From 20714aee0d2d2a989d93d6065e081aed8ac85fbf Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 10 Oct 2012 00:05:34 -0400
Subject: [PATCH] Finer-grained repository access permissions (issue 36)

---
 src/com/gitblit/GitServlet.java |   35 ++++++++++++++++++++++++++++++++++-
 1 files changed, 34 insertions(+), 1 deletions(-)

diff --git a/src/com/gitblit/GitServlet.java b/src/com/gitblit/GitServlet.java
index 2571693..8e2326d 100644
--- a/src/com/gitblit/GitServlet.java
+++ b/src/com/gitblit/GitServlet.java
@@ -105,6 +105,21 @@
 				ReceivePack rp = super.create(req, db);
 				rp.setPreReceiveHook(hook);
 				rp.setPostReceiveHook(hook);
+
+				// determine pushing user
+				PersonIdent person = rp.getRefLogIdent();
+				UserModel user = GitBlit.self().getUserModel(person.getName());
+				if (user == null) {
+					// anonymous push, create a temporary usermodel
+					user = new UserModel(person.getName());
+				}
+				
+				// enforce advanced ref permissions
+				RepositoryModel repository = GitBlit.self().getRepositoryModel(repositoryName);
+				rp.setAllowCreates(user.canCreateRef(repository));
+				rp.setAllowDeletes(user.canDeleteRef(repository));
+				rp.setAllowNonFastForwards(user.canRewindRef(repository));
+				
 				return rp;
 			}
 		});
@@ -209,7 +224,25 @@
 			scripts.addAll(repository.postReceiveScripts);
 			UserModel user = getUserModel(rp);
 			runGroovy(repository, user, commands, rp, scripts);
-
+			for (ReceiveCommand cmd : commands) {
+				if (Result.OK.equals(cmd.getResult())) {
+					// add some logging for important ref changes
+					switch (cmd.getType()) {
+					case DELETE:
+						logger.info(MessageFormat.format("{0} DELETED {1} in {2} ({3})", user.username, cmd.getRefName(), repository.name, cmd.getOldId().name()));
+						break;
+					case CREATE:
+						logger.info(MessageFormat.format("{0} CREATED {1} in {2}", user.username, cmd.getRefName(), repository.name));
+						break;
+					case UPDATE_NONFASTFORWARD:
+						logger.info(MessageFormat.format("{0} UPDATED NON-FAST-FORWARD {1} in {2} (from {3} to {4})", user.username, cmd.getRefName(), repository.name, cmd.getOldId().name(), cmd.getNewId().name()));
+						break;
+					default:
+						break;
+					}
+				}
+			}
+			
 			// Experimental
 			// runNativeScript(rp, "hooks/post-receive", commands);
 		}

--
Gitblit v1.9.1