ukamnya
/
Redmine-mod-perl-auth
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Replace 'RedmineSCMProtocol' by 'RedmineRepositoryType'. Use it to restrict access to repositories of the right type.

1.x
Adirelle 2012-04-16 12:35:55 +02:00
parent 6f069681bb
commit f25ec32806
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Redmine.pm
View File

@ -63,9 +63,9 @@ Authen::Simple::LDAP (and IO::Socket::SSL if LDAPS is used):
# RedmineDbWhereClause "and members.role_id IN (1,2)" # RedmineDbWhereClause "and members.role_id IN (1,2)"
## SCM transport protocol, used to detecte write requests ## SCM transport protocol, used to detecte write requests
## Valid values: dav-svn, git-smart-http ## Valid values: Subversion, Git
## Default: dav-svn ## Default: Subversion
# RedmineSCMProtocol dav-svn # RedmineRepositoryType Subversion
## Credentials cache size ## Credentials cache size
## Default: 0 (disabled) ## Default: 0 (disabled)
@ -234,10 +234,10 @@ my @directives = (
errmsg => 'Grant all permissions to administrators. Defaults to yes.', errmsg => 'Grant all permissions to administrators. Defaults to yes.',
}, },
{ {
name => 'RedmineSCMProtocol', name => 'RedmineRepositoryType',
req_override => OR_AUTHCFG, req_override => OR_AUTHCFG,
args_how => TAKE1, args_how => TAKE1,
errmsg => 'Indicate the type of SCM protocol (dav-svn or git-smart-http). This is used to properly detected write requests. Defaults to dev-svn.', errmsg => 'Indicate the type of Repository (Subversion or Git). This is used to properly detected write requests. Defaults to Subversion.',
}, },
); );
@ -255,7 +255,7 @@ sub DIR_CREATE {
AND members.id = member_roles.member_id AND members.id = member_roles.member_id
AND member_roles.role_id = roles.id AND member_roles.role_id = roles.id
"), "),
SCMProtocol => 'dav-svn', RepositoryType => 'Subversion',
IdentifierRegex => $identifier_re ? qr{$identifier_re} : undef, IdentifierRegex => $identifier_re ? qr{$identifier_re} : undef,
CacheCredsMax => 0, CacheCredsMax => 0,
CacheCredsCount => 0, CacheCredsCount => 0,
@ -286,13 +286,13 @@ sub RedmineDbWhereClause {
} }
} }
sub RedmineSCMProtocol { sub RedmineRepositoryType {
my ($cfg, $parms, $arg) = @_; my ($cfg, $parms, $arg) = @_;
$arg = trim($arg); $arg = trim($arg);
if($arg eq 'dav-svn' || $arg eq 'git-smart-http') { if($arg eq 'Subversion' || $arg eq 'Git') {
$cfg->{SCMProtocol} = $arg; $cfg->{RepositoryType} = $arg;
} else { } else {
die "Invalid RedmineSCMProtocol value: $arg, choose either dav-svn or git-smart-http !"; die "Invalid RedmineRepositoryType value: $arg, choose either Subversion or Git !";
} }
} }
@ -450,8 +450,10 @@ sub authz_handler {
my $cfg = get_config($r); my $cfg = get_config($r);
my ($project_id, $is_public, $status) = $dbh->selectrow_array("SELECT id, is_public, status FROM projects WHERE identifier = ?", undef, $identifier) my ($project_id, $is_public, $status) = $dbh->selectrow_array(
or return DECLINED; "SELECT p.id, p.is_public, p.status FROM projects p JOIN repositories r ON (p.id = r.project_id) WHERE p.identifier = ? AND r.type = ?",
undef, $identifier, $cfg->{RepositoryType}
) or return NOT_FOUND;
$is_public = is_true($is_public); $is_public = is_true($is_public);
my($res, $reason) = FORBIDDEN; my($res, $reason) = FORBIDDEN;
@ -541,7 +543,7 @@ sub is_read_request {
my $r = shift; my $r = shift;
my $cfg = get_config($r); my $cfg = get_config($r);
if($cfg->{SCMProtocol} eq "dav-svn") { if($cfg->{RepositoryType} eq "Subversion") {
return defined $read_only_methods{$r->method}; return defined $read_only_methods{$r->method};
} else { } else {
my $quoted_location = quotemeta($r->location); my $quoted_location = quotemeta($r->location);