3 files changed, 25 insertions, 22 deletions

diff --git a/gogs.go b/gogs.go
index 83d9b9c3..84cf2589 100644
--- a/gogs.go
+++ b/gogs.go
@@ -19,7 +19,7 @@ import (
 // Test that go1.2 tag above is included in builds. main.go refers to this definition.
 const go12tag = true
 
-const APP_VER = "0.3.0.0415 Alpha"
+const APP_VER = "0.3.0.0416 Alpha"
 
 func init() {
 	base.AppVer = APP_VER
diff --git a/routers/repo/http.go b/routers/repo/http.go
index 2f41b65d..b58d1948 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -1,3 +1,7 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
 package repo
 
 import (
@@ -54,7 +58,8 @@ func Http(ctx *middleware.Context, params martini.Params) {
 	}
 
 	// only public pull don't need auth
-	var askAuth = !(!repo.IsPrivate && isPull)
+	isPublicPull := !repo.IsPrivate && isPull
+	var askAuth = !isPublicPull || base.Service.RequireSignInView
 
 	var authUser *models.User
 
@@ -87,32 +92,33 @@ func Http(ctx *middleware.Context, params martini.Params) {
 		}
 
 		newUser := &models.User{Passwd: passwd, Salt: authUser.Salt}
-
 		newUser.EncodePasswd()
 		if authUser.Passwd != newUser.Passwd {
 			ctx.Handle(401, "no basic auth and digit auth", nil)
 			return
 		}
 
-		var tp = models.AU_WRITABLE
-		if isPull {
-			tp = models.AU_READABLE
-		}
+		if !isPublicPull {
+			var tp = models.AU_WRITABLE
+			if isPull {
+				tp = models.AU_READABLE
+			}
 
-		has, err := models.HasAccess(authUsername, username+"/"+reponame, tp)
-		if err != nil {
-			ctx.Handle(401, "no basic auth and digit auth", nil)
-			return
-		} else if !has {
-			if tp == models.AU_READABLE {
-				has, err = models.HasAccess(authUsername, username+"/"+reponame, models.AU_WRITABLE)
-				if err != nil || !has {
+			has, err := models.HasAccess(authUsername, username+"/"+reponame, tp)
+			if err != nil {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			} else if !has {
+				if tp == models.AU_READABLE {
+					has, err = models.HasAccess(authUsername, username+"/"+reponame, models.AU_WRITABLE)
+					if err != nil || !has {
+						ctx.Handle(401, "no basic auth and digit auth", nil)
+						return
+					}
+				} else {
 					ctx.Handle(401, "no basic auth and digit auth", nil)
 					return
 				}
-			} else {
-				ctx.Handle(401, "no basic auth and digit auth", nil)
-				return
 			}
 		}
 	}
diff --git a/web.go b/web.go
index 2cac7757..8dc232fd 100644
--- a/web.go
+++ b/web.go
@@ -60,10 +60,7 @@ func runWeb(*cli.Context) {
 
 	reqSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: true})
 	ignSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: base.Service.RequireSignInView})
-	ignSignInAndCsrf := middleware.Toggle(&middleware.ToggleOptions{
-		SignInRequire: base.Service.RequireSignInView,
-		DisableCsrf:   true,
-	})
+	ignSignInAndCsrf := middleware.Toggle(&middleware.ToggleOptions{DisableCsrf: true})
 
 	reqSignOut := middleware.Toggle(&middleware.ToggleOptions{SignOutRequire: true})