1 files changed, 61 insertions, 5 deletions

diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index 88202901..56d1d558 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -3,6 +3,7 @@ package com.gitblit.wicket.pages;
 import java.text.MessageFormat;

 import java.util.ArrayList;

 import java.util.Arrays;

+import java.util.Collections;

 import java.util.Date;

 import java.util.Iterator;

 import java.util.List;

@@ -23,13 +24,14 @@ import org.apache.wicket.model.util.ListModel;
 import com.gitblit.Constants.AccessRestrictionType;

 import com.gitblit.GitBlit;

 import com.gitblit.GitBlitException;

+import com.gitblit.Keys;

 import com.gitblit.utils.StringUtils;

-import com.gitblit.wicket.AdminPage;

 import com.gitblit.wicket.BasePage;

+import com.gitblit.wicket.GitBlitWebSession;

 import com.gitblit.wicket.WicketUtils;

 import com.gitblit.wicket.models.RepositoryModel;

+import com.gitblit.wicket.models.UserModel;

 

-@AdminPage

 public class EditRepositoryPage extends BasePage {

 

 	private final boolean isCreate;

@@ -51,6 +53,9 @@ public class EditRepositoryPage extends BasePage {
 	}

 

 	protected void setupPage(final RepositoryModel repositoryModel) {

+		// ensure this user can create or edit this repository

+		checkPermissions(repositoryModel);

+		

 		List<String> repositoryUsers = new ArrayList<String>();

 		if (isCreate) {

 			super.setupPage("", getString("gb.newRepository"));

@@ -58,6 +63,7 @@ public class EditRepositoryPage extends BasePage {
 			super.setupPage("", getString("gb.edit"));

 			if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {

 				repositoryUsers.addAll(GitBlit.self().getRepositoryUsers(repositoryModel));

+				Collections.sort(repositoryUsers);

 			}

 		}

 

@@ -99,10 +105,10 @@ public class EditRepositoryPage extends BasePage {
 						error("Please select access restriction!");

 						return;

 					}

-					

+

 					// save the repository

 					GitBlit.self().editRepositoryModel(repositoryModel, isCreate);

-					

+

 					// save the repository access list

 					if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {

 						Iterator<String> users = usersPalette.getSelectedChoices();

@@ -110,6 +116,10 @@ public class EditRepositoryPage extends BasePage {
 						while (users.hasNext()) {

 							repositoryUsers.add(users.next());

 						}

+						// ensure the owner is added to the user list

+						if (!repositoryUsers.contains(repositoryModel.owner)) {

+							repositoryUsers.add(repositoryModel.owner);

+						}

 						GitBlit.self().setRepositoryUsers(repositoryModel, repositoryUsers);

 					}

 				} catch (GitBlitException e) {

@@ -124,8 +134,9 @@ public class EditRepositoryPage extends BasePage {
 		// field names reflective match RepositoryModel fields

 		form.add(new TextField<String>("name").setEnabled(isCreate));

 		form.add(new TextField<String>("description"));

-		form.add(new TextField<String>("owner"));

+		form.add(new DropDownChoice<String>("owner", GitBlit.self().getAllUsernames()).setEnabled(GitBlitWebSession.get().canAdmin()));

 		form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays.asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));

+		form.add(new CheckBox("isFrozen"));

 		form.add(new CheckBox("useTickets"));

 		form.add(new CheckBox("useDocs"));

 		form.add(new CheckBox("showRemoteBranches"));

@@ -133,6 +144,51 @@ public class EditRepositoryPage extends BasePage {
 

 		add(form);

 	}

+	

+	/**

+	 * Unfortunately must repeat part of AuthorizaitonStrategy here because that

+	 * mechanism does not take PageParameters into consideration, only page

+	 * instantiation.

+	 * 

+	 * Repository Owners should be able to edit their repository.

+	 */

+	private void checkPermissions(RepositoryModel model) {

+		boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true);

+		boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true);

+

+		GitBlitWebSession session = GitBlitWebSession.get();

+		UserModel user = session.getUser();

+

+		if (allowAdmin) {

+			if (authenticateAdmin) {

+				if (user == null) {

+					// No Login Available

+					error("Administration requires a login", true);

+				}

+				if (isCreate) {

+					// Create Repository

+					if (!user.canAdmin()) {

+						// Only Administrators May Create

+						error("Only an administrator may create a repository", true);

+					}

+				} else {

+					// Edit Repository

+					if (user.canAdmin()) {

+						// Admins can edit everything

+						return;

+					} else {

+						if (!model.owner.equalsIgnoreCase(user.getUsername())) {

+							// User is not an Admin nor Owner

+							error("Only an administrator or the owner may edit a repository", true);

+						}

+					}					

+				}

+			}

+		} else {

+			// No Administration Permitted

+			error("Administration is disabled", true);

+		}

+	}

 

 	private class AccessRestrictionRenderer implements IChoiceRenderer<AccessRestrictionType> {