--- a/ForgeGit/forgegit/git_main.py
+++ b/ForgeGit/forgegit/git_main.py
@@ -28,7 +28,7 @@
from pyforge.lib import helpers as h
from pyforge.lib.search import search
from pyforge.lib.decorators import audit, react
-from pyforge.lib.security import require, has_artifact_access
+from pyforge.lib.security import require, has_artifact_access, has_project_access
from pyforge.model import Project, ProjectRole, User, ArtifactReference, Feed
# Local imports
@@ -146,6 +146,9 @@
class RootController(object):
+ def _check_security(self):
+ require(has_artifact_access('read'))
+
@expose('forgegit.templates.index')
def index(self, offset=0, branch='master'):
offset=int(offset)
@@ -171,6 +174,7 @@
ThreadLocalORMSession.flush_all()
ThreadLocalORMSession.close_all()
to_project = Project.query.get(shortname=to_project_name)
+ require(has_project_access('tool', to_project))
with h.push_config(c, project=to_project):
if request.method!='POST' or to_name is None:
prefix_len = len(to_project_name+'/')