diff options
| author | James Moger <james.moger@gitblit.com> | 2012-10-10 00:05:34 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2012-10-10 00:05:34 -0400 |
| commit | 20714aee0d2d2a989d93d6065e081aed8ac85fbf (patch) | |
| tree | ac1dfc4f2519b766ad1306a9fd2d2e8e9ecf8ac8 /src/com/gitblit/FederationPullExecutor.java | |
| parent | c890e1f7d3f5cd83025b1d993cedf4990de63897 (diff) | |
| download | gitblit-20714aee0d2d2a989d93d6065e081aed8ac85fbf.tar.gz gitblit-20714aee0d2d2a989d93d6065e081aed8ac85fbf.zip | |
Finer-grained repository access permissions (issue 36)
Implemented discrete repository access permissions to replace the
really primitive course-grained permissions used to this point. This
implementation allows for finer-grained access control, but still
falls short of integrated, branch-based permissions sought by some.
Access permissions follow the conventions established by Gitosis and
Gitolite so they should feel immediately comfortable to experienced
users. This permissions infrastructure is complete and works exactly as
expected. Unfortunately, there is no ui in this commit to change
permissions, that will be forthcoming. In the meantime, Gitblit
hot-reloads users.conf so the permissions can be manipulated at runtime
with a text editor.
The following per-repository permissions are now supported:
- V (view in web ui, RSS feeds, download zip)
- R (clone)
- RW (clone and push)
- RWC (clone and push with ref creation)
- RWD (clone and push with ref creation, deletion)
- RW+ (clone and push with ref creation, deletion, rewind)
And a users.conf entry looks something like this:
[user "hannibal"]
password = bossman
repository = RWD:topsecret.git
Diffstat (limited to 'src/com/gitblit/FederationPullExecutor.java')
| -rw-r--r-- | src/com/gitblit/FederationPullExecutor.java | 49 |
1 files changed, 37 insertions, 12 deletions
diff --git a/src/com/gitblit/FederationPullExecutor.java b/src/com/gitblit/FederationPullExecutor.java index 7b9c55ba..03109dea 100644 --- a/src/com/gitblit/FederationPullExecutor.java +++ b/src/com/gitblit/FederationPullExecutor.java @@ -26,6 +26,7 @@ import java.util.ArrayList; import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
@@ -41,6 +42,7 @@ import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider; import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.gitblit.Constants.AccessPermission;
import com.gitblit.Constants.FederationPullStatus;
import com.gitblit.Constants.FederationStrategy;
import com.gitblit.GitBlitException.ForbiddenException;
@@ -333,10 +335,20 @@ public class FederationPullExecutor implements Runnable { // reparent all repository permissions if the local
// repositories are stored within subfolders
if (!StringUtils.isEmpty(registrationFolder)) {
- List<String> permissions = new ArrayList<String>(user.repositories);
- user.repositories.clear();
- for (String permission : permissions) {
- user.addRepository(registrationFolder + "/" + permission);
+ if (user.permissions != null && user.permissions.size() > 0) {
+ // pulling from >= 1.2 version
+ Map<String, AccessPermission> copy = new HashMap<String, AccessPermission>(user.permissions);
+ user.permissions.clear();
+ for (Map.Entry<String, AccessPermission> entry : copy.entrySet()) {
+ user.setRepositoryPermission(registrationFolder + "/" + entry.getKey(), entry.getValue());
+ }
+ } else {
+ // pulling from <= 1.1 version
+ List<String> permissions = new ArrayList<String>(user.repositories);
+ user.repositories.clear();
+ for (String permission : permissions) {
+ user.addRepositoryPermission(registrationFolder + "/" + permission);
+ }
}
}
@@ -347,8 +359,17 @@ public class FederationPullExecutor implements Runnable { GitBlit.self().updateUserModel(user.username, user, true);
} else {
// update repository permissions of local user
- for (String repository : user.repositories) {
- localUser.addRepository(repository);
+ if (user.permissions != null && user.permissions.size() > 0) {
+ // pulling from >= 1.2 version
+ Map<String, AccessPermission> copy = new HashMap<String, AccessPermission>(user.permissions);
+ for (Map.Entry<String, AccessPermission> entry : copy.entrySet()) {
+ localUser.setRepositoryPermission(entry.getKey(), entry.getValue());
+ }
+ } else {
+ // pulling from <= 1.1 version
+ for (String repository : user.repositories) {
+ localUser.addRepositoryPermission(repository);
+ }
}
localUser.password = user.password;
localUser.canAdmin = user.canAdmin;
@@ -369,12 +390,16 @@ public class FederationPullExecutor implements Runnable { // update team repositories
TeamModel remoteTeam = user.getTeam(teamname);
- if (remoteTeam != null && !ArrayUtils.isEmpty(remoteTeam.repositories)) {
- int before = team.repositories.size();
- team.addRepositories(remoteTeam.repositories);
- int after = team.repositories.size();
- if (after > before) {
- // repository count changed, update
+ if (remoteTeam != null) {
+ if (remoteTeam.permissions != null) {
+ // pulling from >= 1.2
+ for (Map.Entry<String, AccessPermission> entry : remoteTeam.permissions.entrySet()){
+ team.setRepositoryPermission(entry.getKey(), entry.getValue());
+ }
+ GitBlit.self().updateTeamModel(teamname, team, false);
+ } else if(!ArrayUtils.isEmpty(remoteTeam.repositories)) {
+ // pulling from <= 1.1
+ team.addRepositoryPermissions(remoteTeam.repositories);
GitBlit.self().updateTeamModel(teamname, team, false);
}
}
|