LDAP: Authenticated Searches without a manager password
Allow to use the LDAP AuthProvider with a LDAP Server
prohibiting anonymous searches but without providing
a manager password : searches are made on behalf of
the authenticated user.
A basic issue tracker styled as a hybrid of GitHub and BitBucket issues.
You may attach commits to an existing ticket or you can push a single
commit to create a *proposal* ticket.
Tickets keep track of patchsets (one or more commits) and allow patchset
rewriting (rebase, amend, squash) by detecing the non-fast-forward
update and assigning a new patchset number to the new commits.
Ticket tracker
--------------
The ticket tracker stores tickets as an append-only journal of changes.
The journals are deserialized and a ticket is built by applying the
journal entries. Tickets are indexed using Apache Lucene and all
queries and searches are executed against this Lucene index.
There is one trade-off to this persistence design: user attributions are
non-relational.
What does that mean? Each journal entry stores the username of the
author. If the username changes in the user service, the journal entry
will not reflect that change because the values are hard-coded.
Here are a few reasons/justifications for this design choice:
1. commit identifications (author, committer, tagger) are non-relational
2. maintains the KISS principle
3. your favorite text editor can still be your administration tool
Persistence Choices
-------------------
**FileTicketService**: stores journals on the filesystem
**BranchTicketService**: stores journals on an orphan branch
**RedisTicketService**: stores journals in a Redis key-value datastore
It should be relatively straight-forward to develop other backends
(MongoDB, etc) as long as the journal design is preserved.
Pushing Commits
---------------
Each push to a ticket is identified as a patchset revision. A patchset
revision may add commits to the patchset (fast-forward) OR a patchset
revision may rewrite history (rebase, squash, rebase+squash, or amend).
Patchset authors should not be afraid to polish, revise, and rewrite
their code before merging into the proposed branch.
Gitblit will create one ref for each patchset. These refs are updated
for fast-forward pushes or created for rewrites. They are formatted as
`refs/tickets/{shard}/{id}/{patchset}`. The *shard* is the last two
digits of the id. If the id < 10, prefix a 0. The *shard* is always
two digits long. The shard's purpose is to ensure Gitblit doesn't
exceed any filesystem directory limits for file creation.
**Creating a Proposal Ticket**
You may create a new change proposal ticket just by pushing a **single
commit** to `refs/for/{branch}` where branch is the proposed integration
branch OR `refs/for/new` or `refs/for/default` which both will use the
default repository branch.
git push origin HEAD:refs/for/new
**Updating a Patchset**
The safe way to update an existing patchset is to push to the patchset
ref.
git push origin HEAD:refs/heads/ticket/{id}
This ensures you do not accidentally create a new patchset in the event
that the patchset was updated after you last pulled.
The not-so-safe way to update an existing patchset is to push using the
magic ref.
git push origin HEAD:refs/for/{id}
This push ref will update an exisitng patchset OR create a new patchset
if the update is non-fast-forward.
**Rebasing, Squashing, Amending**
Gitblit makes rebasing, squashing, and amending patchsets easy.
Normally, pushing a non-fast-forward update would require rewind (RW+)
repository permissions. Gitblit provides a magic ref which will allow
ticket participants to rewrite a ticket patchset as long as the ticket
is open.
git push origin HEAD:refs/for/{id}
Pushing changes to this ref allows the patchset authors to rebase,
squash, or amend the patchset commits without requiring client-side use
of the *--force* flag on push AND without requiring RW+ permission to
the repository. Since each patchset is tracked with a ref it is easy to
recover from accidental non-fast-forward updates.
Features
--------
- Ticket tracker with status changes and responsible assignments
- Patchset revision scoring mechanism
- Update/Rewrite patchset handling
- Close-on-push detection
- Server-side Merge button for simple merges
- Comments with Markdown syntax support
- Rich mail notifications
- Voting
- Mentions
- Watch lists
- Querying
- Searches
- Partial miletones support
- Multiple backend options
WindowsAuthProvider setting to restrict BUILTIN\Administrators
Some environments do not want to automatically allow Windows admin
accounts to be Gitblit admins. This patch allows disabling/enabling the
relationship between Windows builtin admin accounts and Gitblit accounts.
The mirror executor will fetch ref updates for repository mirrors. This
feature is disabled by default and can be enabled by setting
git.enableMirroring=true. The period between update checks is
configurable, but it is global. An individual rpeository may not set
it's own update schedule.
Requirements:
1. you must manually clone the repository using native git
git clone --mirror git://somewhere.com/myrepo.git
2. the "origin" remote must be the mirror source
3. the "origin" repository must be accessible without authentication OR
the credentials must be embedded in the origin url (not recommended)
Notes:
1. "origin" SSH urls are untested and not likely to work
2. mirrors cloned while Gitblit is running are likely to require
clearing the gitblit cache (link on the repositories page of an
administrator account)
3. Gitblit will automatically repair any invalid fetch refspecs with a
"//" sequence.
Change-Id: I4bbe3fb2df106366ae4c2313596d0fab0dfcac46
Allows the home root link top-left anchor to be customised.
A new property web.rootLink has been introduced to
customise the link underlying the top-left logo in GitBlit.
When undefined the older behaviour is to link to the
GitBlit home page.
Disable *most* activity graphs when web.generateActivityGraph=false
This setting originally only worked for the Summary page, but since that
page was written, other pages have offered graphing. This setting will
now disable Google Chart requests on the Dashboard, Activity, and
Summary pages.
This is related to issue-310.
Implemented a graph servlet based on EGit/JGit's PlotWalk (issue-194)
The graph is generated server-side and therefore requires that the
commit table row height be fixed and match the row height of the
servlet. There will be layout misalignment if remotes refs are
displayed. Perhaps this can be improved in the future.
Change-Id: I39d0ffc7b1c3679976ce8c198c772ff86238f1a5
Add a new class, HtpasswdUserService, which performs authentication
against a text file created with the Apache 'htpasswd' program.
Added dependency on commons-codec:1.7
Add setting to cap number of activity days to display
This patch adds a setting, 'web.activityDurationMaximum', that specifies the
maximum number of days of activity that may be requested. The default value is
30. When the number of days requested exceeds this value, the request is
handled as though the maximum value was requested.
Renamed pushlog to reflog to better match it's current and future purpose.
Split PushesPanel into ReflogPanel and DigestsPanel.
Overhauled project pages and gave them a coherent purpose from the dashboard.