- Added branch graph image servlet based on EGit's branch graph renderer (issue-194)
- Added option to render Markdown commit messages (issue-203)
- Added setting to control creating a repository as --shared on Unix servers (issue-263)
+ - Added setting to globally disable anonymous pushes in the receive pack
dependencyChanges: ~
settings:
- { name: 'git.createRepositoriesShared', defaultValue: 'false' }
+ - { name: 'git.allowAnonymousPushes', defaultValue: 'true' }
- { name: 'web.commitMessageRenderer', defaultValue: 'plain' }
- { name: 'web.showBranchGraph', defaultValue: 'true' }
contributors:
# SINCE 1.2.0\r
git.allowCreateOnPush = true\r
\r
+# Global setting to control anonymous pushes.\r
+#\r
+# This setting allows/rejects anonymous pushes at the level of the receive pack.\r
+# This trumps all repository config settings. While anonymous pushes are convenient\r
+# on your own box when you are a lone developer, they are not recommended for\r
+# any multi-user installation where accountability is required. Since Gitblit\r
+# tracks pushes and user accounts, allowing anonymous pushes compromises that\r
+# information.\r
+#\r
+# SINCE 1.4.0\r
+git.allowAnonymousPushes = true\r
+\r
# The default access restriction for new repositories.\r
# Valid values are NONE, PUSH, CLONE, VIEW\r
# NONE = anonymous view, clone, & push\r
import java.lang.annotation.Retention;\r
import java.lang.annotation.RetentionPolicy;\r
import java.net.URL;\r
+import java.util.Arrays;\r
+import java.util.List;\r
import java.util.jar.Attributes;\r
import java.util.jar.Manifest;\r
\r
*/\r
public static enum AccessRestrictionType {\r
NONE, PUSH, CLONE, VIEW;\r
+ \r
+ private static final AccessRestrictionType [] AUTH_TYPES = { PUSH, CLONE, VIEW };\r
\r
public static AccessRestrictionType fromName(String name) {\r
for (AccessRestrictionType type : values()) {\r
}\r
return NONE;\r
}\r
+ \r
+ public static List<AccessRestrictionType> choices(boolean allowAnonymousPush) {\r
+ if (allowAnonymousPush) {\r
+ return Arrays.asList(values());\r
+ }\r
+ return Arrays.asList(AUTH_TYPES);\r
+ }\r
\r
public boolean exceeds(AccessRestrictionType type) {\r
return this.ordinal() > type.ordinal();\r
import org.slf4j.LoggerFactory;
import com.gitblit.GitBlit;
+import com.gitblit.Keys;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.UserModel;
import com.gitblit.utils.HttpUtils;
timeout = client.getDaemon().getTimeout();
}
- // TODO make this a setting
- boolean allowAnonymousPushes = true;
+ boolean allowAnonymousPushes = GitBlit.getBoolean(Keys.git.allowAnonymousPushes, true);
if (!allowAnonymousPushes && UserModel.ANONYMOUS.equals(user)) {
// prohibit anonymous pushes
throw new ServiceNotEnabledException();
form.add(new TextField<String>("description"));\r
form.add(ownersPalette);\r
form.add(new CheckBox("allowForks").setEnabled(GitBlit.getBoolean(Keys.web.allowForking, true)));\r
- DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays\r
- .asList(AccessRestrictionType.values()), new AccessRestrictionRenderer());\r
+ DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction",\r
+ AccessRestrictionType.choices(GitBlit.getBoolean(Keys.git.allowAnonymousPushes, true)), new AccessRestrictionRenderer());\r
form.add(accessRestriction);\r
form.add(new CheckBox("isFrozen"));\r
// TODO enable origin definition\r
projects / gitblit.git / commitdiff