From: James Moger Date: Thu, 27 Feb 2014 04:52:45 +0000 (-0500) Subject: Do not grant fork CLONE permissions to users/teams with implied regex X-Git-Tag: v1.4.0~102 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ba2f9aa95ee55f3672cd59474c65b959d0fe7fb5;p=gitblit.git Do not grant fork CLONE permissions to users/teams with implied regex CLONE permissions (issue-320) --- diff --git a/releases.moxie b/releases.moxie index e498f6ec..18a41f06 100644 --- a/releases.moxie +++ b/releases.moxie @@ -16,6 +16,7 @@ r20: { fixes: - Fixed incorrect tagger attribution in the dashboard (issue-276) - Fixed support for implied SSH urls in web.otherUrls (issue-311) + - Fixed injection of unnecessary explicit CLONE permissions for a fork when users or teams already had implied regex permissions (issue-320) - Bind LDAP connection after establishing TLS initialization (issue-343) - Fixed NPE when attempting to add a permission without a registrant (issue-344) - Invalidate all cached repository data on "clear cache" (issue-346) diff --git a/src/main/java/com/gitblit/manager/GitblitManager.java b/src/main/java/com/gitblit/manager/GitblitManager.java index 95d50ac1..9d096ddf 100644 --- a/src/main/java/com/gitblit/manager/GitblitManager.java +++ b/src/main/java/com/gitblit/manager/GitblitManager.java @@ -172,7 +172,8 @@ public class GitblitManager implements IGitblit { if (!ArrayUtils.isEmpty(repository.owners)) { for (String owner : repository.owners) { UserModel originOwner = userManager.getUserModel(owner); - if (originOwner != null) { + if (originOwner != null && !originOwner.canClone(cloneModel)) { + // origin owner can't yet clone fork, grant explicit clone access originOwner.setRepositoryPermission(cloneName, AccessPermission.CLONE); reviseUser(originOwner.username, originOwner); } @@ -185,8 +186,8 @@ public class GitblitManager implements IGitblit { for (String name : users) { if (!name.equalsIgnoreCase(user.username)) { UserModel cloneUser = userManager.getUserModel(name); - if (cloneUser.canClone(repository)) { - // origin user can clone origin, grant clone access to fork + if (cloneUser.canClone(repository) && !cloneUser.canClone(cloneModel)) { + // origin user can't yet clone fork, grant explicit clone access cloneUser.setRepositoryPermission(cloneName, AccessPermission.CLONE); } cloneUsers.add(cloneUser); @@ -199,8 +200,8 @@ public class GitblitManager implements IGitblit { List cloneTeams = new ArrayList(); for (String name : teams) { TeamModel cloneTeam = userManager.getTeamModel(name); - if (cloneTeam.canClone(repository)) { - // origin team can clone origin, grant clone access to fork + if (cloneTeam.canClone(repository) && !cloneTeam.canClone(cloneModel)) { + // origin team can't yet clone fork, grant explicit clone access cloneTeam.setRepositoryPermission(cloneName, AccessPermission.CLONE); } cloneTeams.add(cloneTeam);