summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJames Moger <james.moger@gitblit.com>2012-08-02 00:27:02 -0400
committerJames Moger <james.moger@gitblit.com>2012-08-02 00:27:02 -0400
commit6adf56bb13227afac2c37871b3443fb5354d132c (patch)
tree1a39648f0f8f9dbce31753dfd4b75f9a3322bdb9 /src
parentd65fb8f1b77a7254c22edc9e7d8f47b29ec33072 (diff)
downloadgitblit-6adf56bb13227afac2c37871b3443fb5354d132c.tar.gz
gitblit-6adf56bb13227afac2c37871b3443fb5354d132c.zip
Per-repository authorization control: AUTHENTICATED and NAMED (issue 117)
Diffstat (limited to 'src')
-rw-r--r--src/com/gitblit/AuthenticationFilter.java1
-rw-r--r--src/com/gitblit/Constants.java22
-rw-r--r--src/com/gitblit/GitBlit.java4
-rw-r--r--src/com/gitblit/GitServlet.java1
-rw-r--r--src/com/gitblit/client/EditRepositoryDialog.java43
-rw-r--r--src/com/gitblit/client/GitblitClient.java9
-rw-r--r--src/com/gitblit/client/RepositoriesPanel.java1
-rw-r--r--src/com/gitblit/models/RepositoryModel.java4
-rw-r--r--src/com/gitblit/models/UserModel.java8
-rw-r--r--src/com/gitblit/wicket/GitBlitWebApp.properties3
-rw-r--r--src/com/gitblit/wicket/pages/EditRepositoryPage.html12
-rw-r--r--src/com/gitblit/wicket/pages/EditRepositoryPage.java13
12 files changed, 113 insertions, 8 deletions
diff --git a/src/com/gitblit/AuthenticationFilter.java b/src/com/gitblit/AuthenticationFilter.java
index 50a67a08..259991c9 100644
--- a/src/com/gitblit/AuthenticationFilter.java
+++ b/src/com/gitblit/AuthenticationFilter.java
@@ -170,6 +170,7 @@ public abstract class AuthenticationFilter implements Filter {
public AuthenticatedRequest(HttpServletRequest req) {
super(req);
user = new UserModel("anonymous");
+ user.isAuthenticated = false;
}
UserModel getUser() {
diff --git a/src/com/gitblit/Constants.java b/src/com/gitblit/Constants.java
index b80c968c..181fb8f0 100644
--- a/src/com/gitblit/Constants.java
+++ b/src/com/gitblit/Constants.java
@@ -109,6 +109,28 @@ public class Constants {
return name();
}
}
+
+ /**
+ * Enumeration representing the types of authorization control for an
+ * access restricted resource.
+ */
+ public static enum AuthorizationControl {
+ AUTHENTICATED, NAMED;
+
+ public static AuthorizationControl fromName(String name) {
+ for (AuthorizationControl type : values()) {
+ if (type.name().equalsIgnoreCase(name)) {
+ return type;
+ }
+ }
+ return NAMED;
+ }
+
+ public String toString() {
+ return name();
+ }
+ }
+
/**
* Enumeration representing the types of federation tokens.
