--- Redmine.pm.1        2010-04-26 16:38:37.724954903 +0400
+++ Redmine.pm  2010-04-26 23:05:53.907165730 +0400
@@ -203,14 +203,11 @@
   }
 
   my $method = $r->method;
-  return OK unless defined $read_only_methods{$method};
-
   my $project_id = get_project_identifier($r);
-
-  $r->set_handlers(PerlAuthenHandler => [\&OK])
-      if is_public_project($project_id, $r);
-
-  return OK
+  if (is_public_project($project_id, $r) && defined $read_only_methods{$method}) {
+    $r->set_handlers(PerlAuthenHandler => [\&OK]);
+  }
+  return OK;
 }
 
 sub authen_handler {
@@ -288,9 +285,8 @@
 
   my $ret;
   while (my ($hashed_password, $auth_source_id, $permissions) = $sth->fetchrow_array) {
-
+      my $method = $r->method;
       unless ($auth_source_id) {
-         my $method = $r->method;
           if ($hashed_password eq $pass_digest && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
               $ret = 1;
               last;
@@ -309,7 +305,7 @@
                 bindpw  =>      $rowldap[4] ? $rowldap[4] : "",
                 filter  =>      "(".$rowldap[6]."=%s)"
             );
-            $ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass));
+            $ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass) && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) );
           }
           $sthldap->finish();
           undef $sthldap;