From 3e44b65e329c199f95488f9429c1a20362c70b4d Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 22 Oct 2012 08:55:44 -0400
Subject: [PATCH] Ensure illegal repository names are rejected in create-on-push
---
src/com/gitblit/wicket/pages/EditRepositoryPage.java | 194 +++++++++++++++++++++++++++++-------------------
1 files changed, 118 insertions(+), 76 deletions(-)
diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index f3e2c38..200a50e 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -16,15 +16,14 @@
package com.gitblit.wicket.pages;
import java.text.MessageFormat;
-import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-import java.util.Map.Entry;
import java.util.Set;
import org.apache.wicket.PageParameters;
@@ -37,9 +36,10 @@
import org.apache.wicket.markup.html.form.DropDownChoice;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.IChoiceRenderer;
+import org.apache.wicket.markup.html.form.Radio;
+import org.apache.wicket.markup.html.form.RadioGroup;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.markup.html.list.ListItem;
-import org.apache.wicket.markup.html.list.ListItemModel;
import org.apache.wicket.markup.html.list.ListView;
import org.apache.wicket.model.CompoundPropertyModel;
import org.apache.wicket.model.IModel;
@@ -49,10 +49,12 @@
import com.gitblit.Constants;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationStrategy;
import com.gitblit.GitBlit;
import com.gitblit.GitBlitException;
import com.gitblit.Keys;
+import com.gitblit.models.RegistrantAccessPermission;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.UserModel;
import com.gitblit.utils.ArrayUtils;
@@ -61,6 +63,7 @@
import com.gitblit.wicket.StringChoiceRenderer;
import com.gitblit.wicket.WicketUtils;
import com.gitblit.wicket.panels.BulletListPanel;
+import com.gitblit.wicket.panels.RegistrantPermissionsPanel;
public class EditRepositoryPage extends RootSubPage {
@@ -74,7 +77,26 @@
// create constructor
super();
isCreate = true;
- setupPage(new RepositoryModel());
+ RepositoryModel model = new RepositoryModel();
+ String restriction = GitBlit.getString(Keys.git.defaultAccessRestriction, null);
+ model.accessRestriction = AccessRestrictionType.fromName(restriction);
+ String authorization = GitBlit.getString(Keys.git.defaultAuthorizationControl, null);
+ model.authorizationControl = AuthorizationControl.fromName(authorization);
+
+ GitBlitWebSession session = GitBlitWebSession.get();
+ UserModel user = session.getUser();
+ if (user != null && user.canCreate() && !user.canAdmin()) {
+ // personal create permissions, inject personal repository path
+ model.name = user.getPersonalPath() + "/";
+ model.projectPath = user.getPersonalPath();
+ model.owner = user.username;
+ // personal repositories are private by default
+ model.accessRestriction = AccessRestrictionType.VIEW;
+ model.authorizationControl = AuthorizationControl.NAMED;
+ }
+
+ setupPage(model);
+ setStatelessHint(false);
}
public EditRepositoryPage(PageParameters params) {
@@ -84,6 +106,7 @@
String name = WicketUtils.getRepositoryName(params);
RepositoryModel model = GitBlit.self().getRepositoryModel(name);
setupPage(model);
+ setStatelessHint(false);
}
protected void setupPage(final RepositoryModel repositoryModel) {
@@ -92,18 +115,25 @@
List<String> indexedBranches = new ArrayList<String>();
List<String> federationSets = new ArrayList<String>();
- List<String> repositoryUsers = new ArrayList<String>();
- List<String> repositoryTeams = new ArrayList<String>();
+ final List<RegistrantAccessPermission> repositoryUsers = new ArrayList<RegistrantAccessPermission>();
+ final List<RegistrantAccessPermission> repositoryTeams = new ArrayList<RegistrantAccessPermission>();
List<String> preReceiveScripts = new ArrayList<String>();
List<String> postReceiveScripts = new ArrayList<String>();
