githubFork/gitblit.git - Solinfo Gitblit

			@@ -44,12 +44,13 @@

			import com.gitblit.Constants;
			import com.gitblit.Constants.AccessRestrictionType;
			import com.gitblit.GitBlit;
			import com.gitblit.IStoredSettings;
			import com.gitblit.Keys;
			import com.gitblit.client.Translation;
			import com.gitblit.manager.IGitblit;
			import com.gitblit.models.RepositoryModel;
			import com.gitblit.models.UserModel;
			import com.gitblit.tickets.BranchTicketService;
			import com.gitblit.utils.ArrayUtils;
			import com.gitblit.utils.ClientLogger;
			import com.gitblit.utils.CommitCache;
			@@ -85,16 +86,14 @@

			protected String gitblitUrl;

			protected String repositoryUrl;

			protected GroovyScriptEngine gse;

			private final IStoredSettings settings;
			protected final IStoredSettings settings;

			private final GitBlit gitblit;
			protected final IGitblit gitblit;

			public GitblitReceivePack(
			GitBlit gitblit,
			IGitblit gitblit,
			Repository db,
			RepositoryModel repository,
			UserModel user) {
			@@ -122,6 +121,32 @@
			// setup pre and post receive hook
			setPreReceiveHook(this);
			setPostReceiveHook(this);
			}

			/**
			* Returns true if the user is permitted to apply the receive commands to
			* the repository.
			*
			* @param commands
			* @return true if the user may push these commands
			*/
			protected boolean canPush(Collection<ReceiveCommand> commands) {
			// TODO Consider supporting branch permissions here (issue-36)
			// Not sure if that should be Gerrit-style, refs/meta/config, or
			// gitolite-style, permissions in users.conf
			//
			// How could commands be empty?
			//
			// Because a subclass, like PatchsetReceivePack, filters receive
			// commands before this method is called. This makes it possible for
			// this method to test an empty list. In this case, we assume that the
			// subclass receive pack properly enforces push restrictions. for the
			// ref.
			//
			// The empty test is not explicitly required, it's written here to
			// clarify special-case behavior.

			return commands.isEmpty() ? true : user.canPush(repository);
			}

			/**
			@@ -156,7 +181,7 @@
			return;
			}

			if (!user.canPush(repository)) {
			if (!canPush(commands)) {
			// user does not have push permissions
			for (ReceiveCommand cmd : commands) {
			sendRejection(cmd, "User \"{0}\" does not have push permissions for \"{1}\"!", user.username, repository.name);
			@@ -167,8 +192,11 @@
			if (repository.accessRestriction.atLeast(AccessRestrictionType.PUSH) && repository.verifyCommitter) {
			// enforce committer verification
			if (StringUtils.isEmpty(user.emailAddress)) {
			// emit warning if user does not have an email address
			LOGGER.warn(MessageFormat.format("Consider setting an email address for {0} ({1}) to improve committer verification.", user.getDisplayName(), user.username));
			// reject the push because the pushing account does not have an email address
			for (ReceiveCommand cmd : commands) {
			sendRejection(cmd, "Sorry, the account \"{0}\" does not have an email address set for committer verification!", user.username);
			}
			return;
			}

			// Optionally enforce that the committer of first parent chain
			@@ -201,16 +229,9 @@

			PersonIdent committer = commit.getCommitterIdent();
			if (!user.is(committer.getName(), committer.getEmailAddress())) {
			String reason;
			if (StringUtils.isEmpty(user.emailAddress)) {
			// account does not have an email address
			reason = MessageFormat.format("{0} by {1} <{2}> was not committed by {3} ({4})",
			commit.getId().name(), committer.getName(), StringUtils.isEmpty(committer.getEmailAddress()) ? "?":committer.getEmailAddress(), user.getDisplayName(), user.username);
			} else {
			// account has an email address
			reason = MessageFormat.format("{0} by {1} <{2}> was not committed by {3} ({4}) <{5}>",
			commit.getId().name(), committer.getName(), StringUtils.isEmpty(committer.getEmailAddress()) ? "?":committer.getEmailAddress(), user.getDisplayName(), user.username, user.emailAddress);
			}
			// verification failed
			String reason = MessageFormat.format("{0} by {1} <{2}> was not committed by {3} ({4}) <{5}>",
			commit.getId().name(), committer.getName(), StringUtils.isEmpty(committer.getEmailAddress()) ? "?":committer.getEmailAddress(), user.getDisplayName(), user.username, user.emailAddress);
			LOGGER.warn(reason);
			cmd.setResult(Result.REJECTED_OTHER_REASON, reason);
			allRejected &= true;
			@@ -230,18 +251,28 @@
			}
			}

