# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 1292687992 -3600
# Node ID 4bdd0bf1b1f4e5fa3f7829d8a33d2fcc8df8dd95
# Parent  fd2ea6ceadc86cf221f024bbefa61df2ba8dbab3
security bugfix: protected feeds, from unauthorized access, even without this, the feeds would crash and were unreadable, But proper way of securing it is with the secure decarators.

diff -r fd2ea6ceadc8 -r 4bdd0bf1b1f4 rhodecode/controllers/feed.py
--- a/rhodecode/controllers/feed.py	Sat Dec 18 16:55:28 2010 +0100
+++ b/rhodecode/controllers/feed.py	Sat Dec 18 16:59:52 2010 +0100
@@ -25,19 +25,23 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 
-
 import logging
 
 from pylons import url, response
+
+from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseController
 from rhodecode.model.scm import ScmModel
+
 from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed
 
 log = logging.getLogger(__name__)
 
 class FeedController(BaseController):
 
-    #secure it or not ?
+    @LoginRequired()
+    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
+                                   'repository.admin')
     def __before__(self):
         super(FeedController, self).__before__()
         #common values for feeds