Implemented optional create-on-push

If this feature is enabled then permitted users can automatically create a
repository when pushing to one that does not yet exist.  Permitted users
are administrators and any user with the CREATE role.

If the pushing account is an administrator, the created repository may be
located in any folder/project space.  This reposiory will inherit the server's
default access restriction and authorization control.  The repository owner
will be the pushing account.

If the pushing account is a regular user with the CREATE role, the repository
can only be located in the account's personal folder (~username/myrepo.git).
This repository will be VIEW restricted and accessible by NAMED users.  The
repository owner will be the pushing account.

1 files changed, 43 insertions, 6 deletions

diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java
index 3a104813..78d33d21 100644
--- a/src/com/gitblit/AccessRestrictionFilter.java
+++ b/src/com/gitblit/AccessRestrictionFilter.java
@@ -62,6 +62,13 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter {
 	protected abstract String getUrlRequestAction(String url);

 

 	/**

+	 * Determine if a non-existing repository can be created using this filter.

+	 *  

+	 * @return true if the filter allows repository creation

+	 */

+	protected abstract boolean isCreationAllowed();

+	

+	/**

 	 * Determine if the action may be executed on the repository.

 	 * 

 	 * @param repository

@@ -91,6 +98,18 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter {
 	protected abstract boolean canAccess(RepositoryModel repository, UserModel user, String action);

 

 	/**

+	 * Allows a filter to create a repository, if one does not exist.

+	 * 

+	 * @param user

+	 * @param repository

+	 * @param action

+	 * @return the repository model, if it is created, null otherwise

+	 */

+	protected RepositoryModel createRepository(UserModel user, String repository, String action) {

+		return null;

+	}

+	

+	/**

 	 * doFilter does the actual work of preprocessing the request to ensure that

 	 * the user may proceed.

 	 * 

@@ -111,14 +130,33 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter {
 		String fullSuffix = fullUrl.substring(repository.length());

 		String urlRequestType = getUrlRequestAction(fullSuffix);

 

+		UserModel user = getUser(httpRequest);

+

 		// Load the repository model

 		RepositoryModel model = GitBlit.self().getRepositoryModel(repository);

 		if (model == null) {

-			// repository not found. send 404.

-			logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl,

-					HttpServletResponse.SC_NOT_FOUND));

-			httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);

-			return;

+			if (isCreationAllowed()) {

+				if (user == null) {

+					// challenge client to provide credentials for creation. send 401.

+					if (GitBlit.isDebugMode()) {

+						logger.info(MessageFormat.format("ARF: CREATE CHALLENGE {0}", fullUrl));

+					}

+					httpResponse.setHeader("WWW-Authenticate", CHALLENGE);

+					httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);

+					return;

+				} else {

+					// see if we can create a repository for this request

+					model = createRepository(user, repository, urlRequestType);

+				}

+			}

+			

+			if (model == null) {

+				// repository not found. send 404.

+				logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl,

+						HttpServletResponse.SC_NOT_FOUND));

+				httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);

+				return;

+			}

 		}

 		

 		// Confirm that the action may be executed on the repository

@@ -139,7 +177,6 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter {
 		// Gitblit must conditionally authenticate users per-repository so just

 		// enabling http.receivepack is insufficient.

 		AuthenticatedRequest authenticatedRequest = new AuthenticatedRequest(httpRequest);

-		UserModel user = getUser(httpRequest);

 		if (user != null) {

 			authenticatedRequest.setUser(user);

 		}