roundabout,
created on Thursday, 11 July 2024, 19:54:45 (1720727685),
received on Wednesday, 31 July 2024, 06:54:50 (1722408890)
Author identity: vlad <vlad.muntoiu@gmail.com>
fa6e25731212a920e66ff52ce52571d9d09aa859
app.py
@@ -985,7 +985,7 @@ def repository_forum_new(username, repository):
server_repo_location = os.path.join(config.REPOS_PATH, username, repository)
if not os.path.exists(server_repo_location):
flask.abort(404)
if not (get_visibility(username, repository) or get_permission_level(
if not ((flask.session.get("username") and get_visibility(username, repository)) or get_permission_level(
flask.session.get("username"), username,
repository) is not None):
flask.abort(403)
@@ -1090,7 +1090,7 @@ def repository_forum_reply(username, repository, post_id):
server_repo_location = os.path.join(config.REPOS_PATH, username, repository)
if not os.path.exists(server_repo_location):
flask.abort(404)
if not (get_visibility(username, repository) or get_permission_level(
if not ((flask.session.get("username") and get_visibility(username, repository)) or get_permission_level(
flask.session.get("username"), username,
repository) is not None):
flask.abort(403)