| | |
|---|
| | | return;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | boolean adminRequest = requestType.exceeds(RpcRequest.LIST_BRANCHES);
|
|---|
| | | boolean adminRequest = requestType.exceeds(RpcRequest.LIST_SETTINGS);
|
|---|
| | |
|
|---|
| | | // conditionally reject all rpc requests
|
|---|
| | | if (!GitBlit.getBoolean(Keys.web.enableRpcServlet, true)) {
|
|---|
| | |
|---|
| | |
|
|---|
| | | // conditionally reject rpc management/administration requests
|
|---|
| | | if (adminRequest && !GitBlit.getBoolean(Keys.web.enableRpcManagement, false)) {
|
|---|
| | | logger.warn(Keys.web.enableRpcManagement
|
|---|
| | | + " must be set TRUE for management/administrative rpc requests.");
|
|---|
| | | logger.warn(MessageFormat.format("{0} must be set TRUE for {1} rpc requests.",
|
|---|
| | | Keys.web.enableRpcManagement, requestType.toString()));
|
|---|
| | | httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
|
|---|
| | | return;
|
|---|
| | | }
|
|---|
| | |
|---|
| | | return;
|
|---|
| | | } else {
|
|---|
| | | // check user access for request
|
|---|
| | | if (user.canAdmin || canAccess(user, requestType)) {
|
|---|
| | | if (user.canAdmin() || canAccess(user, requestType)) {
|
|---|
| | | // authenticated request permitted.
|
|---|
| | | // pass processing to the restricted servlet.
|
|---|
| | | newSession(authenticatedRequest, httpResponse);
|
|---|
| | |
|---|
| | |
|
|---|
| | | private boolean canAccess(UserModel user, RpcRequest requestType) {
|
|---|
| | | switch (requestType) {
|
|---|
| | | case GET_PROTOCOL:
|
|---|
| | | return true;
|
|---|
| | | case LIST_REPOSITORIES:
|
|---|
| | | return true;
|
|---|
| | | default:
|
|---|
| | | return user.canAdmin;
|
|---|
| | | return user.canAdmin();
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | } |
|---|
