Gitblit devel
blame | history | patch | commit | commitdiff | ignore whitespace
James Moger
2012-10-13 c658df9e87d65b08d5482cf04489cb0532ff83dd 
 src/com/gitblit/GitFilter.java


@@ -32,11 +32,11 @@


 */



public class GitFilter extends AccessRestrictionFilter {







   protected final String gitReceivePack = "/git-receive-pack";



   protected static final String gitReceivePack = "/git-receive-pack";







   protected final String gitUploadPack = "/git-upload-pack";



   protected static final String gitUploadPack = "/git-upload-pack";







   protected final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",



   protected static final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",



         "/objects" };







   /**



@@ -45,9 +45,8 @@


    * @param url



    * @return repository name



    */



   @Override



   protected String extractRepositoryName(String url) {



      String repository = url;



   public static String getRepositoryName(String value) {



      String repository = value;



      // get the repository name from the url by finding a known url suffix



      for (String urlSuffix : suffixes) {



         if (repository.indexOf(urlSuffix) > -1) {



@@ -58,10 +57,21 @@


   }







   /**



    * Extract the repository name from the url.



    * 


    * @param url



    * @return repository name



    */



   @Override



   protected String extractRepositoryName(String url) {



      return GitFilter.getRepositoryName(url);



   }







   /**



    * Analyze the url and returns the action of the request. Return values are



    * either "/git-receive-pack" or "/git-upload-pack".



    * 



    * @param url



    * @param serverUrl



    * @return action of the request



    */



   @Override



@@ -75,20 +85,51 @@


            return gitReceivePack;



         } else if (suffix.contains("?service=git-upload-pack")) {



            return gitUploadPack;



         } else {



            return gitUploadPack;



         }



      }



      return null;



   }



	


   /**



    * Determine if the repository can receive pushes.



    * 


    * @param repository



    * @param action



    * @return true if the action may be performed



    */



   @Override



   protected boolean isActionAllowed(RepositoryModel repository, String action) {



      if (!StringUtils.isEmpty(action)) {



         if (action.equals(gitReceivePack)) {



            // Push request



            if (!repository.isBare) {



               logger.warn("Gitblit does not allow pushes to repositories with a working copy");



               return false;



            }



         }



      }



      return true;



   }







   /**



    * Determine if the repository requires authentication.



    * 



    * @param repository



    * @param action



    * @return true if authentication required



    */



   @Override



   protected boolean requiresAuthentication(RepositoryModel repository) {



      return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);



   protected boolean requiresAuthentication(RepositoryModel repository, String action) {



      if (gitUploadPack.equals(action)) {



         // send to client



         return repository.accessRestriction.atLeast(AccessRestrictionType.CLONE);	


      } else if (gitReceivePack.equals(action)) {



         // receive from client



         return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);



      }



      return false;



   }







   /**



@@ -105,33 +146,26 @@


      if (!GitBlit.getBoolean(Keys.git.enableGitServlet, true)) {



         // Git Servlet disabled



         return false;



      }



      if (repository.isFrozen || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {



         boolean authorizedUser = user.canAccessRepository(repository.name);



         if (action.equals(gitReceivePack)) {



            // Push request



            if (!repository.isFrozen && authorizedUser) {



               // clone-restricted or push-authorized



               return true;



            } else {



               // user is unauthorized to push to this repository



               logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",



                     user.username, repository));



               return false;



            }



         } else if (action.equals(gitUploadPack)) {



            // Clone request



            boolean cloneRestricted = repository.accessRestriction



                  .atLeast(AccessRestrictionType.CLONE);



            if (!cloneRestricted || (cloneRestricted && authorizedUser)) {



               // push-restricted or clone-authorized



               return true;



            } else {



               // user is unauthorized to clone this repository



               logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}",



                     user.username, repository));



               return false;



            }



      }		


      if (action.equals(gitReceivePack)) {



         // Push request



         if (user.canPush(repository)) {



            return true;



         } else {



            // user is unauthorized to push to this repository



            logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",



                  user.username, repository));



            return false;



         }



      } else if (action.equals(gitUploadPack)) {



         // Clone request



         if (user.canClone(repository)) {



            return true;



         } else {



            // user is unauthorized to clone this repository



            logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}",



                  user.username, repository));



            return false;



         }



      }



      return true;