Project

General

Profile

Actions

Defect #5070

open

Redmine.pm does not allow Administrators to access svn repositories

Added by Bryce Nordgren about 14 years ago. Updated about 12 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
SCM extra
Target version:
-
Start date:
2010-03-13
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

The following SQL code does not detect that a user is an Administrator and denies access:

  my $query = "SELECT 
                 hashed_password, auth_source_id, permissions
              FROM members, projects, users, roles, member_roles
              WHERE 
                projects.id=members.project_id
                AND member_roles.member_id=members.id
                AND users.id=members.user_id 
                AND roles.id=member_roles.role_id
                AND users.status=1 
                AND login=? 
                AND identifier=? ";

Adding myself as a member of the project within redmine permitted access.

Note there is a related issue: #3712, where someone has uploaded an "improved version" of Redmine.pm, having significantly enhanced features. I will try this version next, to see if it allows Redmine administrators to have access to the Redmine-managed subversion repositories. Perhaps it would be worth accepting the improved version into the main distribution as an easy fix for this issue (if it works)?


Related issues

Related to Redmine - Patch #3712: enhanced mod_perl module for apacheNew2009-08-05

Actions
Actions #1

Updated by Bryce Nordgren about 14 years ago

The alternate version of Redmine.pm in #3712 does not allow admins to browse/commit to repositories. However, it still has some very nice features which would be good to have merged into the main release. ;)

Actions #2

Updated by Roman Savrulin about 14 years ago

I have the same issue, but even adding myself as a member of a project does not permit access

Actions #3

Updated by Toshi MARUYAMA about 13 years ago

  • Category changed from SCM to SCM extra
Actions #4

Updated by Karel Pičman about 12 years ago

+1

Actions

Also available in: Atom PDF