From 6069be20b5ebb786a1b890fa9c91350ffd355b0f Mon Sep 17 00:00:00 2001 From: James Moger Date: Wed, 18 Nov 2015 09:15:50 -0500 Subject: [PATCH] Require admin permissions to view the filestore page --- .../gitblit/wicket/pages/FilestorePage.java | 44 +++++++------------ .../com/gitblit/wicket/pages/RootPage.java | 16 ++++--- 2 files changed, 26 insertions(+), 34 deletions(-) diff --git a/src/main/java/com/gitblit/wicket/pages/FilestorePage.java b/src/main/java/com/gitblit/wicket/pages/FilestorePage.java index 5f103edd..97d5f25b 100644 --- a/src/main/java/com/gitblit/wicket/pages/FilestorePage.java +++ b/src/main/java/com/gitblit/wicket/pages/FilestorePage.java @@ -29,51 +29,41 @@ import org.apache.wicket.markup.repeater.data.DataView; import org.apache.wicket.markup.repeater.data.ListDataProvider; import com.gitblit.Constants; -import com.gitblit.Keys; import com.gitblit.models.FilestoreModel; import com.gitblit.models.UserModel; import com.gitblit.wicket.FilestoreUI; -import com.gitblit.wicket.GitBlitWebSession; +import com.gitblit.wicket.RequiresAdminRole; import com.gitblit.wicket.WicketUtils; /** * Page to display the current status of the filestore. - * Certain errors also displayed to aid in fault finding + * Certain errors also displayed to aid in fault finding * * @author Paul Martin - * - * */ +@RequiresAdminRole public class FilestorePage extends RootPage { public FilestorePage() { super(); setupPage("", ""); - // check to see if we should display a login message - boolean authenticateView = app().settings().getBoolean(Keys.web.authenticateViewPages, true); - if (authenticateView && !GitBlitWebSession.get().isLoggedIn()) { - String messageSource = app().settings().getString(Keys.web.loginMessage, "gitblit"); - return; - } - + final List files = app().filestore().getAllObjects(); final long nBytesUsed = app().filestore().getFilestoreUsedByteCount(); final long nBytesAvailable = app().filestore().getFilestoreAvailableByteCount(); - - // Load the markdown welcome message - String messageSource = app().settings().getString(Keys.web.repositoriesMessage, "gitblit"); - String message = MessageFormat.format(getString("gb.filestoreStats"), files.size(), - FileUtils.byteCountToDisplaySize(nBytesUsed), FileUtils.byteCountToDisplaySize(nBytesAvailable) ); + + String message = MessageFormat.format(getString("gb.filestoreStats"), files.size(), + FileUtils.byteCountToDisplaySize(nBytesUsed), FileUtils.byteCountToDisplaySize(nBytesAvailable) ); Component repositoriesMessage = new Label("repositoriesMessage", message) .setEscapeModelStrings(false).setVisible(message.length() > 0); - + add(repositoriesMessage); - + BookmarkablePageLink helpLink = new BookmarkablePageLink("filestoreHelp", FilestoreUsage.class); helpLink.add(new Label("helpMessage", getString("gb.filestoreHelp"))); add(helpLink); - + DataView filesView = new DataView("fileRow", new ListDataProvider(files)) { @@ -89,26 +79,26 @@ public class FilestorePage extends RootPage { @Override public void populateItem(final Item item) { final FilestoreModel entry = item.getModelObject(); - + DateFormat dateFormater = new SimpleDateFormat(Constants.ISO8601); - + UserModel user = app().users().getUserModel(entry.getChangedBy()); user = user == null ? UserModel.ANONYMOUS : user; - + Label icon = FilestoreUI.getStatusIcon("status", entry); item.add(icon); item.add(new Label("on", dateFormater.format(entry.getChangedOn()))); item.add(new Label("by", user.getDisplayName())); - + item.add(new Label("oid", entry.oid)); - item.add(new Label("size", FileUtils.byteCountToDisplaySize(entry.getSize()))); - + item.add(new Label("size", FileUtils.byteCountToDisplaySize(entry.getSize()))); + WicketUtils.setAlternatingBackground(item, counter); counter++; } }; - + add(filesView); } } diff --git a/src/main/java/com/gitblit/wicket/pages/RootPage.java b/src/main/java/com/gitblit/wicket/pages/RootPage.java index b48f7224..6ed5a357 100644 --- a/src/main/java/com/gitblit/wicket/pages/RootPage.java +++ b/src/main/java/com/gitblit/wicket/pages/RootPage.java @@ -185,6 +185,11 @@ public abstract class RootPage extends BasePage { // navigation links List navLinks = new ArrayList(); if (!authenticateView || (authenticateView && isLoggedIn)) { + UserModel user = UserModel.ANONYMOUS; + if (isLoggedIn) { + user = GitBlitWebSession.get().getUser(); + } + navLinks.add(new PageNavLink(isLoggedIn ? "gb.myDashboard" : "gb.dashboard", MyDashboardPage.class, getRootPageParameters())); if (isLoggedIn && app().tickets().isReady()) { @@ -192,7 +197,9 @@ public abstract class RootPage extends BasePage { } navLinks.add(new PageNavLink("gb.repositories", RepositoriesPage.class, getRootPageParameters())); - navLinks.add(new PageNavLink("gb.filestore", FilestorePage.class, getRootPageParameters())); + if (user.canAdmin()) { + navLinks.add(new PageNavLink("gb.filestore", FilestorePage.class, getRootPageParameters())); + } navLinks.add(new PageNavLink("gb.activity", ActivityPage.class, getRootPageParameters())); if (allowLucene) { navLinks.add(new PageNavLink("gb.search", LuceneSearchPage.class)); @@ -202,11 +209,6 @@ public abstract class RootPage extends BasePage { addDropDownMenus(navLinks); } - UserModel user = UserModel.ANONYMOUS; - if (isLoggedIn) { - user = GitBlitWebSession.get().getUser(); - } - // add nav link extensions List extensions = app().plugins().getExtensions(NavLinkExtension.class); for (NavLinkExtension ext : extensions) { @@ -568,7 +570,7 @@ public abstract class RootPage extends BasePage { char[] password = RootPage.this.password.getObject().toCharArray(); HttpServletRequest request = ((WebRequest)RequestCycle.get().getRequest()).getHttpServletRequest(); - + UserModel user = app().authentication().authenticate(username, password, request.getRemoteAddr()); if (user == null) { error(getString("gb.invalidUsernameOrPassword")); -- 2.39.5