Mercurial > kallithea
changeset 862:4bdd0bf1b1f4 beta
security bugfix: protected feeds, from unauthorized access, even without this, the feeds would crash and were unreadable, But proper way of securing it is with the secure decarators.
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Sat, 18 Dec 2010 16:59:52 +0100 |
parents | fd2ea6ceadc8 |
children | 4c123ade8485 cef384882e81 |
files | rhodecode/controllers/feed.py |
diffstat | 1 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/controllers/feed.py Sat Dec 18 16:55:28 2010 +0100 +++ b/rhodecode/controllers/feed.py Sat Dec 18 16:59:52 2010 +0100 @@ -25,19 +25,23 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. - import logging from pylons import url, response + +from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator from rhodecode.lib.base import BaseController from rhodecode.model.scm import ScmModel + from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed log = logging.getLogger(__name__) class FeedController(BaseController): - #secure it or not ? + @LoginRequired() + @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', + 'repository.admin') def __before__(self): super(FeedController, self).__before__() #common values for feeds