diff options
| author | James Moger <james.moger@gitblit.com> | 2012-11-02 16:52:41 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2012-11-02 16:52:41 -0400 |
| commit | ba6150d1712d5f5986e72333831940a46316aab3 (patch) | |
| tree | 50bd7211f952d50dd1034b0bcf0fc0f258c1cbfd /src/com/gitblit/client/GitblitClient.java | |
| parent | 368dad4d78b15057f835f1a41c633ee3b7a83dcf (diff) | |
| download | gitblit-ba6150d1712d5f5986e72333831940a46316aab3.tar.gz gitblit-ba6150d1712d5f5986e72333831940a46316aab3.zip | |
Permission filtering in web ui
Present the mutable permissions by default. Allow the administrator or
owner to toggle the displayed permissions to see how the user
and team permissions are applied to a repository.
Diffstat (limited to 'src/com/gitblit/client/GitblitClient.java')
| -rw-r--r-- | src/com/gitblit/client/GitblitClient.java | 56 |
1 files changed, 53 insertions, 3 deletions
diff --git a/src/com/gitblit/client/GitblitClient.java b/src/com/gitblit/client/GitblitClient.java index 56078fc3..1101cd60 100644 --- a/src/com/gitblit/client/GitblitClient.java +++ b/src/com/gitblit/client/GitblitClient.java @@ -31,6 +31,8 @@ import com.gitblit.Constants; import com.gitblit.Constants.AccessPermission;
import com.gitblit.Constants.AccessRestrictionType;
import com.gitblit.Constants.AuthorizationControl;
+import com.gitblit.Constants.PermissionType;
+import com.gitblit.Constants.RegistrantType;
import com.gitblit.GitBlitException.ForbiddenException;
import com.gitblit.GitBlitException.NotAllowedException;
import com.gitblit.GitBlitException.UnauthorizedException;
@@ -505,15 +507,63 @@ public class GitblitClient implements Serializable { return usernames;
}
+ /**
+ * Returns the effective list of permissions for this user, taking into account
+ * team memberships, ownerships.
+ *
+ * @param user
+ * @return the effective list of permissions for the user
+ */
+ public List<RegistrantAccessPermission> getUserAccessPermissions(UserModel user) {
+ Set<RegistrantAccessPermission> set = new LinkedHashSet<RegistrantAccessPermission>();
+ set.addAll(user.getRepositoryPermissions());
+ // Flag missing repositories
+ for (RegistrantAccessPermission permission : set) {
+ if (permission.mutable && PermissionType.EXPLICIT.equals(permission.permissionType)) {
+ RepositoryModel rm = getRepository(permission.registrant);
+ if (rm == null) {
+ permission.permissionType = PermissionType.MISSING;
+ permission.mutable = false;
+ continue;
+ }
+ }
+ }
+
+ // TODO reconsider ownership as a user property
+ // manually specify personal repository ownerships
+ for (RepositoryModel rm : allRepositories) {
+ if (rm.isUsersPersonalRepository(user.username) || rm.isOwner(user.username)) {
+ RegistrantAccessPermission rp = new RegistrantAccessPermission(rm.name, AccessPermission.REWIND,
+ PermissionType.OWNER, RegistrantType.REPOSITORY, null, false);
+ // user may be owner of a repository to which they've inherited
+ // a team permission, replace any existing perm with owner perm
+ set.remove(rp);
+ set.add(rp);
+ }
+ }
+
+ List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>(set);
+ Collections.sort(list);
+ return list;
+ }
+
public List<RegistrantAccessPermission> getUserAccessPermissions(RepositoryModel repository) {
- List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
- for (UserModel user : getUsers()) {
+ List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
+ if (AccessRestrictionType.NONE.equals(repository.accessRestriction)) {
+ // no permissions needed, REWIND for everyone!
+ return list;
+ }
+ if (AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl)) {
+ // no permissions needed, REWIND for authenticated!
+ return list;
+ }
+ // NAMED users and teams
+ for (UserModel user : allUsers) {
RegistrantAccessPermission ap = user.getRepositoryPermission(repository);
if (ap.permission.exceeds(AccessPermission.NONE)) {
list.add(ap);
}
}
- Collections.sort(list);
return list;
}
|