Mercurial > kallithea

diff rhodecode/controllers/feed.py @ 862:4bdd0bf1b1f4 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
security bugfix: protected feeds, from unauthorized access, even without this, the feeds would crash and were unreadable, But proper way of securing it is with the secure decarators.
author Marcin Kuzminski <marcin@python-works.com>
date Sat, 18 Dec 2010 16:59:52 +0100
parents fd2ea6ceadc8
children 07a6e8c65526 a3b2b4b4e440
line wrap: on
line diff
--- a/rhodecode/controllers/feed.py	Sat Dec 18 16:55:28 2010 +0100
+++ b/rhodecode/controllers/feed.py	Sat Dec 18 16:59:52 2010 +0100
@@ -25,19 +25,23 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 
-
 import logging
 
 from pylons import url, response
+
+from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseController
 from rhodecode.model.scm import ScmModel
+
 from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed
 
 log = logging.getLogger(__name__)
 
 class FeedController(BaseController):
 
-    #secure it or not ?
+    @LoginRequired()
+    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
+                                   'repository.admin')
     def __before__(self):
         super(FeedController, self).__before__()
         #common values for feeds