From eecaad8b8e2c447429c31a01d49260ddd6b4ee03 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 16 Apr 2016 17:35:32 -0400
Subject: [PATCH] Proof of concept #1026

---
 src/main/java/com/gitblit/wicket/AuthorizationStrategy.java |   25 +++++++++++++++----------
 1 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/AuthorizationStrategy.java b/src/main/java/com/gitblit/wicket/AuthorizationStrategy.java
index 765d860..51ae648 100644
--- a/src/main/java/com/gitblit/wicket/AuthorizationStrategy.java
+++ b/src/main/java/com/gitblit/wicket/AuthorizationStrategy.java
@@ -19,32 +19,37 @@
 import org.apache.wicket.RestartResponseException;
 import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;
 import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy;
+import org.apache.wicket.markup.html.WebPage;
 
-import com.gitblit.GitBlit;
+import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
 import com.gitblit.models.UserModel;
 import com.gitblit.wicket.pages.BasePage;
-import com.gitblit.wicket.pages.RepositoriesPage;
 
 public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements
 		IUnauthorizedComponentInstantiationListener {
 
-	public AuthorizationStrategy() {
+	IStoredSettings settings;
+	Class<? extends WebPage> homepageClass;
+
+	public AuthorizationStrategy(IStoredSettings settings, Class<? extends WebPage> homepageClass) {
+		this.settings = settings;
+		this.homepageClass = homepageClass;
 	}
 
 	@SuppressWarnings({ "unchecked", "rawtypes" })
 	@Override
 	protected boolean isPageAuthorized(Class pageClass) {
-		if (RepositoriesPage.class.equals(pageClass)) {
-			// allow all requests to get to the RepositoriesPage with its inline
+		if (homepageClass.equals(pageClass)) {
+			// allow all requests to get to the HomePage with its inline
 			// authentication form
 			return true;
 		}
 
 		if (BasePage.class.isAssignableFrom(pageClass)) {
-			boolean authenticateView = GitBlit.getBoolean(Keys.web.authenticateViewPages, true);
-			boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);
-			boolean allowAdmin = GitBlit.getBoolean(Keys.web.allowAdministration, true);
+			boolean authenticateView = settings.getBoolean(Keys.web.authenticateViewPages, true);
+			boolean authenticateAdmin = settings.getBoolean(Keys.web.authenticateAdminPages, true);
+			boolean allowAdmin = settings.getBoolean(Keys.web.allowAdministration, true);
 
 			GitBlitWebSession session = GitBlitWebSession.get();
 			if (authenticateView && !session.isLoggedIn()) {
@@ -78,9 +83,9 @@
 
 	@Override
 	public void onUnauthorizedInstantiation(Component component) {
-		
+
 		if (component instanceof BasePage) {
-			throw new RestartResponseException(RepositoriesPage.class);
+			throw new RestartResponseException(homepageClass);
 		}
 	}
 }

--
Gitblit v1.9.1