diff -r 7574c8173d5e -r c638a13093cf mercurial/hgweb/hgweb_mod.py
--- a/mercurial/hgweb/hgweb_mod.py	Tue Mar 06 15:02:53 2018 -0800
+++ b/mercurial/hgweb/hgweb_mod.py	Tue Mar 06 15:08:33 2018 -0800
@@ -357,22 +357,15 @@
         protohandler = wireprotoserver.parsehttprequest(rctx.repo, req, query)
 
         if protohandler:
-            cmd = protohandler['cmd']
             try:
                 if query:
                     raise ErrorResponse(HTTP_NOT_FOUND)
 
                 # TODO fold this into parsehttprequest
-                req.checkperm = lambda op: self.check_perm(rctx, req, op)
-                protohandler['proto'].checkperm = req.checkperm
+                checkperm = lambda op: self.check_perm(rctx, req, op)
+                protohandler['proto'].checkperm = checkperm
 
-                # Assume commands with no defined permissions are writes /
-                # for pushes. This is the safest from a security perspective
-                # because it doesn't allow commands with undefined semantics
-                # from bypassing permissions checks.
-                req.checkperm(perms.get(cmd, 'push'))
-
-                return protohandler['dispatch']()
+                return protohandler['dispatch'](checkperm)
             except ErrorResponse as inst:
                 return protohandler['handleerror'](inst)