0001-Require-sudo-mode-for-deleting-contents.patch

Go MAEDA, 2020-03-01 10:03

Download (6.61 KB)

View differences:

app/controllers/attachments_controller.rb
25 25
  before_action :delete_authorize, :only => :destroy
26 26
  before_action :authorize_global, :only => :upload
27 27

  
28
  require_sudo_mode :destroy
29

  
28 30
  # Disable check for same origin requests for JS files, i.e. attachments with
29 31
  # MIME type text/javascript.
30 32
  skip_after_action :verify_same_origin_request, :only => :download
app/controllers/boards_controller.rb
22 22
  before_action :find_project_by_project_id, :find_board_if_available, :authorize
23 23
  accept_rss_auth :index, :show
24 24

  
25
  require_sudo_mode :destroy
26

  
25 27
  helper :sort
26 28
  include SortHelper
27 29
  helper :watchers
app/controllers/comments_controller.rb
24 24
  before_action :find_project_from_association
25 25
  before_action :authorize
26 26

  
27
  require_sudo_mode :destroy
28
  
27 29
  def create
28 30
    raise Unauthorized unless @news.commentable?
29 31

  
app/controllers/documents_controller.rb
25 25
  before_action :find_project_from_association, :except => [:index, :new, :create]
26 26
  before_action :authorize
27 27

  
28
  require_sudo_mode :destroy
29

  
28 30
  helper :attachments
29 31
  helper :custom_fields
30 32

  
app/controllers/issues_controller.rb
28 28
  accept_rss_auth :index, :show
29 29
  accept_api_auth :index, :show, :create, :update, :destroy
30 30

  
31
  require_sudo_mode :destroy
32

  
31 33
  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
32 34

  
33 35
  helper :journals
app/controllers/messages_controller.rb
25 25
  before_action :find_message, :except => [:new, :preview]
26 26
  before_action :authorize, :except => [:preview, :edit, :destroy]
27 27

  
28
  require_sudo_mode :destroy
29

  
28 30
  helper :boards
29 31
  helper :watchers
30 32
  helper :attachments
app/controllers/news_controller.rb
28 28
  accept_rss_auth :index
29 29
  accept_api_auth :index, :show, :create, :update, :destroy
30 30

  
31
  require_sudo_mode :destroy
32

  
31 33
  helper :watchers
32 34
  helper :attachments
33 35

  
app/controllers/repositories_controller.rb
36 36
  before_action :authorize
37 37
  accept_rss_auth :revisions
38 38

  
39
  require_sudo_mode :destroy
40

  
39 41
  rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
40 42

  
41 43
  def new
app/controllers/timelog_controller.rb
33 33
  accept_rss_auth :index
34 34
  accept_api_auth :index, :show, :create, :update, :destroy
35 35

  
36
  require_sudo_mode :destroy
37

  
36 38
  rescue_from Query::StatementInvalid, :with => :query_statement_invalid
37 39

  
38 40
  helper :issues
app/controllers/versions_controller.rb
27 27

  
28 28
  accept_api_auth :index, :show, :create, :update, :destroy
29 29

  
30
  require_sudo_mode :destroy
31

  
30 32
  helper :custom_fields
31 33
  helper :projects
32 34

  
app/controllers/wiki_controller.rb
39 39
  before_action :find_attachments, :only => [:preview]
40 40
  accept_api_auth :index, :show, :update, :destroy
41 41

  
42
  require_sudo_mode :destroy, :destroy_version
43

  
42 44
  helper :attachments
43 45
  include AttachmentsHelper
44 46
  helper :watchers
app/controllers/wikis_controller.rb
21 21
  menu_item :settings
22 22
  before_action :find_project, :authorize
23 23

  
24
  require_sudo_mode :destroy, only: :post
25

  
24 26
  # Delete a project's wiki
25 27
  def destroy
26 28
    if request.post? && params[:confirm] && @project.wiki
27
-