 263 | my $dbh = connect_database($r); |
|
|
268 | 264 | my $sth = $dbh->prepare( |
| @@ -284,16 +280,15 sub is_public_project { | |||
|
|
284 | 280 | $ret; |
|
|
285 | 281 | } |
|
|
286 | 282 | |
|
|
287 |
sub |
|
|
|
283 | sub anonymous_role_allows_browse_repository { | |
|
|
288 | 284 | my $r = shift; |
|
|
289 | my $system_role = shift; | |
|
|
290 | 285 | |
|
|
291 | 286 | my $dbh = connect_database($r); |
|
|
292 | 287 | my $sth = $dbh->prepare( |
|
|
293 |
"SELECT permissions FROM roles WHERE builtin = |
|
|
|
288 | "SELECT permissions FROM roles WHERE builtin = 2;" | |
|
|
294 | 289 | ); |
|
|
295 | 290 | |
|
|
296 |
$sth->execute( |
|
|
|
291 | $sth->execute(); | |
|
|
297 | 292 | my $ret = 0; |
|
|
298 | 293 | if (my @row = $sth->fetchrow_array) { |
|
|
299 | 294 | if ($row[0] =~ /:browse_repository/) { |
| @@ -308,18 +303,6 sub system_role_allows_browse_repository { | |||
|
|
308 | 303 | $ret; |
|
|
309 | 304 | } |
|
|
310 | 305 | |
|
|
311 | sub non_member_role_allows_browse_repository { | |
|
|
312 | my $r = shift; | |
|
|
313 | my $ret = system_role_allows_browse_repository($r, 1); | |
|
|
314 | $ret; | |
|
|
315 | } | |
|
|
316 | ||
|
|
317 | sub anonymous_role_allows_browse_repository { | |
|
|
318 | my $r = shift; | |
|
|
319 | my $ret = system_role_allows_browse_repository($r, 2); | |
|
|
320 | $ret; | |
|
|
321 | } | |
|
|
322 | ||
|
|
323 | 306 | # perhaps we should use repository right (other read right) to check public access. |
|
|
324 | 307 | # it could be faster BUT it doesn't work for the moment. |
|
|
325 | 308 | # sub is_public_project_by_file { |
General Comments 0
You need to be logged in to leave comments.
Login now