Project

General

Profile

Actions

Defect #5070

open

Redmine.pm does not allow Administrators to access svn repositories

Added by Bryce Nordgren over 14 years ago. Updated over 12 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
SCM extra
Target version:
-
Start date:
2010-03-13
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

The following SQL code does not detect that a user is an Administrator and denies access:

  my $query = "SELECT 
                 hashed_password, auth_source_id, permissions
              FROM members, projects, users, roles, member_roles
              WHERE 
                projects.id=members.project_id
                AND member_roles.member_id=members.id
                AND users.id=members.user_id 
                AND roles.id=member_roles.role_id
                AND users.status=1 
                AND login=? 
                AND identifier=? ";

Adding myself as a member of the project within redmine permitted access.

Note there is a related issue: #3712, where someone has uploaded an "improved version" of Redmine.pm, having significantly enhanced features. I will try this version next, to see if it allows Redmine administrators to have access to the Redmine-managed subversion repositories. Perhaps it would be worth accepting the improved version into the main distribution as an easy fix for this issue (if it works)?


Related issues

Related to Redmine - Patch #3712: enhanced mod_perl module for apacheNew2009-08-05

Actions
Actions

Also available in: Atom PDF