Clarified access restrictions.

James Moger

2011-05-11 d0d438f480e29a5ebaf64449a5c3e7f4ebb13690

Clarified access restrictions.

 src/com/gitblit/Constants.java

@@ -13,9 +13,9 @@
    public static enum AccessRestrictionType {

        NONE, PUSH, CLONE, VIEW;



        public static AccessRestrictionType fromString(String name) {

        public static AccessRestrictionType fromName(String name) {

            for (AccessRestrictionType type : values()) {

                if (type.toString().equalsIgnoreCase(name)) {

                if (type.name().equalsIgnoreCase(name)) {

                    return type;

                }

            }

@@ -29,13 +29,13 @@
        public String toString() {

            switch (this) {

            case NONE:

                return "none";

                return "Anonymous View, Clone, & Push";

            case PUSH:

                return "push";

                return "Anonymous View & Clone, Authenticated Push";

            case CLONE:

                return "clone";

                return "Anonymous View, Authenticated Clone & Push";

            case VIEW:

                return "view";

                return "Authenticated View, Clone, & Push";

            }

            return "none";

        }


 src/com/gitblit/GitBlit.java

@@ -140,7 +140,7 @@
    public RepositoryModel getRepositoryModel(UserModel user, String repositoryName) {

        RepositoryModel model = getRepositoryModel(repositoryName);

        if (model.accessRestriction.atLeast(AccessRestrictionType.VIEW)) {

            if (user != null && user.canView(model)) {

            if (user != null && user.canAccessRepository(model.name)) {

                return model;

            }

            return null;

@@ -161,7 +161,7 @@
            model.owner = config.getString("gitblit", null, "owner");

            model.useTickets = config.getBoolean("gitblit", "useTickets", false);

            model.useDocs = config.getBoolean("gitblit", "useDocs", false);

            model.accessRestriction = AccessRestrictionType.fromString(config.getString("gitblit", null, "accessRestriction"));

            model.accessRestriction = AccessRestrictionType.fromName(config.getString("gitblit", null, "accessRestriction"));

            model.showRemoteBranches = config.getBoolean("gitblit", "showRemoteBranches", false);

        }

        r.close();

@@ -195,7 +195,7 @@
        config.setString("gitblit", null, "owner", repository.owner);

        config.setBoolean("gitblit", null, "useTickets", repository.useTickets);

        config.setBoolean("gitblit", null, "useDocs", repository.useDocs);

        config.setString("gitblit", null, "accessRestriction", repository.accessRestriction.toString());

        config.setString("gitblit", null, "accessRestriction", repository.accessRestriction.name());

        config.setBoolean("gitblit", null, "showRemoteBranches", repository.showRemoteBranches);

        try {

            config.save();


 src/com/gitblit/GitBlitServlet.java

@@ -49,9 +49,8 @@
                    boolean authorizedUser = req.isUserInRole(repository);

                    if (function.startsWith("git-receive-pack") || (query.indexOf("service=git-receive-pack") > -1)) {

                        // Push request

                        boolean pushRestricted = model.accessRestriction.atLeast(AccessRestrictionType.PUSH);

                        if (!pushRestricted || (pushRestricted && authorizedUser)) {

                            // push-unrestricted or push-authorized

                        if (authorizedUser) {

                            // clone-restricted or push-authorized

                            super.service(req, rsp);

                            return;

                        } else {

@@ -64,7 +63,7 @@
                        // Clone request

                        boolean cloneRestricted = model.accessRestriction.atLeast(AccessRestrictionType.CLONE);

                        if (!cloneRestricted || (cloneRestricted && authorizedUser)) {

                            // clone-unrestricted or clone-authorized

                            // push-restricted or clone-authorized

                            super.service(req, rsp);

                            return;

                        } else {


 src/com/gitblit/wicket/models/UserModel.java

@@ -4,8 +4,6 @@
import java.util.ArrayList;

import java.util.List;



import com.gitblit.Constants.AccessRestrictionType;



public class UserModel implements Serializable {



    private static final long serialVersionUID = 1L;

@@ -39,27 +37,9 @@
    public boolean canAdmin() {

        return canAdmin;

    }

	
    public boolean canClone(RepositoryModel repository) {

        return canAccess(repository, AccessRestrictionType.CLONE);

    }



    public boolean canPush(RepositoryModel repository) {

        return canAccess(repository, AccessRestrictionType.PUSH);

    }

	
    public boolean canView(RepositoryModel repository) {

        return canAccess(repository, AccessRestrictionType.VIEW);

    }

	
    private boolean canAccess(RepositoryModel repository, AccessRestrictionType minimum) {

        if (repository.accessRestriction.atLeast(minimum)) {

            // repository is restricted, must check roles

            return canAdmin || repositories.contains(repository.name);

        } else {

            // repository is not restricted

            return true;

        }

    public boolean canAccessRepository(String repositoryName) {

        return canAdmin || repositories.contains(repositoryName);

    }



    public void setCookie(String cookie) {