| | |
|---|
| | | */ |
|---|
| | | package com.gitblit.git; |
|---|
| | | |
|---|
| | | import java.util.Map; |
|---|
| | | |
|---|
| | | import javax.servlet.http.HttpServletRequest; |
|---|
| | | |
|---|
| | | import org.eclipse.jgit.lib.Ref; |
|---|
| | | import org.eclipse.jgit.lib.Repository; |
|---|
| | | import org.eclipse.jgit.transport.DaemonClient; |
|---|
| | | import org.eclipse.jgit.transport.RefFilter; |
|---|
| | | import org.eclipse.jgit.transport.UploadPack; |
|---|
| | | import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException; |
|---|
| | | import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException; |
|---|
| | | import org.eclipse.jgit.transport.resolver.UploadPackFactory; |
|---|
| | | |
|---|
| | | import com.gitblit.GitBlit; |
|---|
| | | import com.gitblit.models.UserModel; |
|---|
| | | import com.gitblit.utils.IssueUtils; |
|---|
| | | import com.gitblit.utils.PushLogUtils; |
|---|
| | | import com.gitblit.manager.IAuthenticationManager; |
|---|
| | | import com.gitblit.transport.git.GitDaemonClient; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * The upload pack factory creates an upload pack which controls what refs are |
|---|
| | | * advertised to cloning/pulling clients. |
|---|
| | | * |
|---|
| | | * |
|---|
| | | * @author James Moger |
|---|
| | | * |
|---|
| | | * |
|---|
| | | * @param <X> the connection type |
|---|
| | | */ |
|---|
| | | public class GitblitUploadPackFactory<X> implements UploadPackFactory<X> { |
|---|
| | | |
|---|
| | | private final IAuthenticationManager authenticationManager; |
|---|
| | | |
|---|
| | | public GitblitUploadPackFactory(IAuthenticationManager authenticationManager) { |
|---|
| | | this.authenticationManager = authenticationManager; |
|---|
| | | } |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | public UploadPack create(X req, Repository db) |
|---|
| | | throws ServiceNotEnabledException, ServiceNotAuthorizedException { |
|---|
| | | |
|---|
| | | UserModel user = UserModel.ANONYMOUS; |
|---|
| | | int timeout = 0; |
|---|
| | | |
|---|
| | | if (req instanceof HttpServletRequest) { |
|---|
| | | // http/https request may or may not be authenticated |
|---|
| | | user = GitBlit.self().authenticate((HttpServletRequest) req); |
|---|
| | | if (user == null) { |
|---|
| | | user = UserModel.ANONYMOUS; |
|---|
| | | } |
|---|
| | | } else if (req instanceof DaemonClient) { |
|---|
| | | if (req instanceof GitDaemonClient) { |
|---|
| | | // git daemon request is always anonymous |
|---|
| | | DaemonClient client = (DaemonClient) req; |
|---|
| | | GitDaemonClient client = (GitDaemonClient) req; |
|---|
| | | // set timeout from Git daemon |
|---|
| | | timeout = client.getDaemon().getTimeout(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | RefFilter refFilter = new UserRefFilter(user); |
|---|
| | | UploadPack up = new UploadPack(db); |
|---|
| | | up.setRefFilter(refFilter); |
|---|
| | | up.setTimeout(timeout); |
|---|
| | | |
|---|
| | | |
|---|
| | | return up; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Restricts advertisement of certain refs based on the permission of the |
|---|
| | | * requesting user. |
|---|
| | | */ |
|---|
| | | public static class UserRefFilter implements RefFilter { |
|---|
| | | |
|---|
| | | final UserModel user; |
|---|
| | | |
|---|
| | | public UserRefFilter(UserModel user) { |
|---|
| | | this.user = user; |
|---|
| | | } |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | public Map<String, Ref> filter(Map<String, Ref> refs) { |
|---|
| | | if (user.canAdmin()) { |
|---|
| | | // admins can see all refs |
|---|
| | | return refs; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // normal users can not clone gitblit refs |
|---|
| | | refs.remove(IssueUtils.GB_ISSUES); |
|---|
| | | refs.remove(PushLogUtils.GB_PUSHES); |
|---|
| | | return refs; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
