From ba2f9aa95ee55f3672cd59474c65b959d0fe7fb5 Mon Sep 17 00:00:00 2001 From: James Moger Date: Wed, 26 Feb 2014 23:52:45 -0500 Subject: Do not grant fork CLONE permissions to users/teams with implied regex CLONE permissions (issue-320) --- src/main/java/com/gitblit/manager/GitblitManager.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/main/java/com/gitblit/manager/GitblitManager.java b/src/main/java/com/gitblit/manager/GitblitManager.java index 95d50ac1..9d096ddf 100644 --- a/src/main/java/com/gitblit/manager/GitblitManager.java +++ b/src/main/java/com/gitblit/manager/GitblitManager.java @@ -172,7 +172,8 @@ public class GitblitManager implements IGitblit { if (!ArrayUtils.isEmpty(repository.owners)) { for (String owner : repository.owners) { UserModel originOwner = userManager.getUserModel(owner); - if (originOwner != null) { + if (originOwner != null && !originOwner.canClone(cloneModel)) { + // origin owner can't yet clone fork, grant explicit clone access originOwner.setRepositoryPermission(cloneName, AccessPermission.CLONE); reviseUser(originOwner.username, originOwner); } @@ -185,8 +186,8 @@ public class GitblitManager implements IGitblit { for (String name : users) { if (!name.equalsIgnoreCase(user.username)) { UserModel cloneUser = userManager.getUserModel(name); - if (cloneUser.canClone(repository)) { - // origin user can clone origin, grant clone access to fork + if (cloneUser.canClone(repository) && !cloneUser.canClone(cloneModel)) { + // origin user can't yet clone fork, grant explicit clone access cloneUser.setRepositoryPermission(cloneName, AccessPermission.CLONE); } cloneUsers.add(cloneUser); @@ -199,8 +200,8 @@ public class GitblitManager implements IGitblit { List cloneTeams = new ArrayList(); for (String name : teams) { TeamModel cloneTeam = userManager.getTeamModel(name); - if (cloneTeam.canClone(repository)) { - // origin team can clone origin, grant clone access to fork + if (cloneTeam.canClone(repository) && !cloneTeam.canClone(cloneModel)) { + // origin team can't yet clone fork, grant explicit clone access cloneTeam.setRepositoryPermission(cloneName, AccessPermission.CLONE); } cloneTeams.add(cloneTeam); -- cgit v1.2.3