From 629806c4c04d3bfc058056069c3123fd91782639 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 27 Sep 2013 21:31:39 -0400
Subject: [PATCH] Added setting to globally disable anonymous pushes in the receive pack

---
 src/main/java/com/gitblit/git/GitblitReceivePackFactory.java   |    4 ++--
 src/main/java/com/gitblit/Constants.java                       |   11 +++++++++++
 releases.moxie                                                 |    2 ++
 src/main/distrib/data/gitblit.properties                       |   12 ++++++++++++
 src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java |    4 ++--
 5 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/releases.moxie b/releases.moxie
index f9e21d4..3418a05 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -23,9 +23,11 @@
 	- Added branch graph image servlet based on EGit's branch graph renderer (issue-194)
 	- Added option to render Markdown commit messages (issue-203)
 	- Added setting to control creating a repository as --shared on Unix servers (issue-263)
+	- Added setting to globally disable anonymous pushes in the receive pack
     dependencyChanges: ~
     settings:
     - { name: 'git.createRepositoriesShared', defaultValue: 'false' }
+    - { name: 'git.allowAnonymousPushes', defaultValue: 'true' }
 	- { name: 'web.commitMessageRenderer', defaultValue: 'plain' }
 	- { name: 'web.showBranchGraph', defaultValue: 'true' }
     contributors:
diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index ab7b999..9a02e23 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -145,6 +145,18 @@
 # SINCE 1.2.0
 git.allowCreateOnPush = true
 
+# Global setting to control anonymous pushes.
+#
+# This setting allows/rejects anonymous pushes at the level of the receive pack.
+# This trumps all repository config settings.  While anonymous pushes are convenient
+# on your own box when you are a lone developer,  they are not recommended for
+# any multi-user installation where accountability is required.  Since Gitblit
+# tracks pushes and user accounts, allowing anonymous pushes compromises that
+# information.
+#
+# SINCE 1.4.0
+git.allowAnonymousPushes = true
+
 # The default access restriction for new repositories.
 # Valid values are NONE, PUSH, CLONE, VIEW
 #  NONE = anonymous view, clone, & push
diff --git a/src/main/java/com/gitblit/Constants.java b/src/main/java/com/gitblit/Constants.java
index bd04128..3ac7082 100644
--- a/src/main/java/com/gitblit/Constants.java
+++ b/src/main/java/com/gitblit/Constants.java
@@ -19,6 +19,8 @@
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.net.URL;
+import java.util.Arrays;
+import java.util.List;
 import java.util.jar.Attributes;
 import java.util.jar.Manifest;
 
@@ -148,6 +150,8 @@
 	 */
 	public static enum AccessRestrictionType {
 		NONE, PUSH, CLONE, VIEW;
+		
+		private static final AccessRestrictionType [] AUTH_TYPES = { PUSH, CLONE, VIEW };
 
 		public static AccessRestrictionType fromName(String name) {
 			for (AccessRestrictionType type : values()) {
@@ -157,6 +161,13 @@
 			}
 			return NONE;
 		}
+		
+		public static List<AccessRestrictionType> choices(boolean allowAnonymousPush) {
+			if (allowAnonymousPush) {
+				return Arrays.asList(values());
+			}
+			return Arrays.asList(AUTH_TYPES);
+		}
 
 		public boolean exceeds(AccessRestrictionType type) {
 			return this.ordinal() > type.ordinal();
diff --git a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
index b9eb8a6..feb33e9 100644
--- a/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
+++ b/src/main/java/com/gitblit/git/GitblitReceivePackFactory.java
@@ -27,6 +27,7 @@
 import org.slf4j.LoggerFactory;
 
 import com.gitblit.GitBlit;
+import com.gitblit.Keys;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.HttpUtils;
@@ -80,8 +81,7 @@
 			timeout = client.getDaemon().getTimeout();
 		}
 
-		// TODO make this a setting
-		boolean allowAnonymousPushes = true;
+		boolean allowAnonymousPushes = GitBlit.getBoolean(Keys.git.allowAnonymousPushes, true);
 		if (!allowAnonymousPushes && UserModel.ANONYMOUS.equals(user)) {
 			// prohibit anonymous pushes
 			throw new ServiceNotEnabledException();
diff --git a/src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java
index a25797f..568c312 100644
--- a/src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -417,8 +417,8 @@
 		form.add(new TextField<String>("description"));
 		form.add(ownersPalette);
 		form.add(new CheckBox("allowForks").setEnabled(GitBlit.getBoolean(Keys.web.allowForking, true)));
-		DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
-				.asList(AccessRestrictionType.values()), new AccessRestrictionRenderer());
+		DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction",
+				AccessRestrictionType.choices(GitBlit.getBoolean(Keys.git.allowAnonymousPushes, true)), new AccessRestrictionRenderer());
 		form.add(accessRestriction);
 		form.add(new CheckBox("isFrozen"));
 		// TODO enable origin definition

--
Gitblit v1.9.1