Permission filtering in web ui

Present the mutable permissions by default. Allow the administrator or owner to toggle the displayed permissions to see how the user and team permissions are applied to a repository.
author: James Moger <james.moger@gitblit.com> 2012-11-02 16:52:41 -0400
committer: James Moger <james.moger@gitblit.com> 2012-11-02 16:52:41 -0400
commit: ba6150d1712d5f5986e72333831940a46316aab3 (patch)
tree: 50bd7211f952d50dd1034b0bcf0fc0f258c1cbfd /src/com/gitblit/models
parent: 368dad4d78b15057f835f1a41c633ee3b7a83dcf (diff)
download: gitblit-ba6150d1712d5f5986e72333831940a46316aab3.tar.gz
gitblit-ba6150d1712d5f5986e72333831940a46316aab3.zip
2 files changed, 73 insertions, 3 deletions
diff --git a/src/com/gitblit/models/RegistrantAccessPermission.java b/src/com/gitblit/models/RegistrantAccessPermission.java
index 4bdc2da4..8f4049a8 100644
--- a/src/com/gitblit/models/RegistrantAccessPermission.java
+++ b/src/com/gitblit/models/RegistrantAccessPermission.java
@@ -63,18 +63,67 @@ public class RegistrantAccessPermission implements Serializable, Comparable<Regi
 	public boolean isOwner() {
 		return PermissionType.OWNER.equals(permissionType);
 	}
+	
+	public boolean isExplicit() {
+		return PermissionType.EXPLICIT.equals(permissionType);
+	}
+
+	public boolean isRegex() {
+		return PermissionType.REGEX.equals(permissionType);
+	}
+
+	public boolean isTeam() {
+		return PermissionType.TEAM.equals(permissionType);
+	}
 
 	public boolean isMissing() {
 		return PermissionType.MISSING.equals(permissionType);
 	}
 	
+	public int getScore() {
+		switch (registrantType) {
+		case REPOSITORY:
+			if (isAdmin()) {
+				return 0;
+			}
+			if (isOwner()) {
+				return 1;
+			}
+			if (isExplicit()) {
+				return 2;
+			}
+			if (isRegex()) {
+				return 3;
+			}
+			if (isTeam()) {
+				return 4;
+			}
+		default:
+			return 0;
+		}
+	}
+	
 	@Override
 	public int compareTo(RegistrantAccessPermission p) {
 		switch (registrantType) {
 		case REPOSITORY:
+			// repository permissions are sorted in score order
+			// to convey the order in which permissions are tested
+			int score1 = getScore();
+			int score2 = p.getScore();
+			if (score1 <= 2 && score2 <= 2) {
+				// group admin, owner, and explicit together
+				return StringUtils.compareRepositoryNames(registrant, p.registrant);	
+			}
+			if (score1 < score2) {
+				return -1;
+			} else if (score2 < score1) {
+				return 1;
+			}
 			return StringUtils.compareRepositoryNames(registrant, p.registrant);
 		default:
-			return registrant.toLowerCase().compareTo(p.registrant.toLowerCase());		
+			// user and team permissions are string sorted
+			return registrant.toLowerCase().compareTo(p.registrant.toLowerCase());
 		}
 	}
 	
diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java
index 23322c26..1159905d 100644
--- a/src/com/gitblit/models/UserModel.java
+++ b/src/com/gitblit/models/UserModel.java
@@ -21,6 +21,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -160,7 +161,20 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
 			list.add(new RegistrantAccessPermission(registrant, ap, pType, RegistrantType.REPOSITORY, source, mutable));
 		}
 		Collections.sort(list);
-		return list;
+		
+		// include immutable team permissions, being careful to preserve order
+		Set<RegistrantAccessPermission> set = new LinkedHashSet<RegistrantAccessPermission>(list);
+		for (TeamModel team : teams) {
+			for (RegistrantAccessPermission teamPermission : team.getRepositoryPermissions()) {
+				// we can not change an inherited team permission, though we can override
+				teamPermission.registrantType = RegistrantType.REPOSITORY;
+				teamPermission.permissionType = PermissionType.TEAM;
+				teamPermission.source = team.name;
+				teamPermission.mutable = false;
+				set.add(teamPermission);
+			}
+		}
+		return new ArrayList<RegistrantAccessPermission>(set);
 	}
 	
 	/**
@@ -253,6 +267,13 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
 		ap.permission = AccessPermission.NONE;
 		ap.mutable = false;
 
+		if (AccessRestrictionType.NONE.equals(repository.accessRestriction)) {
+			// anonymous rewind
+			ap.permissionType = PermissionType.ADMINISTRATOR;
+			ap.permission = AccessPermission.REWIND;
+			return ap;
+		}
+
 		// administrator
 		if (canAdmin()) {
 			ap.permissionType = PermissionType.ADMINISTRATOR;
@@ -277,7 +298,7 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
 		}
 		
 		if (AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl) && isAuthenticated) {
-			// AUTHENTICATED is a shortcut for authorizing all logged-in users RW access
+			// AUTHENTICATED is a shortcut for authorizing all logged-in users RW+ access
 			ap.permission = AccessPermission.REWIND;
 			return ap;
 		}
author	James Moger <james.moger@gitblit.com>	2012-11-02 16:52:41 -0400
committer	James Moger <james.moger@gitblit.com>	2012-11-02 16:52:41 -0400
commit	ba6150d1712d5f5986e72333831940a46316aab3 (patch)
tree	50bd7211f952d50dd1034b0bcf0fc0f258c1cbfd /src/com/gitblit/models
parent	368dad4d78b15057f835f1a41c633ee3b7a83dcf (diff)
download	gitblit-ba6150d1712d5f5986e72333831940a46316aab3.tar.gz gitblit-ba6150d1712d5f5986e72333831940a46316aab3.zip