##// END OF EJS Templates
pull-requests: security, check for permissions on exposure of repo-refs
ergo -
r2251:4ded942f stable
parent child Browse files
Show More
@@ -679,6 +679,13 b' class RepoPullRequestsView(RepoAppView, '
679 679 repo = Repository.get_by_repo_name(target_repo_name)
680 680 if not repo:
681 681 raise HTTPNotFound()
682
683 target_perm = HasRepoPermissionAny(
684 'repository.read', 'repository.write', 'repository.admin')(
685 target_repo_name)
686 if not target_perm:
687 raise HTTPNotFound()
688
682 689 return PullRequestModel().generate_repo_data(
683 690 repo, translator=self.request.translate)
684 691
General Comments 0
You need to be logged in to leave comments. Login now