blob: c308cbbb35d2ac7b4a280fedd8bdfad48dceaae2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
/*
* Copyright 2011 gitblit.com.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.gitblit;
import com.gitblit.Constants.AccessRestrictionType;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.UserModel;
/**
* The DownloadZipFilter is an AccessRestrictionFilter which ensures that zip
* requests for view-restricted repositories have proper authentication
* credentials and are authorized.
*
* @author James Moger
*
*/
public class DownloadZipFilter extends AccessRestrictionFilter {
/**
* Extract the repository name from the url.
*
* @param url
* @return repository name
*/
@Override
protected String extractRepositoryName(String url) {
int a = url.indexOf("r=");
String repository = url.substring(a + 2);
if (repository.indexOf('&') > -1) {
repository = repository.substring(0, repository.indexOf('&'));
}
return repository;
}
/**
* Analyze the url and returns the action of the request.
*
* @param url
* @return action of the request
*/
@Override
protected String getUrlRequestAction(String url) {
return "DOWNLOAD";
}
/**
* Determine if the repository requires authentication.
*
* @param repository
* @return true if authentication required
*/
@Override
protected boolean requiresAuthentication(RepositoryModel repository) {
return repository.accessRestriction.atLeast(AccessRestrictionType.VIEW);
}
/**
* Determine if the user can access the repository and perform the specified
* action.
*
* @param repository
* @param user
* @param action
* @return true if user may execute the action on the repository
*/
@Override
protected boolean canAccess(RepositoryModel repository, UserModel user, String action) {
return user.canAccessRepository(repository);
}
}
|
