u/ewong/rhodecode-enterprise-ce-fork Commit - r2379:76c34f08

pull-requests: security, check for permissions on exposure of repo-refs

ergo -

r2379:76c34f08 default

parent child

rhodecode/apps/repository/views/repo_pull_requests.py

0 +7 0

                     repo = Repository.get_by_repo_name(target_repo_name)
                     if not repo:
                         raise HTTPNotFound()
+                    target_perm = HasRepoPermissionAny(
+                        'repository.read', 'repository.write', 'repository.admin')(
+                        target_repo_name)
+                    if not target_perm:
+                        raise HTTPNotFound()
                     return PullRequestModel().generate_repo_data(
                         repo, translator=self.request.translate)

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages