| | |
|---|
| | | // non-persisted fields
|
|---|
| | | public boolean isAuthenticated;
|
|---|
| | | public AccountType accountType;
|
|---|
| | |
|
|---|
| | | public UserPreferences userPreferences;
|
|---|
| | |
|
|---|
| | | public UserModel(String username) {
|
|---|
| | | this.username = username;
|
|---|
| | | this.isAuthenticated = true;
|
|---|
| | | this.accountType = AccountType.LOCAL;
|
|---|
| | | this.userPreferences = new UserPreferences(this.username);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | private UserModel() {
|
|---|
| | | this.username = "$anonymous";
|
|---|
| | | this.isAuthenticated = false;
|
|---|
| | | this.accountType = AccountType.LOCAL;
|
|---|
| | | this.userPreferences = new UserPreferences(this.username);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | public boolean isLocalAccount() {
|
|---|
| | |
|---|
| | | ap.registrantType = RegistrantType.USER;
|
|---|
| | | ap.permission = AccessPermission.NONE;
|
|---|
| | | ap.mutable = false;
|
|---|
| | | |
|---|
| | | // determine maximum permission for the repository
|
|---|
| | | final AccessPermission maxPermission = |
|---|
| | | (repository.isFrozen || !repository.isBare) ?
|
|---|
| | | AccessPermission.CLONE : AccessPermission.REWIND;
|
|---|
| | |
|
|---|
| | | if (AccessRestrictionType.NONE.equals(repository.accessRestriction)) {
|
|---|
| | | // anonymous rewind
|
|---|
| | | ap.permissionType = PermissionType.ADMINISTRATOR;
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | ap.permissionType = PermissionType.ANONYMOUS;
|
|---|
| | | if (AccessPermission.REWIND.atMost(maxPermission)) {
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | } else {
|
|---|
| | | ap.permission = maxPermission;
|
|---|
| | | }
|
|---|
| | | return ap;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | // administrator
|
|---|
| | | if (canAdmin()) {
|
|---|
| | | ap.permissionType = PermissionType.ADMINISTRATOR;
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | if (AccessPermission.REWIND.atMost(maxPermission)) {
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | } else {
|
|---|
| | | ap.permission = maxPermission;
|
|---|
| | | }
|
|---|
| | | if (!canAdmin) {
|
|---|
| | | // administator permission from team membership
|
|---|
| | | for (TeamModel team : teams) {
|
|---|
| | |
|---|
| | | // repository owner - either specified owner or personal repository
|
|---|
| | | if (repository.isOwner(username) || repository.isUsersPersonalRepository(username)) {
|
|---|
| | | ap.permissionType = PermissionType.OWNER;
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | if (AccessPermission.REWIND.atMost(maxPermission)) {
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | } else {
|
|---|
| | | ap.permission = maxPermission;
|
|---|
| | | }
|
|---|
| | | return ap;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | if (AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl) && isAuthenticated) {
|
|---|
| | | // AUTHENTICATED is a shortcut for authorizing all logged-in users RW+ access
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | if (AccessPermission.REWIND.atMost(maxPermission)) {
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | } else {
|
|---|
| | | ap.permission = maxPermission;
|
|---|
| | | }
|
|---|
| | | return ap;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | |
|---|
| | | if (permissions.containsKey(repository.name.toLowerCase())) {
|
|---|
| | | // exact repository permission specified, use it
|
|---|
| | | AccessPermission p = permissions.get(repository.name.toLowerCase());
|
|---|
| | | if (p != null) {
|
|---|
| | | if (p != null && repository.accessRestriction.isValidPermission(p)) {
|
|---|
| | | ap.permissionType = PermissionType.EXPLICIT;
|
|---|
| | | ap.permission = p;
|
|---|
| | | if (p.atMost(maxPermission)) {
|
|---|
| | | ap.permission = p;
|
|---|
| | | } else {
|
|---|
| | | ap.permission = maxPermission;
|
|---|
| | | }
|
|---|
| | | ap.mutable = true;
|
|---|
| | | return ap;
|
|---|
| | | }
|
|---|
| | |
|---|
| | | for (String key : permissions.keySet()) {
|
|---|
| | | if (StringUtils.matchesIgnoreCase(repository.name, key)) {
|
|---|
| | | AccessPermission p = permissions.get(key);
|
|---|
| | | if (p != null) {
|
|---|
| | | if (p != null && repository.accessRestriction.isValidPermission(p)) {
|
|---|
| | | // take first match
|
|---|
| | | ap.permissionType = PermissionType.REGEX;
|
|---|
| | | ap.permission = p;
|
|---|
| | | if (p.atMost(maxPermission)) {
|
|---|
| | | ap.permission = p;
|
|---|
| | | } else {
|
|---|
| | | ap.permission = maxPermission;
|
|---|
| | | }
|
|---|
| | | ap.source = key;
|
|---|
| | | return ap;
|
|---|
| | | }
|
|---|
| | |
|---|
| | | // try to find a team match
|
|---|
| | | for (TeamModel team : teams) {
|
|---|
| | | RegistrantAccessPermission p = team.getRepositoryPermission(repository);
|
|---|
| | | if (p.permission.exceeds(ap.permission)) {
|
|---|
| | | // use highest team permission
|
|---|
| | | if (p.permission.atMost(maxPermission) && p.permission.exceeds(ap.permission) && PermissionType.ANONYMOUS != p.permissionType) {
|
|---|
| | | // use highest team permission that is not an implicit permission
|
|---|
| | | ap.permission = p.permission;
|
|---|
| | | ap.source = team.name;
|
|---|
| | | ap.permissionType = PermissionType.TEAM;
|
|---|
| | | }
|
|---|
| | | } |
|---|
| | | }
|
|---|
| | | |
|---|
| | | // still no explicit, regex, or team match, check for implicit permissions
|
|---|
| | | if (AccessPermission.NONE == ap.permission) {
|
|---|
| | | switch (repository.accessRestriction) {
|
|---|
| | | case VIEW:
|
|---|
| | | // no implicit permissions possible
|
|---|
| | | break;
|
|---|
| | | case CLONE:
|
|---|
| | | // implied view permission
|
|---|
| | | ap.permission = AccessPermission.VIEW;
|
|---|
| | | ap.permissionType = PermissionType.ANONYMOUS;
|
|---|
| | | break;
|
|---|
| | | case PUSH:
|
|---|
| | | // implied clone permission
|
|---|
| | | ap.permission = AccessPermission.CLONE;
|
|---|
| | | ap.permissionType = PermissionType.ANONYMOUS;
|
|---|
| | | break;
|
|---|
| | | case NONE:
|
|---|
| | | // implied REWIND or CLONE
|
|---|
| | | ap.permission = maxPermission;
|
|---|
| | | ap.permissionType = PermissionType.ANONYMOUS;
|
|---|
| | | break;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | return ap;
|
|---|
| | | }
|
|---|
| | |
|---|
| | | return "~" + username;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | public UserPreferences getPreferences() {
|
|---|
| | | return userPreferences;
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | @Override
|
|---|
| | | public int hashCode() {
|
|---|
| | | return username.hashCode();
|
|---|