+ GitBlitWebSession session = GitBlitWebSession.get();
+ final UserModel user = session.getUser() == null ? UserModel.ANONYMOUS : session.getUser();
+
if (isCreate) {
- super.setupPage(getString("gb.newRepository"), "");
+ if (user.canAdmin()) {
+ super.setupPage(getString("gb.newRepository"), "");
+ } else {
+ super.setupPage(getString("gb.newRepository"), user.getDisplayName());
+ }
} else {
super.setupPage(getString("gb.edit"), repositoryModel.name);
if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
- repositoryUsers.addAll(GitBlit.self().getRepositoryUsers(repositoryModel));
- repositoryTeams.addAll(GitBlit.self().getRepositoryTeams(repositoryModel));
+ repositoryUsers.addAll(GitBlit.self().getUserAccessPermissions(repositoryModel));
+ repositoryTeams.addAll(GitBlit.self().getTeamAccessPermissions(repositoryModel));
Collections.sort(repositoryUsers);
}
federationSets.addAll(repositoryModel.federationSets);
@@ -113,15 +143,11 @@
}
final String oldName = repositoryModel.name;
- // users palette
- final Palette<String> usersPalette = new Palette<String>("users", new ListModel<String>(
- repositoryUsers), new CollectionModel<String>(GitBlit.self().getAllUsernames()),
- new StringChoiceRenderer(), 10, false);
- // teams palette
- final Palette<String> teamsPalette = new Palette<String>("teams", new ListModel<String>(
- repositoryTeams), new CollectionModel<String>(GitBlit.self().getAllTeamnames()),
- new StringChoiceRenderer(), 8, false);
+ RegistrantPermissionsPanel usersPalette = new RegistrantPermissionsPanel("users",
+ GitBlit.self().getAllUsernames(), repositoryUsers, getAccessPermissions());
+ RegistrantPermissionsPanel teamsPalette = new RegistrantPermissionsPanel("teams",
+ GitBlit.self().getAllTeamnames(), repositoryTeams, getAccessPermissions());
// indexed local branches palette
List<String> allLocalBranches = new ArrayList<String>();
@@ -157,22 +183,24 @@
.self().getPostReceiveScriptsUnused(repositoryModel)),
new StringChoiceRenderer(), 12, true);
- // Dynamic Custom Defined Properties Properties
- final List<Entry<String, String>> definedProperties = new ArrayList<Entry<String, String>>();
- List<String> customFields = GitBlit.getStrings(Keys.repository.customFields);
- for (String customFieldDef : customFields) {
- String[] customFieldProperty = customFieldDef.split("=");
- definedProperties.add(new AbstractMap.SimpleEntry<String, String>(customFieldProperty[0], customFieldProperty[1]));
- }
-
- final ListView<Entry<String, String>> customFieldsListView = new ListView<Entry<String, String>>("customFieldsListView", definedProperties) {
+ // custom fields
+ final Map<String, String> customFieldsMap = GitBlit.getMap(Keys.groovy.customFields);
+ List<String> customKeys = new ArrayList<String>(customFieldsMap.keySet());
+ final ListView<String> customFieldsListView = new ListView<String>("customFieldsListView", customKeys) {
+
+ private static final long serialVersionUID = 1L;
+
@Override
- protected void populateItem(ListItem<Entry<String, String>> item) {
- String value = repositoryModel.customFields.get(item.getModelObject().getKey());
+ protected void populateItem(ListItem<String> item) {
+ String key = item.getModelObject();
+ item.add(new Label("customFieldLabel", customFieldsMap.get(key)));
- item.add(new Label(item.getModelObject().getKey(), item.getModelObject().getValue())); // Used to get the key later
- item.add(new Label("customFieldLabel", item.getModelObject().getValue()));
- item.add(new TextField<String>("customFieldValue", new Model<String>(value)));
+ String value = "";
+ if (repositoryModel.customFields != null && repositoryModel.customFields.containsKey(key)) {
+ value = repositoryModel.customFields.get(key);
+ }
+ TextField<String> field = new TextField<String>("customFieldValue", new Model<String>(value));
+ item.add(field);
}
};
customFieldsListView.setReuseItems(true);
