Show More
| @@ -320,9 +320,15 b' class PathFilter(object):' | |||
|
|
320 | 320 | self.permission_checker = permission_checker |
|
|
321 | 321 | |
|
|
322 | 322 | def assert_path_permissions(self, path): |
|
|
323 | if path and self.permission_checker and not self.permission_checker.has_access(path): | |
|
|
324 | raise HTTPForbidden() | |
|
|
325 | return path | |
|
|
323 | if self.path_access_allowed(path): | |
|
|
324 | return path | |
|
|
325 | raise HTTPForbidden() | |
|
|
326 | ||
|
|
327 | def path_access_allowed(self, path): | |
|
|
328 | log.debug('Checking ACL permissions for PathFilter for `%s`', path) | |
|
|
329 | if self.permission_checker: | |
|
|
330 | return path and self.permission_checker.has_access(path) | |
|
|
331 | return True | |
|
|
326 | 332 | |
|
|
327 | 333 | def filter_patchset(self, patchset): |
|
|
328 | 334 | if not self.permission_checker or not patchset: |
| @@ -904,9 +904,11 b' class RepoFilesView(RepoAppView):' | |||
|
|
904 | 904 | raise HTTPFound(h.route_path( |
|
|
905 | 905 | 'repo_files', repo_name=self.db_repo_name, |
|
|
906 | 906 | commit_id='tip', f_path='/')) |
|
|
907 | ||
|
|
907 | 908 | return _d + _f |
|
|
908 | 909 | |
|
|
909 |
re |
|
|
|
910 | result = compute_file_search(self.db_repo.repo_id, commit_id, f_path) | |
|
|
911 | return filter(lambda n: self.path_filter.path_access_allowed(n['name']), result) | |
|
|
910 | 912 | |
|
|
911 | 913 | @LoginRequired() |
|
|
912 | 914 | @HasRepoPermissionAnyDecorator( |
General Comments 0
You need to be logged in to leave comments.
Login now