From 2bfb8ab137ac18b60cad0c375c7b9bef67499b94 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 23 Oct 2012 17:35:42 -0400
Subject: [PATCH] Enforce strict order for permission determination

---
 src/com/gitblit/SyndicationFilter.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/com/gitblit/SyndicationFilter.java b/src/com/gitblit/SyndicationFilter.java
index 0dff1c8..61bf225 100644
--- a/src/com/gitblit/SyndicationFilter.java
+++ b/src/com/gitblit/SyndicationFilter.java
@@ -113,7 +113,7 @@
 					return;
 				} else {
 					// check user access for request
-					if (user.canAdmin || user.canAccessRepository(model)) {
+					if (user.canView(model)) {
 						// authenticated request permitted.
 						// pass processing to the restricted servlet.
 						newSession(authenticatedRequest, httpResponse);

--
Gitblit v1.9.1