diff options
author | Joel Johnson <mrjoel@lixil.net> | 2015-06-30 01:00:52 -0600 |
---|---|---|
committer | Joel Johnson <mrjoel@lixil.net> | 2015-06-30 01:05:43 -0600 |
commit | 2db6b39fdff61ce48788767ad475632a1b29f831 (patch) | |
tree | 49ce03985676173e85e4083ba158813903bd5c88 /src | |
parent | a909bf1333d9e9bcdc5e87a17642211e6fa8f036 (diff) | |
download | gitblit-2db6b39fdff61ce48788767ad475632a1b29f831.tar.gz gitblit-2db6b39fdff61ce48788767ad475632a1b29f831.zip |
fix permission capping for HTTP/HTTPS
Previously used request scheme, but request scheme is unrelated to
the URL being generated. Instead, base the permission capping on the
scheme of the URL itself.
Diffstat (limited to 'src')
-rw-r--r-- | src/main/java/com/gitblit/manager/ServicesManager.java | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/main/java/com/gitblit/manager/ServicesManager.java b/src/main/java/com/gitblit/manager/ServicesManager.java index 5a957a17..c911f31a 100644 --- a/src/main/java/com/gitblit/manager/ServicesManager.java +++ b/src/main/java/com/gitblit/manager/ServicesManager.java @@ -166,13 +166,14 @@ public class ServicesManager implements IServicesManager { settings.getBoolean(Keys.web.showHttpServletUrls, true)) { AccessPermission permission = user.getRepositoryPermission(repository).permission; if (permission.exceeds(AccessPermission.NONE)) { - Transport transport = Transport.fromString(request.getScheme()); + String repoUrl = getRepositoryUrl(request, username, repository); + Transport transport = Transport.fromUrl(repoUrl); if (permission.atLeast(AccessPermission.PUSH) && !acceptsPush(transport)) { // downgrade the repo permission for this transport // because it is not an acceptable PUSH transport permission = AccessPermission.CLONE; } - list.add(new RepositoryUrl(getRepositoryUrl(request, username, repository), permission)); + list.add(new RepositoryUrl(repoUrl, permission)); } } |