Defect #5070
Redmine.pm does not allow Administrators to access svn repositories
| Status: | New | Start date: | 2010-03-13 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | SCM extra | |||
| Target version: | - | |||
| Resolution: | Affected version: | 0.9.3 |
Description
The following SQL code does not detect that a user is an Administrator and denies access:
my $query = "SELECT
hashed_password, auth_source_id, permissions
FROM members, projects, users, roles, member_roles
WHERE
projects.id=members.project_id
AND member_roles.member_id=members.id
AND users.id=members.user_id
AND roles.id=member_roles.role_id
AND users.status=1
AND login=?
AND identifier=? ";
Adding myself as a member of the project within redmine permitted access.
Note there is a related issue: #3712, where someone has uploaded an "improved version" of Redmine.pm, having significantly enhanced features. I will try this version next, to see if it allows Redmine administrators to have access to the Redmine-managed subversion repositories. Perhaps it would be worth accepting the improved version into the main distribution as an easy fix for this issue (if it works)?
Related issues
History
#1
Updated by Bryce Nordgren almost 13 years ago
The alternate version of Redmine.pm in #3712 does not allow admins to browse/commit to repositories. However, it still has some very nice features which would be good to have merged into the main release. ;)
#2
Updated by Roman Savrulin almost 13 years ago
I have the same issue, but even adding myself as a member of a project does not permit access
#3
Updated by Toshi MARUYAMA almost 12 years ago
- Category changed from SCM to SCM extra
#4
Updated by Karel Pičman over 10 years ago
+1