access() with a missing repo
when a real repo (i.e., not a groupname or such) doesn't exist, checking any permission other than ^C will give invalid results unless ^C is ok for the user in question. Take a look at this: repo foo/CREATOR/a[0-9][0-9] C = u2 u3 RW+ = CREATOR R = READERS u1 u1 looking for R access on foo/u1/a11 will otherwise result in success.
This commit is contained in:
parent
c79f9d2381
commit
8dcc051e64
|
@ -65,6 +65,14 @@ sub access {
|
||||||
my ( $repo, $user, $aa, $ref ) = @_;
|
my ( $repo, $user, $aa, $ref ) = @_;
|
||||||
load($repo);
|
load($repo);
|
||||||
|
|
||||||
|
# when a real repo doesn't exist, ^C is a pre-requisite for any other
|
||||||
|
# check to give valid results.
|
||||||
|
if ( $aa ne '^C' and $repo !~ /^\@/ and $repo =~ $REPONAME_PATT and repo_missing($repo) ) {
|
||||||
|
my $iret = access( $repo, $user, '^C', $ref );
|
||||||
|
$iret =~ s/\^C/$aa/;
|
||||||
|
return $iret if $iret =~ /DENIED/;
|
||||||
|
}
|
||||||
|
|
||||||
my @rules = rules( $repo, $user );
|
my @rules = rules( $repo, $user );
|
||||||
trace( 2, scalar(@rules) . " rules found" );
|
trace( 2, scalar(@rules) . " rules found" );
|
||||||
for my $r (@rules) {
|
for my $r (@rules) {
|
||||||
|
@ -315,7 +323,7 @@ sub user_roles {
|
||||||
my @roles = ();
|
my @roles = ();
|
||||||
if ( -f $f ) {
|
if ( -f $f ) {
|
||||||
my $fh = _open( "<", $f );
|
my $fh = _open( "<", $f );
|
||||||
chomp(@roles = <$fh>);
|
chomp( @roles = <$fh> );
|
||||||
}
|
}
|
||||||
push @roles, "CREATOR = " . creator($repo);
|
push @roles, "CREATOR = " . creator($repo);
|
||||||
for (@roles) {
|
for (@roles) {
|
||||||
|
|
Loading…
Reference in a new issue