0001-Planio-Add-a-read-only-API-for-repositories.patch - Redmine

       before_action :find_project_by_project_id, :only => [:new, :create]
       before_action :find_repository, :only => [:edit, :update, :destroy, :committers]
       before_action :find_project_repository, :except => [:new, :create, :edit, :update, :destroy, :committers]
       before_action :find_project_repository, :except => [:new, :create, :edit, :update, :destroy, :committers, :index]
       before_action :find_changeset, :only => [:revision, :add_related_issue, :remove_related_issue]
       before_action :authorize
       before_action :authorize, :except => [:index]
       before_action :authorize_global, :only => [:index]
       accept_rss_auth :revisions
       accept_api_auth :index
       rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
       def index
         klass = Repository.repository_class(params[:scm]) || Repository
         scope = klass.visible
         @offset, @limit = api_offset_and_limit
         respond_to do |format|
           format.html { render_404 }
           format.api do
             @repository_count = scope.count
             @repositories = scope.offset(@offset).limit(@limit).order("#{Project.table_name}.identifier", "#{Repository.table_name}.identifier")
           end
         end
       end
       def new
         scm = params[:repository_scm] || (Redmine::Scm::Base.all & Setting.enabled_scm).first
         @repository = Repository.factory(scm)

       validate :validate_repository_path
       attr_protected :id
       scope :visible, lambda {|*args|
         joins(:project).where(Project.allowed_to_condition(args.shift || User.current, :browse_repository, *args))
+      }
       safe_attributes 'identifier',
         'login',
         'password',

     api.array :repositories, api_meta(:total_count => @repository_count, :offset => @offset, :limit => @limit) do
       @repositories.each do |repository|
         api.repository do
           api.id         repository.id
           api.project    id: repository.project_id,
                          name: repository.project.name
           api.name       repository.name
           api.identifier repository.identifier
           api.is_default repository.is_default
           api.scm        repository.scm_name
           Redmine::Hook.call_hook :api_repositories_index, { repository: repository, api: api }
           api.array :branches do
             Array(repository.branches).each do |branch|
               api.branch name: branch
             end
           end if include_in_api_response?('branches')
           api.created_on repository.created_on
         end
       end
     end

         get 'wiki/:id/:version/diff', :to => 'wiki#diff'
       end
       resources :repositories, :only => [:index]
       resources :issues do
         member do
           # Used when updating the form of an existing issue

       map.project_module :repository do |map|
         map.permission :view_changesets, {:repositories => [:show, :revisions, :revision]}, :read => true
         map.permission :browse_repository, {:repositories => [:show, :browse, :entry, :raw, :annotate, :changes, :diff, :stats, :graph]}, :read => true
         map.permission :browse_repository, {:repositories => [:show, :browse, :entry, :raw, :annotate, :changes, :diff, :stats, :graph, :index]}, :read => true
         map.permission :commit_access, {}
         map.permission :manage_related_issues, {:repositories => [:add_related_issue, :remove_related_issue]}
         map.permission :manage_repository, {:repositories => [:new, :create, :edit, :update, :committers, :destroy]}, :require => :member

Redmine