@@ -187,11 +215,14 @@
protected void onSubmit() {
try {
// confirm a repository name was entered
- if (StringUtils.isEmpty(repositoryModel.name)) {
+ if (repositoryModel.name == null && StringUtils.isEmpty(repositoryModel.name)) {
error(getString("gb.pleaseSetRepositoryName"));
return;
}
-
+
+ // ensure name is trimmed
+ repositoryModel.name = repositoryModel.name.trim();
+
// automatically convert backslashes to forward slashes
repositoryModel.name = repositoryModel.name.replace('\\', '/');
// Automatically replace // with /
@@ -209,6 +240,9 @@
if (repositoryModel.name.contains("/../")) {
error(getString("gb.illegalRelativeSlash"));
return;
+ }
+ if (repositoryModel.name.endsWith("/")) {
+ repositoryModel.name = repositoryModel.name.substring(0, repositoryModel.name.length() - 1);
}
// confirm valid characters in repository name
@@ -217,6 +251,22 @@
error(MessageFormat.format(getString("gb.illegalCharacterRepositoryName"),
c));
return;
+ }
+
+ if (user.canCreate() && !user.canAdmin()) {
+ // ensure repository name begins with the user's path
+ if (!repositoryModel.name.startsWith(user.getPersonalPath())) {
+ error(MessageFormat.format(getString("gb.illegalPersonalRepositoryLocation"),
+ user.getPersonalPath()));
+ return;
+ }
+
+ if (repositoryModel.name.equals(user.getPersonalPath())) {
+ // reset path prefix and show error
+ repositoryModel.name = user.getPersonalPath() + "/";
+ error(getString("gb.pleaseSetRepositoryName"));
+ return;
+ }
}
// confirm access restriction selection
@@ -277,11 +327,14 @@
}
repositoryModel.postReceiveScripts = postReceiveScripts;
- // Loop over each of the user defined properties
+ // custom fields
+ repositoryModel.customFields = new LinkedHashMap<String, String>();
for (int i = 0; i < customFieldsListView.size(); i++) {
- ListItem<ListItemModel<String>> item = (ListItem<ListItemModel<String>>) customFieldsListView.get(i);
- String key = item.get(0).getId(); // Item 0 is our 'fake' label
- String value = ((TextField<String>)item.get(2)).getValue(); // Item 2 is out text box
+ ListItem<String> child = (ListItem<String>) customFieldsListView.get(i);
+ String key = child.getModelObject();
+
+ TextField<String> field = (TextField<String>) child.get("customFieldValue");
+ String value = field.getValue();
repositoryModel.customFields.put(key, value);
}
@@ -289,28 +342,10 @@
// save the repository
GitBlit.self().updateRepositoryModel(oldName, repositoryModel, isCreate);
- // repository access
+ // repository access permissions
if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
- // save the user access list
- Iterator<String> users = usersPalette.getSelectedChoices();
- List<String> repositoryUsers = new ArrayList<String>();
- while (users.hasNext()) {
- repositoryUsers.add(users.next());
- }
- // ensure the owner is added to the user list
- if (repositoryModel.owner != null
- && !repositoryUsers.contains(repositoryModel.owner)) {
- repositoryUsers.add(repositoryModel.owner);
- }
- GitBlit.self().setRepositoryUsers(repositoryModel, repositoryUsers);
-
- // save the team access list
- Iterator<String> teams = teamsPalette.getSelectedChoices();
- List<String> repositoryTeams = new ArrayList<String>();
- while (teams.hasNext()) {
- repositoryTeams.add(teams.next());
- }
- GitBlit.self().setRepositoryTeams(repositoryModel, repositoryTeams);
+ GitBlit.self().setUserAccessPermissions(repositoryModel, repositoryUsers);
+ GitBlit.self().setTeamAccessPermissions(repositoryModel, repositoryTeams);
}
} catch (GitBlitException e) {
error(e.getMessage());
@@ -325,10 +360,11 @@
form.add(new SimpleAttributeModifier("autocomplete", "off"));
// field names reflective match RepositoryModel fields
- form.add(new TextField<String>("name").setEnabled(isCreate || isAdmin));
+ form.add(new TextField<String>("name").setEnabled(isCreate || isAdmin || repositoryModel.isUsersPersonalRepository(user.username)));
