From 3f8cd414769b513a5b0815e0da21f19fe4b1f2d8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 6 Jun 2012 16:26:46 -0400
Subject: [PATCH] Fixed anonymous clone for 'Authenticated Push' repository
 (issue 96)

---
 docs/04_releases.mkd                         |  1 +
 src/com/gitblit/AccessRestrictionFilter.java |  5 +++--
 src/com/gitblit/DownloadZipFilter.java       |  3 ++-
 src/com/gitblit/GitFilter.java               | 12 ++++++++++--
 src/com/gitblit/PagesFilter.java             |  3 ++-
 src/com/gitblit/SyndicationFilter.java       |  3 ++-
 6 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd
index d4e5620a..8a24acfc 100644
--- a/docs/04_releases.mkd
+++ b/docs/04_releases.mkd
@@ -6,6 +6,7 @@
 
 #### fixes
 
+- Fixed bug where a repository set as authenticated push did not have anonymous clone access (issue 96)
 - Fixed bug in Basic authentication if passwords had a colon (Github/peterloron)
 
 #### changes
diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java
index e9b6587b..aeb6835c 100644
--- a/src/com/gitblit/AccessRestrictionFilter.java
+++ b/src/com/gitblit/AccessRestrictionFilter.java
@@ -74,9 +74,10 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter {
 	 * Determine if the repository requires authentication.
 	 * 
 	 * @param repository
+	 * @param action
 	 * @return true if authentication required
 	 */
-	protected abstract boolean requiresAuthentication(RepositoryModel repository);
+	protected abstract boolean requiresAuthentication(RepositoryModel repository, String action);
 
 	/**
 	 * Determine if the user can access the repository and perform the specified
@@ -144,7 +145,7 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter {
 		}
 
 		// BASIC authentication challenge and response processing
-		if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model)) {
+		if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model, urlRequestType)) {
 			if (user == null) {
 				// challenge client to provide credentials. send 401.
 				if (GitBlit.isDebugMode()) {
diff --git a/src/com/gitblit/DownloadZipFilter.java b/src/com/gitblit/DownloadZipFilter.java
index d22649b5..e515b55e 100644
--- a/src/com/gitblit/DownloadZipFilter.java
+++ b/src/com/gitblit/DownloadZipFilter.java
@@ -72,10 +72,11 @@ public class DownloadZipFilter extends AccessRestrictionFilter {
 	 * Determine if the repository requires authentication.
 	 * 
 	 * @param repository
+	 * @param action
 	 * @return true if authentication required
 	 */
 	@Override
-	protected boolean requiresAuthentication(RepositoryModel repository) {
+	protected boolean requiresAuthentication(RepositoryModel repository, String action) {
 		return repository.accessRestriction.atLeast(AccessRestrictionType.VIEW);
 	}
 
diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java
index e76fd767..4ae5b6c2 100644
--- a/src/com/gitblit/GitFilter.java
+++ b/src/com/gitblit/GitFilter.java
@@ -105,11 +105,19 @@ public class GitFilter extends AccessRestrictionFilter {
 	 * Determine if the repository requires authentication.
 	 * 
 	 * @param repository
+	 * @param action
 	 * @return true if authentication required
 	 */
 	@Override
-	protected boolean requiresAuthentication(RepositoryModel repository) {
-		return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
+	protected boolean requiresAuthentication(RepositoryModel repository, String action) {
+		if (gitUploadPack.equals(action)) {
+			// send to client
+			return repository.accessRestriction.atLeast(AccessRestrictionType.CLONE);	
+		} else if (gitReceivePack.equals(action)) {
+			// receive from client
+			return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
+		}
+		return false;
 	}
 
 	/**
diff --git a/src/com/gitblit/PagesFilter.java b/src/com/gitblit/PagesFilter.java
index b29bede2..c092c64d 100644
--- a/src/com/gitblit/PagesFilter.java
+++ b/src/com/gitblit/PagesFilter.java
@@ -92,10 +92,11 @@ public class PagesFilter extends AccessRestrictionFilter {
 	 * Determine if the repository requires authentication.
 	 * 
 	 * @param repository
+	 * @param action
 	 * @return true if authentication required
 	 */
 	@Override
-	protected boolean requiresAuthentication(RepositoryModel repository) {
+	protected boolean requiresAuthentication(RepositoryModel repository, String action) {
 		return repository.accessRestriction.atLeast(AccessRestrictionType.VIEW);
 	}
 
diff --git a/src/com/gitblit/SyndicationFilter.java b/src/com/gitblit/SyndicationFilter.java
index 7e2561b9..08265666 100644
--- a/src/com/gitblit/SyndicationFilter.java
+++ b/src/com/gitblit/SyndicationFilter.java
@@ -70,10 +70,11 @@ public class SyndicationFilter extends AccessRestrictionFilter {
 	 * Determine if the repository requires authentication.
 	 * 
 	 * @param repository
+	 * @param action
 	 * @return true if authentication required
 	 */
 	@Override
-	protected boolean requiresAuthentication(RepositoryModel repository) {
+	protected boolean requiresAuthentication(RepositoryModel repository, String action) {
 		return repository.accessRestriction.atLeast(AccessRestrictionType.VIEW);
 	}
 
-- 
2.39.5