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index 8f51069e..26f30f91 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -69,6 +69,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationRequest;
import com.gitblit.Constants.FederationStrategy;
import com.gitblit.Constants.FederationToken;
@@ -876,6 +877,8 @@ public class GitBlit implements ServletContextListener {
model.useDocs = getConfig(config, "useDocs", false);
model.accessRestriction = AccessRestrictionType.fromName(getConfig(config,
"accessRestriction", settings.getString(Keys.git.defaultAccessRestriction, null)));
+ model.authorizationControl = AuthorizationControl.fromName(getConfig(config,
+ "authorizationControl", settings.getString(Keys.git.defaultAuthorizationControl, null)));
model.showRemoteBranches = getConfig(config, "showRemoteBranches", false);
model.isFrozen = getConfig(config, "isFrozen", false);
model.showReadme = getConfig(config, "showReadme", false);
@@ -1135,6 +1138,7 @@ public class GitBlit implements ServletContextListener {
config.setBoolean(Constants.CONFIG_GITBLIT, null, "useTickets", repository.useTickets);
config.setBoolean(Constants.CONFIG_GITBLIT, null, "useDocs", repository.useDocs);
config.setString(Constants.CONFIG_GITBLIT, null, "accessRestriction", repository.accessRestriction.name());
+ config.setString(Constants.CONFIG_GITBLIT, null, "authorizationControl", repository.authorizationControl.name());
config.setBoolean(Constants.CONFIG_GITBLIT, null, "showRemoteBranches", repository.showRemoteBranches);
config.setBoolean(Constants.CONFIG_GITBLIT, null, "isFrozen", repository.isFrozen);
config.setBoolean(Constants.CONFIG_GITBLIT, null, "showReadme", repository.showReadme);
diff --git a/src/com/gitblit/GitServlet.java b/src/com/gitblit/GitServlet.java
index 68097cb8..0b5575bc 100644
--- a/src/com/gitblit/GitServlet.java
+++ b/src/com/gitblit/GitServlet.java
@@ -231,6 +231,7 @@ public class GitServlet extends org.eclipse.jgit.http.server.GitServlet {
if (user == null) {
// anonymous push, create a temporary usermodel
user = new UserModel(person.getName());
+ user.isAuthenticated = false;
}
return user;
}
diff --git a/src/com/gitblit/client/EditRepositoryDialog.java b/src/com/gitblit/client/EditRepositoryDialog.java
index 77878cbb..8ce076ec 100644
--- a/src/com/gitblit/client/EditRepositoryDialog.java
+++ b/src/com/gitblit/client/EditRepositoryDialog.java
@@ -35,6 +35,7 @@ import java.util.Map;
import java.util.Set;
import javax.swing.BoxLayout;
+import javax.swing.ButtonGroup;
import javax.swing.DefaultComboBoxModel;
import javax.swing.ImageIcon;
import javax.swing.JButton;
@@ -46,6 +47,7 @@ import javax.swing.JLabel;
import javax.swing.JList;
import javax.swing.JOptionPane;
import javax.swing.JPanel;
+import javax.swing.JRadioButton;
import javax.swing.JRootPane;
import javax.swing.JScrollPane;
import javax.swing.JTabbedPane;
@@ -55,6 +57,7 @@ import javax.swing.ListCellRenderer;
import javax.swing.ScrollPaneConstants;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationStrategy;
import com.gitblit.models.RepositoryModel;
import com.gitblit.utils.ArrayUtils;
@@ -98,6 +101,10 @@ public class EditRepositoryDialog extends JDialog {
private JTextField mailingListsField;
private JComboBox accessRestriction;
+
+ private JRadioButton allowAuthenticated;
+
+ private JRadioButton allowNamed;
private JComboBox federationStrategy;
@@ -206,6 +213,21 @@ public class EditRepositoryDialog extends JDialog {
accessRestriction = new JComboBox(AccessRestrictionType.values());
accessRestriction.setRenderer(new AccessRestrictionRenderer());
accessRestriction.setSelectedItem(anRepository.accessRestriction);
+
+ boolean authenticated = anRepository.authorizationControl != null
+ && AuthorizationControl.AUTHENTICATED.equals(anRepository.authorizationControl);
+ allowAuthenticated = new JRadioButton(Translation.get("gb.allowAuthenticatedDescription"));
+ allowAuthenticated.setSelected(authenticated);
+ allowNamed = new JRadioButton(Translation.get("gb.allowNamedDescription"));
+ allowNamed.setSelected(!authenticated);
+
+ ButtonGroup group = new ButtonGroup();
+ group.add(allowAuthenticated);
+ group.add(allowNamed);
+
+ JPanel authorizationPanel = new JPanel(new GridLayout(0, 1));
+ authorizationPanel.add(allowAuthenticated);
+ authorizationPanel.add(allowNamed);
// federation strategies - remove ORIGIN choice if this repository has
// no origin.
