From 78753bc22f140f863aa3fe56b1c59699ca3e2fa8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 26 Sep 2011 22:29:07 -0400
Subject: [PATCH] Protect DownloadZipServlet with an AccessRestrictionFilter.

---
 src/com/gitblit/wicket/pages/EditUserPage.java |   21 +++++++++++----------
 1 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/EditUserPage.java b/src/com/gitblit/wicket/pages/EditUserPage.java
index cb61adb..a358911 100644
--- a/src/com/gitblit/wicket/pages/EditUserPage.java
+++ b/src/com/gitblit/wicket/pages/EditUserPage.java
@@ -83,8 +83,8 @@
 		}
 		final String oldName = userModel.username;
 		final Palette<String> repositories = new Palette<String>("repositories",
-				new ListModel<String>(userModel.repositories), new CollectionModel<String>(repos),
-				new ChoiceRenderer<String>("", ""), 10, false);
+				new ListModel<String>(new ArrayList<String>(userModel.repositories)),
+				new CollectionModel<String>(repos), new ChoiceRenderer<String>("", ""), 10, false);
 		Form<UserModel> form = new Form<UserModel>("editForm", model) {
 
 			private static final long serialVersionUID = 1L;
@@ -172,20 +172,21 @@
 		confirmPasswordField.setResetPassword(false);
 		form.add(confirmPasswordField);
 		form.add(new CheckBox("canAdmin"));
+		form.add(new CheckBox("excludeFromFederation"));
 		form.add(repositories);
-		
+
 		form.add(new Button("save"));
-		Button cancel = new Button("cancel"){          
+		Button cancel = new Button("cancel") {
 			private static final long serialVersionUID = 1L;
 
 			@Override
 			public void onSubmit() {
-                setResponsePage(RepositoriesPage.class);
-            }
-        };
-        cancel.setDefaultFormProcessing(false);
-        form.add(cancel);
-        
+				setResponsePage(RepositoriesPage.class);
+			}
+		};
+		cancel.setDefaultFormProcessing(false);
+		form.add(cancel);
+
 		add(form);
 	}
 }

--
Gitblit v1.9.1