You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by je...@apache.org on 2014/10/06 12:42:51 UTC

[2/4] git commit: [#7722] Limited /rest/u/USER to enabled users

[#7722] Limited /rest/u/USER to enabled users


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/6b978734
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/6b978734
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/6b978734

Branch: refs/heads/master
Commit: 6b9787348db58d7b759d1570705c3e6104136b70
Parents: 30f4731
Author: Alexander Luberg <al...@slashdotmedia.com>
Authored: Fri Oct 3 15:05:22 2014 -0700
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Mon Oct 6 09:27:00 2014 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/rest.py | 7 +++++++
 1 file changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/6b978734/Allura/allura/controllers/rest.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/rest.py b/Allura/allura/controllers/rest.py
index 3625032..1001343 100644
--- a/Allura/allura/controllers/rest.py
+++ b/Allura/allura/controllers/rest.py
@@ -261,6 +261,13 @@ class NeighborhoodRestController(object):
             shortname=name, neighborhood_id=self._neighborhood._id, deleted=False)
         if not project:
             raise exc.HTTPNotFound, name
+
+        if project and name and name.startswith('u/'):
+            # make sure user-projects are associated with an enabled user
+            user = project.user_project_of
+            if not user or user.disabled:
+                raise exc.HTTPNotFound
+
         c.project = project
         return ProjectRestController(), remainder