access() with a missing repo
when a real repo (i.e., not a groupname or such) doesn't exist, checking any permission other than ^C will give invalid results unless ^C is ok for the user in question. Take a look at this: repo foo/CREATOR/a[0-9][0-9] C = u2 u3 RW+ = CREATOR R = READERS u1 u1 looking for R access on foo/u1/a11 will otherwise result in success.
This commit is contained in:
parent
c79f9d2381
commit
8dcc051e64
|
@ -65,6 +65,14 @@ sub access {
|
||||||
my ( $repo, $user, $aa, $ref ) = @_;
|
my ( $repo, $user, $aa, $ref ) = @_;
|
||||||
load($repo);
|
load($repo);
|
||||||
|
|
||||||
|
# when a real repo doesn't exist, ^C is a pre-requisite for any other
|
||||||
|
# check to give valid results.
|
||||||
|
if ( $aa ne '^C' and $repo !~ /^\@/ and $repo =~ $REPONAME_PATT and repo_missing($repo) ) {
|
||||||
|
my $iret = access( $repo, $user, '^C', $ref );
|
||||||
|
$iret =~ s/\^C/$aa/;
|
||||||
|
return $iret if $iret =~ /DENIED/;
|
||||||
|
}
|
||||||
|
|
||||||
my @rules = rules( $repo, $user );
|
my @rules = rules( $repo, $user );
|
||||||
trace( 2, scalar(@rules) . " rules found" );
|
trace( 2, scalar(@rules) . " rules found" );
|
||||||
for my $r (@rules) {
|
for my $r (@rules) {
|
||||||
|
|
Loading…
Reference in a new issue