From 78753bc22f140f863aa3fe56b1c59699ca3e2fa8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 26 Sep 2011 22:29:07 -0400
Subject: [PATCH] Protect DownloadZipServlet with an AccessRestrictionFilter.

---
 src/com/gitblit/wicket/pages/EditUserPage.java |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/EditUserPage.java b/src/com/gitblit/wicket/pages/EditUserPage.java
index 8f68ac2..a358911 100644
--- a/src/com/gitblit/wicket/pages/EditUserPage.java
+++ b/src/com/gitblit/wicket/pages/EditUserPage.java
@@ -22,6 +22,7 @@
 
 import org.apache.wicket.PageParameters;
 import org.apache.wicket.extensions.markup.html.form.palette.Palette;
+import org.apache.wicket.markup.html.form.Button;
 import org.apache.wicket.markup.html.form.CheckBox;
 import org.apache.wicket.markup.html.form.ChoiceRenderer;
 import org.apache.wicket.markup.html.form.Form;
@@ -82,8 +83,8 @@
 		}
 		final String oldName = userModel.username;
 		final Palette<String> repositories = new Palette<String>("repositories",
-				new ListModel<String>(userModel.repositories), new CollectionModel<String>(repos),
-				new ChoiceRenderer<String>("", ""), 10, false);
+				new ListModel<String>(new ArrayList<String>(userModel.repositories)),
+				new CollectionModel<String>(repos), new ChoiceRenderer<String>("", ""), 10, false);
 		Form<UserModel> form = new Form<UserModel>("editForm", model) {
 
 			private static final long serialVersionUID = 1L;
@@ -143,7 +144,7 @@
 				userModel.repositories.clear();
 				userModel.repositories.addAll(repos);
 				try {
-					GitBlit.self().editUserModel(oldName, userModel, isCreate);
+					GitBlit.self().updateUserModel(oldName, userModel, isCreate);
 				} catch (GitBlitException e) {
 					error(e.getMessage());
 					return;
@@ -171,7 +172,21 @@
 		confirmPasswordField.setResetPassword(false);
 		form.add(confirmPasswordField);
 		form.add(new CheckBox("canAdmin"));
+		form.add(new CheckBox("excludeFromFederation"));
 		form.add(repositories);
+
+		form.add(new Button("save"));
+		Button cancel = new Button("cancel") {
+			private static final long serialVersionUID = 1L;
+
+			@Override
+			public void onSubmit() {
+				setResponsePage(RepositoriesPage.class);
+			}
+		};
+		cancel.setDefaultFormProcessing(false);
+		form.add(cancel);
+
 		add(form);
 	}
 }

--
Gitblit v1.9.1