Ticket #7116: trac-browser-fine-grained-security-for-directories.2.patch
| File trac-browser-fine-grained-security-for-directories.2.patch, 2.5 KB (added by esizikov@…, 7 months ago) |
|---|
-
trac/versioncontrol/web_ui/browser.py
27 27 from trac.core import * 28 28 from trac.mimeview.api import Mimeview, is_binary, get_mimetype, \ 29 29 IHTMLPreviewAnnotator, Context 30 from trac.perm import IPermissionRequestor 30 from trac.perm import IPermissionRequestor, PermissionError 31 31 from trac.resource import ResourceNotFound, Resource 32 32 from trac.util import sorted, embedded_numbers 33 33 from trac.util.datefmt import http_date, utc … … 358 358 'properties': xhr or self.render_properties('browser', context, 359 359 node.get_properties()), 360 360 'path_links': path_links, 361 'dir': node.isdir and self._render_dir(req, repos, node, rev), 361 'dir': node.isdir and self._render_dir(req, context, repos, 362 node, rev), 362 363 'file': node.isfile and self._render_file(req, context, repos, 363 364 node, rev), 364 365 'quickjump_entries': xhr or list(repos.get_quickjump_entries(rev)), … … 394 395 395 396 # Internal methods 396 397 397 def _render_dir(self, req, repos, node, rev=None):398 req.perm .require('BROWSER_VIEW')398 def _render_dir(self, req, context, repos, node, rev=None): 399 req.perm(context.resource).require('BROWSER_VIEW') 399 400 400 401 # Entries metadata 401 402 class entry(object): … … 403 404 def __init__(self, node): 404 405 for f in entry.__slots__: 405 406 setattr(self, f, getattr(n, f)) 406 407 entries = [entry(n) for n in node.get_entries()] 407 408 def test_perm_for_entry(n): 409 resource = Context.from_request(req, 410 context.resource.realm, 411 n.path, 412 n.created_rev).resource 413 try: 414 req.perm(resource).require('BROWSER_VIEW') 415 except PermissionError: 416 return False 417 return True 418 419 entries = [entry(n) 420 for n in node.get_entries() 421 if test_perm_for_entry(n) 422 ] 408 423 changes = get_changes(repos, [i.rev for i in entries]) 409 424 410 425 if rev:
