Project

General

Profile

Actions

Feature #6477

closed

Redmine.pm: effective redmine svn rights

Added by Jean Van Dooren about 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-09-23
Due date:
% Done:

100%

Estimated time:
Resolution:

Description

Hi,

i modified the redmine.pm file in order to (try to) match Redmine rights and SVN methods.
If you use curent Redmine.pm file, you'll see that if you check the "Browse repository" right in Redmine for a user (role->user), the user can do everything in SVN.
Even if you don't check commit access into Redmine...

Redmine rights on SVN are:
  • Manage repository
  • View changesets
  • Browse repository
  • Commit access

SVN methods are:
OPTIONS, PROPFIND, GET, REPORT, MKACTIVITY, PROPPATCH, PUT, CHECKOUT, MKCOL,MOVE, COPY, DELETE, LOCK, UNLOCK, MERGE

you must add after
my @directives { }; (on row 146)

my %authorizations = (
    'GET', 'browse_repository',
    'PROPFIND', 'browse_repository',
    'REPORT', 'browse_repository',
    'OPTIONS', 'browse_repository',
    'MKACTIVITY','commit_access',
    'PROPPATCH','commit_access',
    'PUT', 'commit_access',
    'CHECKOUT','commit_access',
    'MKCOL','commit_access',
    'MOVE','commit_access',
    'COPY','commit_access',
    'DELETE','commit_access',
    'LOCK','commit_access',
    'UNLOCK','commit_access',
    'MERGE','commit_access'
);

and then replace row 328:
if ($hashed_password eq $pass_digest && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {

by
if ($hashed_password eq $pass_digest && ( $permissions =~ m/($authorizations{$method})/ ) ) {

and at row 387

$ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass) && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/));

by
$ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass) && $permissions =~ m/($authorizations{$method})/);

I'm sure there are other modifications to do (add rights in cache) and a better way to do that.

I hope it'll help others,
Best regards,
Jean

Actions

Also available in: Atom PDF