kallithea Changeset - 4bdd0bf1b1f4

Changeset - 4bdd0bf1b1f4

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 15 years ago 2010-12-18 16:59:52
marcin@python-works.com

security bugfix: protected feeds, from unauthorized access, even without this, the feeds would crash and were unreadable, But proper way of securing it is with the secure decarators.

1 file changed with 6 insertions and 2 deletions:

rhodecode/controllers/feed.py

0 comments (0 inline, 0 general)

rhodecode/controllers/feed.py

➞

Show inline comments

@@ @@ -25,19 +25,23 @@ @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import logging
 from pylons import url, response
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseController
 from rhodecode.model.scm import ScmModel
 from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed
 log = logging.getLogger(__name__)
 class FeedController(BaseController):
     #secure it or not ?
     @LoginRequired()
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     def __before__(self):
         super(FeedController, self).__before__()
         #common values for feeds

0 comments (0 inline, 0 general)