@@ -246,12 +268,15 @@ public class EditRepositoryDialog extends JDialog {
mailingListsField));
usersPalette = new JPalette<String>();
+ JPanel northAccessPanel = new JPanel(new BorderLayout(5, 5));
+ northAccessPanel.add(newFieldPanel(Translation.get("gb.accessRestriction"),
+ accessRestriction), BorderLayout.NORTH);
+ northAccessPanel.add(newFieldPanel(Translation.get("gb.authorizationControl"),
+ authorizationPanel), BorderLayout.CENTER);
+
JPanel accessPanel = new JPanel(new BorderLayout(5, 5));
- accessPanel.add(
- newFieldPanel(Translation.get("gb.accessRestriction"),
- accessRestriction), BorderLayout.NORTH);
- accessPanel.add(
- newFieldPanel(Translation.get("gb.permittedUsers"),
+ accessPanel.add(northAccessPanel, BorderLayout.NORTH);
+ accessPanel.add(newFieldPanel(Translation.get("gb.permittedUsers"),
usersPalette), BorderLayout.CENTER);
teamsPalette = new JPalette<String>();
@@ -463,6 +488,8 @@ public class EditRepositoryDialog extends JDialog {
repository.accessRestriction = (AccessRestrictionType) accessRestriction
.getSelectedItem();
+ repository.authorizationControl = allowAuthenticated.isSelected() ?
+ AuthorizationControl.AUTHENTICATED : AuthorizationControl.NAMED;
repository.federationStrategy = (FederationStrategy) federationStrategy
.getSelectedItem();
@@ -495,6 +522,12 @@ public class EditRepositoryDialog extends JDialog {
this.accessRestriction.setSelectedItem(restriction);
}
+ public void setAuthorizationControl(AuthorizationControl authorization) {
+ boolean authenticated = authorization != null && AuthorizationControl.AUTHENTICATED.equals(authorization);
+ this.allowAuthenticated.setSelected(authenticated);
+ this.allowNamed.setSelected(!authenticated);
+ }
+
public void setUsers(String owner, List<String> all, List<String> selected) {
ownerField.setModel(new DefaultComboBoxModel(all.toArray()));
if (!StringUtils.isEmpty(owner)) {
diff --git a/src/com/gitblit/client/GitblitClient.java b/src/com/gitblit/client/GitblitClient.java
index ed5a1337..5e05fa49 100644
--- a/src/com/gitblit/client/GitblitClient.java
+++ b/src/com/gitblit/client/GitblitClient.java
@@ -29,6 +29,7 @@ import java.util.TreeSet;
import com.gitblit.Constants;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.GitBlitException.ForbiddenException;
import com.gitblit.GitBlitException.NotAllowedException;
import com.gitblit.GitBlitException.UnauthorizedException;
@@ -195,6 +196,14 @@ public class GitblitClient implements Serializable {
return AccessRestrictionType.fromName(restriction);
}
+ public AuthorizationControl getDefaultAuthorizationControl() {
+ String authorization = null;
+ if (settings.hasKey(Keys.git.defaultAuthorizationControl)) {
+ authorization = settings.get(Keys.git.defaultAuthorizationControl).currentValue;
+ }
+ return AuthorizationControl.fromName(authorization);
+ }
+
/**
* Returns the list of pre-receive scripts the repository inherited from the
* global settings and team affiliations.
diff --git a/src/com/gitblit/client/RepositoriesPanel.java b/src/com/gitblit/client/RepositoriesPanel.java
index 70b87c6c..cbe18743 100644
--- a/src/com/gitblit/client/RepositoriesPanel.java
+++ b/src/com/gitblit/client/RepositoriesPanel.java
@@ -358,6 +358,7 @@ public abstract class RepositoriesPanel extends JPanel {
EditRepositoryDialog dialog = new EditRepositoryDialog(gitblit.getProtocolVersion());
dialog.setLocationRelativeTo(RepositoriesPanel.this);
dialog.setAccessRestriction(gitblit.getDefaultAccessRestriction());
+ dialog.setAuthorizationControl(gitblit.getDefaultAuthorizationControl());
dialog.setUsers(null, gitblit.getUsernames(), null);
dialog.setTeams(gitblit.getTeamnames(), null);
dialog.setRepositories(gitblit.getRepositories());
diff --git a/src/com/gitblit/models/RepositoryModel.java b/src/com/gitblit/models/RepositoryModel.java
index 0e0c2df1..27196635 100644
--- a/src/com/gitblit/models/RepositoryModel.java
+++ b/src/com/gitblit/models/RepositoryModel.java
@@ -22,6 +22,7 @@ import java.util.List;
import java.util.Map;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationStrategy;
