Implemented discrete repository access permissions to replace the
really primitive course-grained permissions used to this point. This
implementation allows for finer-grained access control, but still
falls short of integrated, branch-based permissions sought by some.
Access permissions follow the conventions established by Gitosis and
Gitolite so they should feel immediately comfortable to experienced
users. This permissions infrastructure is complete and works exactly as
expected. Unfortunately, there is no ui in this commit to change
permissions, that will be forthcoming. In the meantime, Gitblit
hot-reloads users.conf so the permissions can be manipulated at runtime
with a text editor.
The following per-repository permissions are now supported:
- V (view in web ui, RSS feeds, download zip)
- R (clone)
- RW (clone and push)
- RWC (clone and push with ref creation)
- RWD (clone and push with ref creation, deletion)
- RW+ (clone and push with ref creation, deletion, rewind)
And a users.conf entry looks something like this:
[user "hannibal"]
password = bossman
repository = RWD:topsecret.git
Use a custom redirect mechanism to workaround servlet container interference
This mechanism bypasses the standard Wicket redirect mechanism because it
turns out that the servlet container reencodes Wicket's relative redirect urls.
This results in another way that parameters with forward-slashes can be borked.
Bad, bad servlet container.
org.eclipse.jetty.server.Response#L447: String path=uri.getDecodedPath();
Preliminary implementation of server-side forking (issue 137)
The fork mechanism clones the repository , access restrictions, and
other config options. The app has been updated throughout to handle
personal repositories and to properly display origin/fork links.
In order to fork a repository the user account must have the #fork role,
the origin repository must permit forking, and the user account must
have standard clone permissions to the repository.
Because forking introduces a new user role no existing user accounts can
automatically begin forking a repository. This is both a pro and a con.
Since the fork has the same access restrictions as the origin repository,
those who can access the origin may also access the fork. This is intentional
to facilitate integration-manager workflow. The fork owner does have the
power to completely change the access restrictions of his/her fork.