form.add(new TextField<String>("description"));
form.add(new DropDownChoice<String>("owner", GitBlit.self().getAllUsernames())
.setEnabled(GitBlitWebSession.get().canAdmin()));
+ form.add(new CheckBox("allowForks"));
form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
.asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));
form.add(new CheckBox("isFrozen"));
@@ -352,7 +388,7 @@
form.add(new DropDownChoice<FederationStrategy>("federationStrategy", federationStrategies,
new FederationTypeRenderer()));
form.add(new CheckBox("useTickets"));
- form.add(new CheckBox("useDocs"));
+ form.add(new CheckBox("useDocs"));
form.add(new CheckBox("showRemoteBranches"));
form.add(new CheckBox("showReadme"));
form.add(new CheckBox("skipSizeCalculation"));
@@ -361,23 +397,29 @@
: StringUtils.flattenStrings(repositoryModel.mailingLists, " "));
form.add(new TextField<String>("mailingLists", mailingLists));
form.add(indexedBranchesPalette);
+
+ RadioGroup<AuthorizationControl> group = new RadioGroup<AuthorizationControl>("authorizationControl");
+ Radio<AuthorizationControl> allowAuthenticated = new Radio<AuthorizationControl>("allowAuthenticated", new Model<AuthorizationControl>(AuthorizationControl.AUTHENTICATED));
+ Radio<AuthorizationControl> allowNamed = new Radio<AuthorizationControl>("allowNamed", new Model<AuthorizationControl>(AuthorizationControl.NAMED));
+ group.add(allowAuthenticated);
+ group.add(allowNamed);
+ form.add(group);
+
+ form.add(new CheckBox("verifyCommitter"));
+
form.add(usersPalette);
form.add(teamsPalette);
form.add(federationSetsPalette);
form.add(preReceivePalette);
- form.add(new BulletListPanel("inheritedPreReceive", "inherited", GitBlit.self()
+ form.add(new BulletListPanel("inheritedPreReceive", getString("gb.inherited"), GitBlit.self()
.getPreReceiveScriptsInherited(repositoryModel)));
form.add(postReceivePalette);
- form.add(new BulletListPanel("inheritedPostReceive", "inherited", GitBlit.self()
+ form.add(new BulletListPanel("inheritedPostReceive", getString("gb.inherited"), GitBlit.self()
.getPostReceiveScriptsInherited(repositoryModel)));
- WebMarkupContainer customFiledsSection = new WebMarkupContainer("customFiledsSection") {
- public boolean isVisible() {
- return GitBlit.getString(Keys.repository.customFields, "").isEmpty() == false;
- };
- };
- customFiledsSection.add(customFieldsListView);
- form.add(customFiledsSection);
+ WebMarkupContainer customFieldsSection = new WebMarkupContainer("customFieldsSection");
+ customFieldsSection.add(customFieldsListView);
+ form.add(customFieldsSection.setVisible(!GitBlit.getString(Keys.groovy.customFields, "").isEmpty()));
form.add(new Button("save"));
Button cancel = new Button("cancel") {
@@ -412,31 +454,31 @@
if (authenticateAdmin) {
if (user == null) {
// No Login Available
- error("Administration requires a login", true);
+ error(getString("gb.errorAdminLoginRequired"), true);
}
if (isCreate) {
// Create Repository
- if (!user.canAdmin) {
- // Only Administrators May Create
- error("Only an administrator may create a repository", true);
+ if (!user.canCreate() && !user.canAdmin()) {
+ // Only administrators or permitted users may create
+ error(getString("gb.errorOnlyAdminMayCreateRepository"), true);
}
} else {
// Edit Repository
- if (user.canAdmin) {
+ if (user.canAdmin()) {
// Admins can edit everything
isAdmin = true;
return;
} else {
if (!model.owner.equalsIgnoreCase(user.username)) {
// User is not an Admin nor Owner
- error("Only an administrator or the owner may edit a repository", true);
+ error(getString("gb.errorOnlyAdminOrOwnerMayEditRepository"), true);
}
}
}
}
} else {
// No Administration Permitted
- error("Administration is disabled", true);
+ error(getString("gb.errorAdministrationDisabled"), true);
}
}
--
Gitblit v1.9.1