import com.gitblit.utils.ArrayUtils;
import com.gitblit.utils.StringUtils;
@@ -47,6 +48,8 @@ public class RepositoryModel implements Serializable, Comparable<RepositoryModel
public boolean useTickets;
public boolean useDocs;
public AccessRestrictionType accessRestriction;
+ public AuthorizationControl authorizationControl;
+ public boolean allowAuthenticated;
public boolean isFrozen;
public boolean showReadme;
public FederationStrategy federationStrategy;
@@ -77,6 +80,7 @@ public class RepositoryModel implements Serializable, Comparable<RepositoryModel
this.owner = owner;
this.lastChange = lastchange;
this.accessRestriction = AccessRestrictionType.NONE;
+ this.authorizationControl = AuthorizationControl.NAMED;
this.federationSets = new ArrayList<String>();
this.federationStrategy = FederationStrategy.FEDERATE_THIS;
}
diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java
index 6632c611..8349bab6 100644
--- a/src/com/gitblit/models/UserModel.java
+++ b/src/com/gitblit/models/UserModel.java
@@ -20,6 +20,7 @@ import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.utils.StringUtils;
/**
@@ -45,8 +46,12 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
public final Set<String> repositories = new HashSet<String>();
public final Set<TeamModel> teams = new HashSet<TeamModel>();
+ // non-persisted fields
+ public boolean isAuthenticated;
+
public UserModel(String username) {
this.username = username;
+ this.isAuthenticated = true;
}
/**
@@ -65,8 +70,9 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
public boolean canAccessRepository(RepositoryModel repository) {
boolean isOwner = !StringUtils.isEmpty(repository.owner)
&& repository.owner.equals(username);
+ boolean allowAuthenticated = isAuthenticated && AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl);
return canAdmin || isOwner || repositories.contains(repository.name.toLowerCase())
- || hasTeamAccess(repository.name);
+ || hasTeamAccess(repository.name) || allowAuthenticated;
}
public boolean hasTeamAccess(String repositoryName) {
diff --git a/src/com/gitblit/wicket/GitBlitWebApp.properties b/src/com/gitblit/wicket/GitBlitWebApp.properties
index f8a936de..bcd63370 100644
--- a/src/com/gitblit/wicket/GitBlitWebApp.properties
+++ b/src/com/gitblit/wicket/GitBlitWebApp.properties
@@ -310,3 +310,6 @@ gb.duration.oneMonth = 1 month
gb.duration.months = {0} months
gb.duration.oneYear = 1 year
gb.duration.years = {0} years
+gb.authorizationControl = authorization control
+gb.allowAuthenticatedDescription = grant restricted access to all authenticated users
+gb.allowNamedDescription = grant restricted access to named users or teams \ No newline at end of file
diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.html b/src/com/gitblit/wicket/pages/EditRepositoryPage.html
index a419698d..2bb5776c 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.html
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.html
@@ -25,11 +25,19 @@
<tr><th><wicket:message key="gb.isFrozen"></wicket:message></th><td class="edit"><label class="checkbox"><input type="checkbox" wicket:id="isFrozen" tabindex="12" /> &nbsp;<span class="help-inline"><wicket:message key="gb.isFrozenDescription"></wicket:message></span></label></td></tr>
<tr><th><wicket:message key="gb.mailingLists"></wicket:message></th><td class="edit"><input class="span8" type="text" wicket:id="mailingLists" size="40" tabindex="13" /></td></tr>
<tr><td colspan="2" style="padding-top:15px"><h3><wicket:message key="gb.accessPermissions"></wicket:message> &nbsp;<small><wicket:message key="gb.accessPermissionsDescription"></wicket:message></small></h3></td></tr>
- <tr><th><wicket:message key="gb.accessRestriction"></wicket:message></th><td class="edit"><select class="span4" wicket:id="accessRestriction" tabindex="14" /></td></tr>
+ <tr><th><wicket:message key="gb.accessRestriction"></wicket:message></th><td class="edit"><select class="span4" wicket:id="accessRestriction" tabindex="14" /></td></tr>
+ <tr><th colspan="2"><hr/></th></tr>
+ <tr><th style="vertical-align: top;"><wicket:message key="gb.authorizationControl"></wicket:message></th><td style="padding:2px;">
