Repository owners no longer have to be explicitly selected to grant them access to Git, feeds, and zip downloads. Idea from Github/dadalar.tags/v0.7.0
@@ -171,7 +171,7 @@ public abstract class AuthenticationFilter implements Filter { | |||
super(req); | |||
user = new UserModel("anonymous"); | |||
} | |||
UserModel getUser() { | |||
return user; | |||
} | |||
@@ -190,6 +190,9 @@ public abstract class AuthenticationFilter implements Filter { | |||
if (role.equals(Constants.ADMIN_ROLE)) { | |||
return user.canAdmin; | |||
} | |||
// Gitblit does not currently use actual roles in the traditional | |||
// servlet container sense. That is the reason this is marked | |||
// deprecated, but I may want to revisit this. | |||
return user.canAccessRepository(role); | |||
} | |||
@@ -78,7 +78,7 @@ public class DownloadZipFilter extends AccessRestrictionFilter { | |||
*/ | |||
@Override | |||
protected boolean canAccess(RepositoryModel repository, UserModel user, String action) { | |||
return user.canAccessRepository(repository.name); | |||
return user.canAccessRepository(repository); | |||
} | |||
} |
@@ -555,7 +555,7 @@ public class GitBlit implements ServletContextListener { | |||
return null; | |||
} | |||
if (model.accessRestriction.atLeast(AccessRestrictionType.VIEW)) { | |||
if (user != null && user.canAccessRepository(model.name)) { | |||
if (user != null && user.canAccessRepository(model)) { | |||
return model; | |||
} | |||
return null; |
@@ -110,7 +110,7 @@ public class GitFilter extends AccessRestrictionFilter { | |||
} | |||
boolean readOnly = repository.isFrozen; | |||
if (readOnly || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) { | |||
boolean authorizedUser = user.canAccessRepository(repository.name); | |||
boolean authorizedUser = user.canAccessRepository(repository); | |||
if (action.equals(gitReceivePack)) { | |||
// Push request | |||
if (!readOnly && authorizedUser) { |
@@ -76,7 +76,7 @@ public class SyndicationFilter extends AccessRestrictionFilter { | |||
*/ | |||
@Override | |||
protected boolean canAccess(RepositoryModel repository, UserModel user, String action) { | |||
return user.canAccessRepository(repository.name); | |||
return user.canAccessRepository(repository); | |||
} | |||
} |
@@ -20,6 +20,8 @@ import java.security.Principal; | |||
import java.util.HashSet; | |||
import java.util.Set; | |||
import com.gitblit.utils.StringUtils; | |||
/** | |||
* UserModel is a serializable model class that represents a user and the user's | |||
* restricted repository memberships. Instances of UserModels are also used as | |||
@@ -43,10 +45,24 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel> | |||
this.username = username; | |||
} | |||
/** | |||
* This method does not take into consideration Ownership where the | |||
* administrator has not explicitly granted access to the owner. | |||
* | |||
* @param repositoryName | |||
* @return | |||
*/ | |||
@Deprecated | |||
public boolean canAccessRepository(String repositoryName) { | |||
return canAdmin || repositories.contains(repositoryName.toLowerCase()); | |||
} | |||
public boolean canAccessRepository(RepositoryModel repository) { | |||
boolean isOwner = !StringUtils.isEmpty(repository.owner) | |||
&& repository.owner.equals(username); | |||
return canAdmin || isOwner || repositories.contains(repository.name.toLowerCase()); | |||
} | |||
public void addRepository(String name) { | |||
repositories.add(name.toLowerCase()); | |||
} |
@@ -52,9 +52,10 @@ public class GitBlitTest extends TestCase { | |||
model.canAdmin = false; | |||
assertFalse("Admin should not have #admin!", model.canAdmin); | |||
String repository = GitBlitSuite.getHelloworldRepository().getDirectory().getName(); | |||
assertFalse("Admin can still access repository!", model.canAccessRepository(repository)); | |||
RepositoryModel repositoryModel = GitBlit.self().getRepositoryModel(model, repository); | |||
assertFalse("Admin can still access repository!", model.canAccessRepository(repositoryModel)); | |||
model.addRepository(repository); | |||
assertTrue("Admin can't access repository!", model.canAccessRepository(repository)); | |||
assertTrue("Admin can't access repository!", model.canAccessRepository(repositoryModel)); | |||
assertEquals(GitBlit.self().getRepositoryModel(model, "pretend"), null); | |||
assertNotNull(GitBlit.self().getRepositoryModel(model, repository)); | |||
assertTrue(GitBlit.self().getRepositoryModels(model).size() > 0); |