Do not execute server hooks without write permission

Review Request #2400 — Created March 30, 2023 and submitted

Information

grim/hgkeeper
default

Reviewers

If an authenticated user pushed to a repository with server
hooks it was possible to execute those hooks even the user
has no write permission.

So let's re-order the hooks to execute the deny hook first.

 
Summary ID Author
Do not execute server hooks without write permission
If an authenticated user pushed to a repository with server hooks it was possible to execute those hooks even the user has no write permission. So let's re-order the hooks to execute the deny hook first.
6684106265360a04c231f719fff08abb3e972933 Andre Klitzing
grim
  1. Ship It!
  2. Nice find! Thanks!!

  3. 
      
grim
Review request changed
Status:
Completed
grim
  1. 
      
  2. Everything has been updated. I'll get a release cut this weekend.

  3.