Project

General

Profile

Download (6.61 KB)

Feature #33071 » 0001-Require-sudo-mode-for-deleting-contents.patch

Go MAEDA, 2020-03-01 10:03

View differences:

app/controllers/attachments_controller.rb
25 25 
  before_action :delete_authorize, :only => :destroy
26 26 
  before_action :authorize_global, :only => :upload
27 27 

  		




  
  28
  
    
  require_sudo_mode :destroy

  		




  
  29
  
    

  		




  28
  30
  
    
  # Disable check for same origin requests for JS files, i.e. attachments with

  		




  29
  31
  
    
  # MIME type text/javascript.

  		




  30
  32
  
    
  skip_after_action :verify_same_origin_request, :only => :download

  		












  

    
      app/controllers/boards_controller.rb
    
  





  22
  22
  
    
  before_action :find_project_by_project_id, :find_board_if_available, :authorize

  		




  23
  23
  
    
  accept_rss_auth :index, :show

  		




  24
  24
  
    

  		




  
  25
  
    
  require_sudo_mode :destroy

  		




  
  26
  
    

  		




  25
  27
  
    
  helper :sort

  		




  26
  28
  
    
  include SortHelper

  		




  27
  29
  
    
  helper :watchers

  		












  

    
      app/controllers/comments_controller.rb
    
  





  24
  24
  
    
  before_action :find_project_from_association

  		




  25
  25
  
    
  before_action :authorize

  		




  26
  26
  
    

  		




  
  27
  
    
  require_sudo_mode :destroy

  		




  
  28
  
    
  

  		




  27
  29
  
    
  def create

  		




  28
  30
  
    
    raise Unauthorized unless @news.commentable?

  		




  29
  31
  
    

  		












  

    
      app/controllers/documents_controller.rb
    
  





  25
  25
  
    
  before_action :find_project_from_association, :except => [:index, :new, :create]

  		




  26
  26
  
    
  before_action :authorize

  		




  27
  27
  
    

  		




  
  28
  
    
  require_sudo_mode :destroy

  		




  
  29
  
    

  		




  28
  30
  
    
  helper :attachments

  		




  29
  31
  
    
  helper :custom_fields

  		




  30
  32
  
    

  		












  

    
      app/controllers/issues_controller.rb
    
  





  28
  28
  
    
  accept_rss_auth :index, :show

  		




  29
  29
  
    
  accept_api_auth :index, :show, :create, :update, :destroy

  		




  30
  30
  
    

  		




  
  31
  
    
  require_sudo_mode :destroy

  		




  
  32
  
    

  		




  31
  33
  
    
  rescue_from Query::StatementInvalid, :with => :query_statement_invalid

  		




  32
  34
  
    

  		




  33
  35
  
    
  helper :journals

  		












  

    
      app/controllers/messages_controller.rb
    
  





  25
  25
  
    
  before_action :find_message, :except => [:new, :preview]

  		




  26
  26
  
    
  before_action :authorize, :except => [:preview, :edit, :destroy]

  		




  27
  27
  
    

  		




  
  28
  
    
  require_sudo_mode :destroy

  		




  
  29
  
    

  		




  28
  30
  
    
  helper :boards

  		




  29
  31
  
    
  helper :watchers

  		




  30
  32
  
    
  helper :attachments

  		












  

    
      app/controllers/news_controller.rb
    
  





  28
  28
  
    
  accept_rss_auth :index

  		




  29
  29
  
    
  accept_api_auth :index, :show, :create, :update, :destroy

  		




  30
  30
  
    

  		




  
  31
  
    
  require_sudo_mode :destroy

  		




  
  32
  
    

  		




  31
  33
  
    
  helper :watchers

  		




  32
  34
  
    
  helper :attachments

  		




  33
  35
  
    

  		












  

    
      app/controllers/repositories_controller.rb
    
  





  36
  36
  
    
  before_action :authorize

  		




  37
  37
  
    
  accept_rss_auth :revisions

  		




  38
  38
  
    

  		




  
  39
  
    
  require_sudo_mode :destroy

  		




  
  40
  
    

  		




  39
  41
  
    
  rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed

  		




  40
  42
  
    

  		




  41
  43
  
    
  def new

  		












  

    
      app/controllers/timelog_controller.rb
    
  





  33
  33
  
    
  accept_rss_auth :index

  		




  34
  34
  
    
  accept_api_auth :index, :show, :create, :update, :destroy

  		




  35
  35
  
    

  		




  
  36
  
    
  require_sudo_mode :destroy

  		




  
  37
  
    

  		




  36
  38
  
    
  rescue_from Query::StatementInvalid, :with => :query_statement_invalid

  		




  37
  39
  
    

  		




  38
  40
  
    
  helper :issues

  		












  

    
      app/controllers/versions_controller.rb
    
  





  27
  27
  
    

  		




  28
  28
  
    
  accept_api_auth :index, :show, :create, :update, :destroy

  		




  29
  29
  
    

  		




  
  30
  
    
  require_sudo_mode :destroy

  		




  
  31
  
    

  		




  30
  32
  
    
  helper :custom_fields

  		




  31
  33
  
    
  helper :projects

  		




  32
  34
  
    

  		












  

    
      app/controllers/wiki_controller.rb
    
  





  39
  39
  
    
  before_action :find_attachments, :only => [:preview]

  		




  40
  40
  
    
  accept_api_auth :index, :show, :update, :destroy

  		




  41
  41
  
    

  		




  
  42
  
    
  require_sudo_mode :destroy, :destroy_version

  		




  
  43
  
    

  		




  42
  44
  
    
  helper :attachments

  		




  43
  45
  
    
  include AttachmentsHelper

  		




  44
  46
  
    
  helper :watchers

  		












  

    
      app/controllers/wikis_controller.rb
    
  





  21
  21
  
    
  menu_item :settings

  		




  22
  22
  
    
  before_action :find_project, :authorize

  		




  23
  23
  
    

  		




  
  24
  
    
  require_sudo_mode :destroy, only: :post

  		




  
  25
  
    

  		




  24
  26
  
    
  # Delete a project's wiki

  		




  25
  27
  
    
  def destroy

  		




  26
  28
  
    
    if request.post? && params[:confirm] && @project.wiki

  		















  (1-1/4)