Mercurial > kallithea
diff rhodecode/controllers/forks.py @ 2176:162bf5c978f8 beta
fixed missing permissions check on forks page
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Thu, 29 Mar 2012 21:21:29 +0200 |
parents | 89efedac4e6c |
children | 133209bf300c |
line wrap: on
line diff
--- a/rhodecode/controllers/forks.py Thu Mar 29 16:22:26 2012 +0200 +++ b/rhodecode/controllers/forks.py Thu Mar 29 21:21:29 2012 +0200 @@ -35,7 +35,7 @@ from rhodecode.lib.helpers import Page from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \ - NotAnonymous + NotAnonymous, HasRepoPermissionAny from rhodecode.lib.base import BaseRepoController, render from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User from rhodecode.model.repo import RepoModel @@ -103,7 +103,13 @@ def forks(self, repo_name): p = int(request.params.get('page', 1)) repo_id = c.rhodecode_db_repo.repo_id - d = Repository.get_repo_forks(repo_id) + d = [] + for r in Repository.get_repo_forks(repo_id): + if not HasRepoPermissionAny( + 'repository.read', 'repository.write', 'repository.admin' + )(r.repo_name, 'get forks check'): + continue + d.append(r) c.forks_pager = Page(d, page=p, items_per_page=20) c.forks_data = render('/forks/forks_data.html')