From 187ef7705a110b731b432d63ed0c1ebc787d2e7a Mon Sep 17 00:00:00 2001
From: hyung-hwan <hyunghwan.chung@gmail.com>
Date: Wed, 4 Feb 2015 08:02:12 +0000
Subject: [PATCH] added the login check and the project public access check in
 the graphing function

---
 codepot/src/codepot/controllers/code.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/codepot/src/codepot/controllers/code.php b/codepot/src/codepot/controllers/code.php
index a4d733a2..864ec36e 100644
--- a/codepot/src/codepot/controllers/code.php
+++ b/codepot/src/codepot/controllers/code.php
@@ -637,6 +637,22 @@ class Code extends Controller
 
 	function graph ($type = '', $projectid = '', $path = '')
 	{
+		$this->load->model ('ProjectModel', 'projects');
+
+		$login = $this->login->getUser ();
+		if (CODEPOT_SIGNIN_COMPULSORY && $login['id'] == '')
+		{
+			header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found'); 
+			return;
+		}
+
+		$project = $this->projects->get ($projectid);
+		if ($project === FALSE || ($project->public !== 'Y' && $login['id'] == ''))
+		{
+			header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found'); 
+			return;
+		}
+
 		$this->load->model ('SubversionModel', 'subversion');
 
 		$path = $this->converter->HexToAscii ($path);