From 23c416f30f4a1e69e76b70d71f6a9a7da4a020f1 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 10 Apr 2014 18:58:09 -0400
Subject: [PATCH] Hook-up comprensive command cleanup (destroy)

---
 src/main/java/com/gitblit/models/UserModel.java |  106 +++++++++++++++++++---------------------------------
 1 files changed, 39 insertions(+), 67 deletions(-)

diff --git a/src/main/java/com/gitblit/models/UserModel.java b/src/main/java/com/gitblit/models/UserModel.java
index 446db3a..675835d 100644
--- a/src/main/java/com/gitblit/models/UserModel.java
+++ b/src/main/java/com/gitblit/models/UserModel.java
@@ -27,13 +27,13 @@
 import java.util.Set;
 import java.util.TreeSet;
 
+import com.gitblit.Constants;
 import com.gitblit.Constants.AccessPermission;
 import com.gitblit.Constants.AccessRestrictionType;
 import com.gitblit.Constants.AccountType;
 import com.gitblit.Constants.AuthorizationControl;
 import com.gitblit.Constants.PermissionType;
 import com.gitblit.Constants.RegistrantType;
-import com.gitblit.Constants.Unused;
 import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.ModelUtils;
 import com.gitblit.utils.StringUtils;
@@ -67,6 +67,7 @@
 	public boolean canFork;
 	public boolean canCreate;
 	public boolean excludeFromFederation;
+	public boolean disabled;
 	// retained for backwards-compatibility with RPC clients
 	@Deprecated
 	public final Set<String> repositories = new HashSet<String>();
@@ -94,58 +95,9 @@
 	}
 
 	public boolean isLocalAccount() {
-		return accountType.isLocal();
-	}
-
-	/**
-	 * This method does not take into consideration Ownership where the
-	 * administrator has not explicitly granted access to the owner.
-	 *
-	 * @param repositoryName
-	 * @return
-	 */
-	@Deprecated
-	public boolean canAccessRepository(String repositoryName) {
-		return canAdmin() || repositories.contains(repositoryName.toLowerCase())
-				|| hasTeamAccess(repositoryName);
-	}
-
-	@Deprecated
-	@Unused
-	public boolean canAccessRepository(RepositoryModel repository) {
-		boolean isOwner = repository.isOwner(username);
-		boolean allowAuthenticated = isAuthenticated && AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl);
-		return canAdmin() || isOwner || repositories.contains(repository.name.toLowerCase())
-				|| hasTeamAccess(repository.name) || allowAuthenticated;
-	}
-
-	@Deprecated
-	@Unused
-	public boolean hasTeamAccess(String repositoryName) {
-		for (TeamModel team : teams) {
-			if (team.hasRepositoryPermission(repositoryName)) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	@Deprecated
-	@Unused
-	public boolean hasRepository(String name) {
-		return hasRepositoryPermission(name);
-	}
-
-	@Deprecated
-	@Unused
-	public void addRepository(String name) {
-		addRepositoryPermission(name);
-	}
-
-	@Deprecated
-	@Unused
-	public void removeRepository(String name) {
-		removeRepositoryPermission(name);
+		return !Constants.EXTERNAL_ACCOUNT.equals(password)
+				|| accountType == null
+				|| accountType.isLocal();
 	}
 
 	/**
@@ -495,6 +447,31 @@
 		return canAdmin() || model.isUsersPersonalRepository(username) || model.isOwner(username);
 	}
 
+	public boolean canEdit(TicketModel ticket, RepositoryModel repository) {
+		 return isAuthenticated() &&
+				 (canPush(repository)
+				 || (ticket != null && username.equals(ticket.responsible))
+				 || (ticket != null && username.equals(ticket.createdBy)));
+	}
+
+	public boolean canAdmin(TicketModel ticket, RepositoryModel repository) {
+		 return isAuthenticated() &&
+				 (canPush(repository)
+				 || ticket != null && username.equals(ticket.responsible));
+	}
+
+	public boolean canReviewPatchset(RepositoryModel model) {
+		return isAuthenticated() && canClone(model);
+	}
+
+	public boolean canApprovePatchset(RepositoryModel model) {
+		return isAuthenticated() && canPush(model);
+	}
+
+	public boolean canVetoPatchset(RepositoryModel model) {
+		return isAuthenticated() && canPush(model);
+	}
+
 	/**
 	 * This returns true if the user has fork privileges or the user has fork
 	 * privileges because of a team membership.
@@ -576,6 +553,10 @@
 		return false;
 	}
 
+	public boolean isAuthenticated() {
+		return !UserModel.ANONYMOUS.equals(this) && isAuthenticated;
+	}
+
 	public boolean isTeamMember(String teamname) {
 		for (TeamModel team : teams) {
 			if (team.name.equalsIgnoreCase(teamname)) {
@@ -648,30 +629,21 @@
 	 * @return true, if the name and email address match this account
 	 */
 	public boolean is(String name, String email) {
-		// at a minimum a usename or display name must be supplied
-		if (StringUtils.isEmpty(name)) {
+		// at a minimum a username or display name AND email address must be supplied
+		if (StringUtils.isEmpty(name) || StringUtils.isEmpty(email)) {
 			return false;
 		}
 		boolean nameVerified = name.equalsIgnoreCase(username) || name.equalsIgnoreCase(getDisplayName());
 		boolean emailVerified = false;
 		if (StringUtils.isEmpty(emailAddress)) {
 			// user account has not specified an email address
-			// rely on username/displayname verification
-			emailVerified = true;
+			// fail
+			emailVerified = false;
 		} else {
 			// user account has specified an email address
-			// require email address verification
-			if (!StringUtils.isEmpty(email)) {
-				emailVerified = email.equalsIgnoreCase(emailAddress);
-			}
+			emailVerified = email.equalsIgnoreCase(emailAddress);
 		}
 		return nameVerified && emailVerified;
-	}
-
-	@Deprecated
-	public boolean hasBranchPermission(String repositoryName, String branch) {
-		// Default UserModel doesn't implement branch-level security. Other Realms (i.e. Gerrit) may override this method.
-		return hasRepositoryPermission(repositoryName) || hasTeamRepositoryPermission(repositoryName);
 	}
 
 	public boolean isMyPersonalRepository(String repository) {

--
Gitblit v1.9.1