From ba6150d1712d5f5986e72333831940a46316aab3 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 2 Nov 2012 16:52:41 -0400
Subject: Permission filtering in web ui

Present the mutable permissions by default.  Allow the administrator or
owner to toggle the displayed permissions to see how the user
and team permissions are applied to a repository.
---
 .../gitblit/models/RegistrantAccessPermission.java | 51 +++++++++++++++++++++-
 src/com/gitblit/models/UserModel.java              | 25 ++++++++++-
 2 files changed, 73 insertions(+), 3 deletions(-)

(limited to 'src/com/gitblit/models')

diff --git a/src/com/gitblit/models/RegistrantAccessPermission.java b/src/com/gitblit/models/RegistrantAccessPermission.java
index 4bdc2da4..8f4049a8 100644
--- a/src/com/gitblit/models/RegistrantAccessPermission.java
+++ b/src/com/gitblit/models/RegistrantAccessPermission.java
@@ -63,18 +63,67 @@ public class RegistrantAccessPermission implements Serializable, Comparable<Regi
 	public boolean isOwner() {
 		return PermissionType.OWNER.equals(permissionType);
 	}
+	
+	public boolean isExplicit() {
+		return PermissionType.EXPLICIT.equals(permissionType);
+	}
+
+	public boolean isRegex() {
+		return PermissionType.REGEX.equals(permissionType);
+	}
+
+	public boolean isTeam() {
+		return PermissionType.TEAM.equals(permissionType);
+	}
 
 	public boolean isMissing() {
 		return PermissionType.MISSING.equals(permissionType);
 	}
 	
+	public int getScore() {
+		switch (registrantType) {
+		case REPOSITORY:
+			if (isAdmin()) {
+				return 0;
+			}
+			if (isOwner()) {
+				return 1;
+			}
+			if (isExplicit()) {
+				return 2;
+			}
+			if (isRegex()) {
+				return 3;
+			}
+			if (isTeam()) {
+				return 4;
+			}
+		default:
+			return 0;
+		}
+	}
+	
 	@Override
 	public int compareTo(RegistrantAccessPermission p) {
 		switch (registrantType) {
 		case REPOSITORY:
+			// repository permissions are sorted in score order
+			// to convey the order in which permissions are tested
+			int score1 = getScore();
+			int score2 = p.getScore();
+			if (score1 <= 2 && score2 <= 2) {
+				// group admin, owner, and explicit together
+				return StringUtils.compareRepositoryNames(registrant, p.registrant);	
+			}
+			if (score1 < score2) {
+				return -1;
+			} else if (score2 < score1) {
+				return 1;
+			}
 			return StringUtils.compareRepositoryNames(registrant, p.registrant);
 		default:
-			return registrant.toLowerCase().compareTo(p.registrant.toLowerCase());		
+			// user and team permissions are string sorted
+			return registrant.toLowerCase().compareTo(p.registrant.toLowerCase());
 		}
 	}
 	
diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java
index 23322c26..1159905d 100644
--- a/src/com/gitblit/models/UserModel.java
+++ b/src/com/gitblit/models/UserModel.java
@@ -21,6 +21,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -160,7 +161,20 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
 			list.add(new RegistrantAccessPermission(registrant, ap, pType, RegistrantType.REPOSITORY, source, mutable));
 		}
 		Collections.sort(list);
-		return list;
+		
+		// include immutable team permissions, being careful to preserve order
+		Set<RegistrantAccessPermission> set = new LinkedHashSet<RegistrantAccessPermission>(list);
+		for (TeamModel team : teams) {
+			for (RegistrantAccessPermission teamPermission : team.getRepositoryPermissions()) {
+				// we can not change an inherited team permission, though we can override
+				teamPermission.registrantType = RegistrantType.REPOSITORY;
+				teamPermission.permissionType = PermissionType.TEAM;
+				teamPermission.source = team.name;
+				teamPermission.mutable = false;
+				set.add(teamPermission);
+			}
+		}
+		return new ArrayList<RegistrantAccessPermission>(set);
 	}
 	
 	/**
@@ -253,6 +267,13 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
 		ap.permission = AccessPermission.NONE;
 		ap.mutable = false;
 
+		if (AccessRestrictionType.NONE.equals(repository.accessRestriction)) {
+			// anonymous rewind
+			ap.permissionType = PermissionType.ADMINISTRATOR;
+			ap.permission = AccessPermission.REWIND;
+			return ap;
+		}
+
 		// administrator
 		if (canAdmin()) {
 			ap.permissionType = PermissionType.ADMINISTRATOR;
@@ -277,7 +298,7 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
 		}
 		
 		if (AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl) && isAuthenticated) {
-			// AUTHENTICATED is a shortcut for authorizing all logged-in users RW access
+			// AUTHENTICATED is a shortcut for authorizing all logged-in users RW+ access
 			ap.permission = AccessPermission.REWIND;
 			return ap;
 		}
-- 
cgit v1.2.3