From 0c8b287242e4fa45710a304570934201c8827e3e Mon Sep 17 00:00:00 2001 From: James Moger Date: Thu, 1 May 2014 13:55:09 -0400 Subject: [PATCH] Fix inconsistency with owner permissions check --- .../com/gitblit/models/RepositoryModel.java | 4 +- .../java/com/gitblit/models/UserModel.java | 6 +-- .../com/gitblit/tests/PermissionsTest.java | 42 ++++++++++++++++++- 3 files changed, 45 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/gitblit/models/RepositoryModel.java b/src/main/java/com/gitblit/models/RepositoryModel.java index f84e96b9..a81c622a 100644 --- a/src/main/java/com/gitblit/models/RepositoryModel.java +++ b/src/main/java/com/gitblit/models/RepositoryModel.java @@ -182,9 +182,9 @@ public class RepositoryModel implements Serializable, Comparable } return false; } - + /** * Returns true if the user is allowed to administer the specified repository - * + * * @param repo * @return true if the user can administer the repository */ public boolean canAdmin(RepositoryModel repo) { - return canAdmin() || isMyPersonalRepository(repo.name); + return canAdmin() || repo.isOwner(username) || isMyPersonalRepository(repo.name); } public boolean isAuthenticated() { diff --git a/src/test/java/com/gitblit/tests/PermissionsTest.java b/src/test/java/com/gitblit/tests/PermissionsTest.java index cffce51b..46695e95 100644 --- a/src/test/java/com/gitblit/tests/PermissionsTest.java +++ b/src/test/java/com/gitblit/tests/PermissionsTest.java @@ -2508,7 +2508,7 @@ public class PermissionsTest extends GitblitUnitTest { @Test public void testOwner() throws Exception { - RepositoryModel repository = new RepositoryModel("myrepo.git", null, null, new Date()); + RepositoryModel repository = new RepositoryModel("~jj/myrepo.git", null, null, new Date()); repository.authorizationControl = AuthorizationControl.NAMED; repository.accessRestriction = AccessRestrictionType.VIEW; @@ -2530,11 +2530,30 @@ public class PermissionsTest extends GitblitUnitTest { assertFalse("owner CAN NOT delete!", user.canDelete(repository)); assertTrue("owner CAN NOT edit!", user.canEdit(repository)); + + // test personal repo owner + UserModel jj = new UserModel("jj"); + assertFalse("jj SHOULD NOT HAVE a repository permission!", jj.hasRepositoryPermission(repository.name)); + assertTrue("jj CAN NOT view!", jj.canView(repository)); + assertTrue("jj CAN NOT clone!", jj.canClone(repository)); + assertTrue("jj CAN NOT push!", jj.canPush(repository)); + + assertTrue("jj CAN NOT create ref!", jj.canCreateRef(repository)); + assertTrue("jj CAN NOT delete ref!", jj.canDeleteRef(repository)); + assertTrue("jj CAN NOT rewind ref!", jj.canRewindRef(repository)); + + assertEquals("jj has wrong permission!", AccessPermission.REWIND, jj.getRepositoryPermission(repository).permission); + + assertFalse("jj CAN fork!", jj.canFork(repository)); + + assertTrue("jj CAN NOT delete!", jj.canDelete(repository)); + assertTrue("jj CAN NOT edit!", jj.canEdit(repository)); + assertTrue(repository.isOwner(jj.username)); } @Test public void testMultipleOwners() throws Exception { - RepositoryModel repository = new RepositoryModel("myrepo.git", null, null, new Date()); + RepositoryModel repository = new RepositoryModel("~jj/myrepo.git", null, null, new Date()); repository.authorizationControl = AuthorizationControl.NAMED; repository.accessRestriction = AccessRestrictionType.VIEW; @@ -2579,6 +2598,25 @@ public class PermissionsTest extends GitblitUnitTest { assertTrue(repository.isOwner(user.username)); assertTrue(repository.isOwner(user2.username)); + + // test personal repo owner + UserModel jj = new UserModel("jj"); + assertFalse("jj SHOULD NOT HAVE a repository permission!", jj.hasRepositoryPermission(repository.name)); + assertTrue("jj CAN NOT view!", jj.canView(repository)); + assertTrue("jj CAN NOT clone!", jj.canClone(repository)); + assertTrue("jj CAN NOT push!", jj.canPush(repository)); + + assertTrue("jj CAN NOT create ref!", jj.canCreateRef(repository)); + assertTrue("jj CAN NOT delete ref!", jj.canDeleteRef(repository)); + assertTrue("jj CAN NOT rewind ref!", jj.canRewindRef(repository)); + + assertEquals("jj has wrong permission!", AccessPermission.REWIND, jj.getRepositoryPermission(repository).permission); + + assertFalse("jj CAN fork!", jj.canFork(repository)); + + assertTrue("jj CAN NOT delete!", jj.canDelete(repository)); + assertTrue("jj CAN NOT edit!", jj.canEdit(repository)); + assertTrue(repository.isOwner(jj.username)); } @Test -- 2.39.5