Changeset - 4bdd0bf1b1f4
Parent rev.
Child rev.
[Not reviewed]
beta
0 1 0
Marcin Kuzminski - 15 years ago 2010-12-18 16:59:52
marcin@python-works.com
security bugfix: protected feeds, from unauthorized access, even without this, the feeds would crash and were unreadable, But proper way of securing it is with the secure decarators.
1 file changed with 6 insertions and 2 deletions:
rhodecode/controllers/feed.py
6
2
0 comments (0 inline, 0 general)
rhodecode/controllers/feed.py
Show inline comments
 
@@ -16,37 +16,41 @@
 
# of the License or (at your opinion) any later version of the license.
 
#
 
# This program is distributed in the hope that it will be useful,
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
# GNU General Public License for more details.
 
#
 
# You should have received a copy of the GNU General Public License
 
# along with this program; if not, write to the Free Software
 
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 
# MA  02110-1301, USA.
 

			




	
	
	
		
 

			




	
	
	
		
 
import logging

			




	
	
	
		
 

			




	
	
	
		
 
from pylons import url, response

			




	
	
	
		
 

			




	
	
	
		
 
from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator

			




	
	
	
		
 
from rhodecode.lib.base import BaseController

			




	
	
	
		
 
from rhodecode.model.scm import ScmModel

			




	
	
	
		
 

			




	
	
	
		
 
from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 
class FeedController(BaseController):

			




	
	
	
		
 

			




	
	
	
		
 
    #secure it or not ?

			




	
	
	
		
 
    @LoginRequired()

			




	
	
	
		
 
    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

			




	
	
	
		
 
                                   'repository.admin')

			




	
	
	
		
 
    def __before__(self):

			




	
	
	
		
 
        super(FeedController, self).__before__()

			




	
	
	
		
 
        #common values for feeds

			




	
	
	
		
 
        self.description = 'Changes on %s repository'

			




	
	
	
		
 
        self.title = "%s feed"

			




	
	
	
		
 
        self.language = 'en-us'

			




	
	
	
		
 
        self.ttl = "5"

			




	
	
	
		
 
        self.feed_nr = 10

			




	
	
	
		
 

			




	
	
	
		
 
    def atom(self, repo_name):

			




	
	
	
		
 
        """Produce an atom-1.0 feed via feedgenerator module"""

			




	
	
	
		
 
        feed = Atom1Feed(title=self.title % repo_name,

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.