Gitblit devel
blame | history | patch | commit | commitdiff | ignore whitespace
Paul Martin
2016-04-30 a502d96a860456ec5e8c96761db70f7cabb74751 
 src/main/java/com/gitblit/servlet/RpcFilter.java


@@ -18,8 +18,8 @@


import java.io.IOException;



import java.text.MessageFormat;







import javax.inject.Inject;



import javax.inject.Singleton;



import com.google.inject.Inject;



import com.google.inject.Singleton;



import javax.servlet.FilterChain;



import javax.servlet.ServletException;



import javax.servlet.ServletRequest;



@@ -27,13 +27,11 @@


import javax.servlet.http.HttpServletRequest;



import javax.servlet.http.HttpServletResponse;







import com.gitblit.Constants;



import com.gitblit.Constants.RpcRequest;



import com.gitblit.IStoredSettings;



import com.gitblit.Keys;



import com.gitblit.Constants.RpcRequest;



import com.gitblit.Keys.web;



import com.gitblit.manager.IAuthenticationManager;



import com.gitblit.manager.IRuntimeManager;



import com.gitblit.manager.ISessionManager;



import com.gitblit.models.UserModel;







/**



@@ -52,17 +50,19 @@


@Singleton



public class RpcFilter extends AuthenticationFilter {







   private final IStoredSettings settings;



   private IStoredSettings settings;







   private final IRuntimeManager runtimeManager;



   private IRuntimeManager runtimeManager;







   @Inject



   public RpcFilter(



         IStoredSettings settings,



         IRuntimeManager runtimeManager,



         ISessionManager sessionManager) {



         IAuthenticationManager authenticationManager) {







      super(sessionManager);



      this.settings = runtimeManager.getSettings();



      super(authenticationManager);







      this.settings = settings;



      this.runtimeManager = runtimeManager;



   }







@@ -128,7 +128,7 @@


            return;



         } else {



            // check user access for request



            if (user.canAdmin() || canAccess(user, requestType)) {



            if (user.canAdmin() || !adminRequest) {



               // authenticated request permitted.



               // pass processing to the restricted servlet.



               newSession(authenticatedRequest, httpResponse);



@@ -138,10 +138,8 @@


               return;



            }



            // valid user, but not for requested access. send 403.



            if (runtimeManager.isDebugMode()) {



               logger.info(MessageFormat.format("RPC: {0} forbidden to access {1}",



            logger.warn(MessageFormat.format("RPC: {0} forbidden to access {1}",



                     user.username, fullUrl));



            }



            httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);



            return;



         }



@@ -155,15 +153,4 @@


      // pass processing to the restricted servlet.



      chain.doFilter(authenticatedRequest, httpResponse);



   }







   private boolean canAccess(UserModel user, RpcRequest requestType) {



      switch (requestType) {



      case GET_PROTOCOL:



         return true;



      case LIST_REPOSITORIES:



         return true;



      default:



         return user.canAdmin();



      }



   }



}


}