Defect #5070
Redmine.pm does not allow Administrators to access svn repositories
Status: | New | Start date: | 2010-03-13 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | SCM extra | |||
Target version: | - | |||
Resolution: | Affected version: | 0.9.3 |
Description
The following SQL code does not detect that a user is an Administrator and denies access:
my $query = "SELECT hashed_password, auth_source_id, permissions FROM members, projects, users, roles, member_roles WHERE projects.id=members.project_id AND member_roles.member_id=members.id AND users.id=members.user_id AND roles.id=member_roles.role_id AND users.status=1 AND login=? AND identifier=? ";
Adding myself as a member of the project within redmine permitted access.
Note there is a related issue: #3712, where someone has uploaded an "improved version" of Redmine.pm, having significantly enhanced features. I will try this version next, to see if it allows Redmine administrators to have access to the Redmine-managed subversion repositories. Perhaps it would be worth accepting the improved version into the main distribution as an easy fix for this issue (if it works)?
Related issues
History
#1
Updated by Bryce Nordgren almost 13 years ago
The alternate version of Redmine.pm
in #3712 does not allow admins to browse/commit to repositories. However, it still has some very nice features which would be good to have merged into the main release. ;)
#2
Updated by Roman Savrulin almost 13 years ago
I have the same issue, but even adding myself as a member of a project does not permit access
#3
Updated by Toshi MARUYAMA almost 12 years ago
- Category changed from SCM to SCM extra
#4
Updated by Karel Pičman over 10 years ago
+1