Redmine.pm: deny access if user doesn't have browse_repository permission (#4338).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3215 e93f8b46-1217-0410-a6f0-8f06a7374b81

Redmine.pm: deny access if user doesn't have browse_repository permission (#4338).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3215 e93f8b46-1217-0410-a6f0-8f06a7374b81
ffe82222 · Jean-Philippe Lang · 18c7c0d3 · ffe82222
Commit ffe82222 authored Dec 22, 2009 by Jean-Philippe Lang
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

Redmine.pm extra/svn/Redmine.pm +1 -1

No files found.
--- a/extra/svn/Redmine.pm
+++ b/extra/svn/Redmine.pm
@@ -284,7 +284,7 @@ sub is_member {

      unless ($auth_source_id) {
 	  my $method = $r->method;
-          if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) {
+          if ($hashed_password eq $pass_digest && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
              $ret = 1;
              last;
          }