+ <wicket:container wicket:id="authorizationControl">
+ <label class="radio"><input type="radio" wicket:id="allowAuthenticated" tabindex="15" /> &nbsp;<span class="help-inline"><wicket:message key="gb.allowAuthenticatedDescription"></wicket:message></span></label>
+ <label class="radio"><input type="radio" wicket:id="allowNamed" tabindex="16" /> &nbsp;<span class="help-inline"><wicket:message key="gb.allowNamedDescription"></wicket:message></span></label>
+ </wicket:container>
+ </td></tr>
+ <tr><th colspan="2"><hr/></th></tr>
<tr><th style="vertical-align: top;"><wicket:message key="gb.permittedUsers"></wicket:message></th><td style="padding:2px;"><span wicket:id="users"></span></td></tr>
<tr><th style="vertical-align: top;"><wicket:message key="gb.permittedTeams"></wicket:message></th><td style="padding:2px;"><span wicket:id="teams"></span></td></tr>
<tr><td colspan="2"><h3><wicket:message key="gb.federation"></wicket:message> &nbsp;<small><wicket:message key="gb.federationRepositoryDescription"></wicket:message></small></h3></td></tr>
- <tr><th><wicket:message key="gb.federationStrategy"></wicket:message></th><td class="edit"><select class="span4" wicket:id="federationStrategy" tabindex="15" /></td></tr>
+ <tr><th><wicket:message key="gb.federationStrategy"></wicket:message></th><td class="edit"><select class="span4" wicket:id="federationStrategy" tabindex="17" /></td></tr>
<tr><th style="vertical-align: top;"><wicket:message key="gb.federationSets"></wicket:message></th><td style="padding:2px;"><span wicket:id="federationSets"></span></td></tr>
<tr><td colspan="2"><h3><wicket:message key="gb.search"></wicket:message> &nbsp;<small><wicket:message key="gb.indexedBranchesDescription"></wicket:message></small></h3></td></tr>
<tr><th style="vertical-align: top;"><wicket:message key="gb.indexedBranches"></wicket:message></th><td style="padding:2px;"><span wicket:id="indexedBranches"></span></td></tr>
diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index 0176249b..505cb548 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -36,6 +36,8 @@ import org.apache.wicket.markup.html.form.CheckBox;
import org.apache.wicket.markup.html.form.DropDownChoice;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.IChoiceRenderer;
+import org.apache.wicket.markup.html.form.Radio;
+import org.apache.wicket.markup.html.form.RadioGroup;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.markup.html.list.ListItem;
import org.apache.wicket.markup.html.list.ListView;
@@ -47,6 +49,7 @@ import org.apache.wicket.model.util.ListModel;
import com.gitblit.Constants;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationStrategy;
import com.gitblit.GitBlit;
import com.gitblit.GitBlitException;
@@ -75,6 +78,8 @@ public class EditRepositoryPage extends RootSubPage {
RepositoryModel model = new RepositoryModel();
String restriction = GitBlit.getString(Keys.git.defaultAccessRestriction, null);
model.accessRestriction = AccessRestrictionType.fromName(restriction);
+ String authorization = GitBlit.getString(Keys.git.defaultAuthorizationControl, null);
+ model.authorizationControl = AuthorizationControl.fromName(authorization);
setupPage(model);
}
@@ -370,6 +375,14 @@ public class EditRepositoryPage extends RootSubPage {
: StringUtils.flattenStrings(repositoryModel.mailingLists, " "));
form.add(new TextField<String>("mailingLists", mailingLists));
form.add(indexedBranchesPalette);
+
+ RadioGroup<AuthorizationControl> group = new RadioGroup<AuthorizationControl>("authorizationControl");
+ Radio<AuthorizationControl> allowAuthenticated = new Radio<AuthorizationControl>("allowAuthenticated", new Model<AuthorizationControl>(AuthorizationControl.AUTHENTICATED));
+ Radio<AuthorizationControl> allowNamed = new Radio<AuthorizationControl>("allowNamed", new Model<AuthorizationControl>(AuthorizationControl.NAMED));
+ group.add(allowAuthenticated);
+ group.add(allowNamed);
+ form.add(group);
+
form.add(usersPalette);
form.add(teamsPalette);
form.add(federationSetsPalette);