Show More
| @@ -320,9 +320,15 b' class PathFilter(object):' | |||||
| 320 | self.permission_checker = permission_checker |
|
320 | self.permission_checker = permission_checker | |
| 321 |
|
321 | |||
| 322 | def assert_path_permissions(self, path): |
|
322 | def assert_path_permissions(self, path): | |
| 323 | if path and self.permission_checker and not self.permission_checker.has_access(path): |
|
323 | if self.path_access_allowed(path): | |
| 324 | raise HTTPForbidden() |
|
324 | return path | |
| 325 | return path |
|
325 | raise HTTPForbidden() | |
|
|
326 | ||||
|
|
327 | def path_access_allowed(self, path): | |||
|
|
328 | log.debug('Checking ACL permissions for PathFilter for `%s`', path) | |||
|
|
329 | if self.permission_checker: | |||
|
|
330 | return path and self.permission_checker.has_access(path) | |||
|
|
331 | return True | |||
| 326 |
|
332 | |||
| 327 | def filter_patchset(self, patchset): |
|
333 | def filter_patchset(self, patchset): | |
| 328 | if not self.permission_checker or not patchset: |
|
334 | if not self.permission_checker or not patchset: | |
| @@ -904,9 +904,11 b' class RepoFilesView(RepoAppView):' | |||||
| 904 | raise HTTPFound(h.route_path( |
|
904 | raise HTTPFound(h.route_path( | |
| 905 | 'repo_files', repo_name=self.db_repo_name, |
|
905 | 'repo_files', repo_name=self.db_repo_name, | |
| 906 | commit_id='tip', f_path='/')) |
|
906 | commit_id='tip', f_path='/')) | |
|
|
907 | ||||
| 907 | return _d + _f |
|
908 | return _d + _f | |
| 908 |
|
909 | |||
| 909 |
re |
|
910 | result = compute_file_search(self.db_repo.repo_id, commit_id, f_path) | |
|
|
911 | return filter(lambda n: self.path_filter.path_access_allowed(n['name']), result) | |||
| 910 |
|
912 | |||
| 911 | @LoginRequired() |
|
913 | @LoginRequired() | |
| 912 | @HasRepoPermissionAnyDecorator( |
|
914 | @HasRepoPermissionAnyDecorator( | |
General Comments 0
You need to be logged in to leave comments.
Login now