Project

General

Profile

Actions

Patch #11818

closed

Redmine.pm fails when permissions are NULL

Added by John Yani over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Category:
SCM extra
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

Steps to reproduce:

1) Setup SVN access using this guid http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl
2) Create a public project "FOO" and a corresponding svn repo
3) Remove all permissions from anonymous user
4) Add user "BAR" as a member of "FOO" project with read svn permissions
5) Execute this SQL query:

SELECT hashed_password, salt, auth_source_id, permissions
FROM projects, users, roles
WHERE users.login='BAR'
AND projects.identifier='FOO'
AND users.status=1
AND
(
  roles.id IN (
                 SELECT member_roles.role_id
                 FROM members, member_roles
                 WHERE members.user_id = users.id
                    AND members.project_id = projects.id
                    AND members.id = member_roles.member_id
              )
  OR   (
           roles.builtin=1 AND
           cast(projects.is_public as CHAR) IN ('t', '1') AND
       )
);

6) Login to http://svn_server/FOO using user "BAR" credentials

Expected behavior:

1) result of query in step 5 has 1 line with non-null permissions
2) I can browse svn via browser

Actual behavior:

1) result of query in step 5 has 2 lines one of which has null permissions
2) I see error 500 in the browser

A patch to fix this problem is attached


Files

Actions #1

Updated by John Yani over 12 years ago

Remove redundant "AND" in the SQL query

Actions #2

Updated by John Yani over 12 years ago

The error before the patch was:
Use of uninitialized value $permissions in pattern match (m//) at /usr/lib/perl5/Apache/Redmine.pm line 359, <DATA> line 522.\n

Actions #3

Updated by sam andro over 12 years ago

  • Status changed from New to Resolved
Actions #4

Updated by Etienne Massip over 12 years ago

  • Status changed from Resolved to New
Actions #5

Updated by Jean-Philippe Lang over 12 years ago

  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Target version set to 2.1.0

Fix committed in r10375, thanks.

Actions

Also available in: Atom PDF