From a66312f3d4bb9f1f6aad5ed66d2082057c99f519 Mon Sep 17 00:00:00 2001 From: James Moger Date: Wed, 12 Mar 2014 17:21:12 -0400 Subject: Tweak the receive pack push permission check to be a method --- .../java/com/gitblit/git/GitblitReceivePack.java | 28 +++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/main/java/com/gitblit/git/GitblitReceivePack.java b/src/main/java/com/gitblit/git/GitblitReceivePack.java index e3e2faeb..73da3d3e 100644 --- a/src/main/java/com/gitblit/git/GitblitReceivePack.java +++ b/src/main/java/com/gitblit/git/GitblitReceivePack.java @@ -123,6 +123,32 @@ public class GitblitReceivePack extends ReceivePack implements PreReceiveHook, P setPostReceiveHook(this); } + /** + * Returns true if the user is permitted to apply the receive commands to + * the repository. + * + * @param commands + * @return true if the user may push these commands + */ + protected boolean canPush(Collection commands) { + // TODO Consider supporting branch permissions here (issue-36) + // Not sure if that should be Gerrit-style, refs/meta/config, or + // gitolite-style, permissions in users.conf + // + // How could commands be empty? + // + // Because a subclass, like PatchsetReceivePack, filters receive + // commands before this method is called. This makes it possible for + // this method to test an empty list. In this case, we assume that the + // subclass receive pack properly enforces push restrictions. for the + // ref. + // + // The empty test is not explicitly required, it's written here to + // clarify special-case behavior. + + return commands.isEmpty() ? true : user.canPush(repository); + } + /** * Instrumentation point where the incoming push event has been parsed, * validated, objects created BUT refs have not been updated. You might @@ -155,7 +181,7 @@ public class GitblitReceivePack extends ReceivePack implements PreReceiveHook, P return; } - if (!user.canPush(repository)) { + if (!canPush(commands)) { // user does not have push permissions for (ReceiveCommand cmd : commands) { sendRejection(cmd, "User \"{0}\" does not have push permissions for \"{1}\"!", user.username, repository.name); -- cgit v1.2.3