			// reset branch commit cache on REWIND and DELETE
			for (ReceiveCommand cmd : commands) {
			String ref = cmd.getRefName();
			if (ref.startsWith(Constants.R_HEADS)) {
			switch (cmd.getType()) {
			case UPDATE_NONFASTFORWARD:
			case DELETE:
			// reset branch commit cache on REWIND and DELETE
			CommitCache.instance().clear(repository.name, ref);
			break;
			default:
			break;
			}
			} else if (ref.equals(BranchTicketService.BRANCH)) {
			// ensure pushing user is an administrator OR an owner
			// i.e. prevent ticket tampering
			boolean permitted = user.canAdmin() \|\| repository.isOwner(user.username);
			if (!permitted) {
			sendRejection(cmd, "{0} is not permitted to push to {1}", user.username, ref);
			}
			} else if (ref.startsWith(Constants.R_FOR)) {
			// prevent accidental push to refs/for
			sendRejection(cmd, "{0} is not configured to receive patchsets", repository.name);
			}
			}

			@@ -339,6 +370,15 @@
			LOGGER.error(MessageFormat.format("Failed to update {0} pushlog", repository.name), e);
			}

			// check for updates pushed to the BranchTicketService branch
			// if the BranchTicketService is active it will reindex, as appropriate
			for (ReceiveCommand cmd : commands) {
			if (Result.OK.equals(cmd.getResult())
			&& BranchTicketService.BRANCH.equals(cmd.getRefName())) {
			rp.getRepository().fireEvent(new ReceiveCommandEvent(repository, cmd));
			}
			}

			// run Groovy hook scripts
			Set<String> scripts = new LinkedHashSet<String>();
			scripts.addAll(gitblit.getPostReceiveScriptsInherited(repository));
			@@ -394,10 +434,6 @@
			this.gitblitUrl = url;
			}

			protected void setRepositoryUrl(String url) {
			this.repositoryUrl = url;
			}

			protected void sendRejection(final ReceiveCommand cmd, final String why, Object... objects) {
			String text;
			if (ArrayUtils.isEmpty(objects)) {
			@@ -410,14 +446,14 @@
			}

			protected void sendHeader(String msg, Object... objects) {
			sendMessage("--->", msg, objects);
			sendInfo("--> ", msg, objects);
			}

			protected void sendMessage(String msg, Object... objects) {
			sendMessage(" ", msg, objects);
			protected void sendInfo(String msg, Object... objects) {
			sendInfo(" ", msg, objects);
			}

			protected void sendMessage(String prefix, String msg, Object... objects) {
			protected void sendInfo(String prefix, String msg, Object... objects) {
			String text;
			if (ArrayUtils.isEmpty(objects)) {
			text = msg;
			@@ -426,7 +462,9 @@
			text = MessageFormat.format(msg, objects);
			super.sendMessage(prefix + text);
			}
			LOGGER.info(text + " (" + user.username + ")");
			if (!StringUtils.isEmpty(msg)) {
			LOGGER.info(text + " (" + user.username + ")");
			}
			}

			protected void sendError(String msg, Object... objects) {
			@@ -438,7 +476,9 @@
			text = MessageFormat.format(msg, objects);
			super.sendError(text);
			}
			LOGGER.error(text + " (" + user.username + ")");
			if (!StringUtils.isEmpty(msg)) {
			LOGGER.error(text + " (" + user.username + ")");
			}
			}

			/**