From 7baf2e4cd2ef8082b74937e26de75b01e630b5d4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 17 Apr 2014 12:00:35 -0400
Subject: [PATCH] Expose JGit 3.x receive pack settings as Gitblit settings
---
src/main/java/com/gitblit/git/GitblitReceivePack.java | 134 ++++++++++++++++++++++++++++++++++++++------
1 files changed, 114 insertions(+), 20 deletions(-)
diff --git a/src/main/java/com/gitblit/git/GitblitReceivePack.java b/src/main/java/com/gitblit/git/GitblitReceivePack.java
index e5c0ea4..61f2d67 100644
--- a/src/main/java/com/gitblit/git/GitblitReceivePack.java
+++ b/src/main/java/com/gitblit/git/GitblitReceivePack.java
@@ -47,9 +47,11 @@
import com.gitblit.IStoredSettings;
import com.gitblit.Keys;
import com.gitblit.client.Translation;
+import com.gitblit.extensions.ReceiveHook;
import com.gitblit.manager.IGitblit;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.UserModel;
+import com.gitblit.tickets.BranchTicketService;
import com.gitblit.utils.ArrayUtils;
import com.gitblit.utils.ClientLogger;
import com.gitblit.utils.CommitCache;
@@ -85,13 +87,11 @@
protected String gitblitUrl;
- protected String repositoryUrl;
-
protected GroovyScriptEngine gse;
- private final IStoredSettings settings;
+ protected final IStoredSettings settings;
- private final IGitblit gitblit;
+ protected final IGitblit gitblit;
public GitblitReceivePack(
IGitblit gitblit,
@@ -119,9 +119,46 @@
setAllowDeletes(user.canDeleteRef(repository));
setAllowNonFastForwards(user.canRewindRef(repository));
+ int maxObjectSz = settings.getInteger(Keys.git.maxObjectSizeLimit, -1);
+ if (maxObjectSz >= 0) {
+ setMaxObjectSizeLimit(maxObjectSz);
+ }
+ int maxPackSz = settings.getInteger(Keys.git.maxPackSizeLimit, -1);
+ if (maxPackSz >= 0) {
+ setMaxPackSizeLimit(maxPackSz);
+ }
+ setCheckReceivedObjects(settings.getBoolean(Keys.git.checkReceivedObjects, true));
+ setCheckReferencedObjectsAreReachable(settings.getBoolean(Keys.git.checkReferencedObjectsAreReachable, true));
+
// setup pre and post receive hook
setPreReceiveHook(this);
setPostReceiveHook(this);
+ }
+
+ /**
+ * Returns true if the user is permitted to apply the receive commands to
+ * the repository.
+ *
+ * @param commands
+ * @return true if the user may push these commands
+ */
+ protected boolean canPush(Collection<ReceiveCommand> commands) {
+ // TODO Consider supporting branch permissions here (issue-36)
+ // Not sure if that should be Gerrit-style, refs/meta/config, or
+ // gitolite-style, permissions in users.conf
+ //
+ // How could commands be empty?
+ //
+ // Because a subclass, like PatchsetReceivePack, filters receive
+ // commands before this method is called. This makes it possible for
+ // this method to test an empty list. In this case, we assume that the
+ // subclass receive pack properly enforces push restrictions. for the
+ // ref.
+ //
+ // The empty test is not explicitly required, it's written here to
+ // clarify special-case behavior.
+
+ return commands.isEmpty() ? true : user.canPush(repository);
}
/**
@@ -131,6 +168,14 @@
*/
@Override
public void onPreReceive(ReceivePack rp, Collection<ReceiveCommand> commands) {
+
+ if (commands.size() == 0) {
+ // no receive commands to process
+ // this can happen if receive pack subclasses intercept and filter
+ // the commands
+ LOGGER.debug("skipping pre-receive processing, no refs created, updated, or removed");
+ return;
+ }
if (repository.isMirror) {
// repository is a mirror
@@ -156,7 +201,7 @@
return;
}
- if (!user.canPush(repository)) {
+ if (!canPush(commands)) {
// user does not have push permissions
for (ReceiveCommand cmd : commands) {
sendRejection(cmd, "User \"{0}\" does not have push permissions for \"{1}\"!", user.username, repository.name);
@@ -226,18 +271,37 @@
}
}
- // reset branch commit cache on REWIND and DELETE
for (ReceiveCommand cmd : commands) {
String ref = cmd.getRefName();
if (ref.startsWith(Constants.R_HEADS)) {
switch (cmd.getType()) {
case UPDATE_NONFASTFORWARD:
case DELETE:
+ // reset branch commit cache on REWIND and DELETE
CommitCache.instance().clear(repository.name, ref);
break;
default:
break;
}
+ } else if (ref.equals(BranchTicketService.BRANCH)) {
+ // ensure pushing user is an administrator OR an owner
+ // i.e. prevent ticket tampering
+ boolean permitted = user.canAdmin() || repository.isOwner(user.username);
+ if (!permitted) {
+ sendRejection(cmd, "{0} is not permitted to push to {1}", user.username, ref);
+ }
+ } else if (ref.startsWith(Constants.R_FOR)) {
+ // prevent accidental push to refs/for
+ sendRejection(cmd, "{0} is not configured to receive patchsets", repository.name);
+ }
+ }
+
+ // call pre-receive plugins
+ for (ReceiveHook hook : gitblit.getExtensions(ReceiveHook.class)) {
+ try {
+ hook.onPreReceive(this, commands);
+ } catch (Exception e) {
+ LOGGER.error("Failed to execute extension", e);
}
}
@@ -263,7 +327,7 @@
@Override
public void onPostReceive(ReceivePack rp, Collection<ReceiveCommand> commands) {
if (commands.size() == 0) {
- LOGGER.debug("skipping post-receive hooks, no refs created, updated, or removed");
+ LOGGER.debug("skipping post-receive processing, no refs created, updated, or removed");
return;
}
@@ -335,6 +399,24 @@
LOGGER.error(MessageFormat.format("Failed to update {0} pushlog", repository.name), e);
}
+ // check for updates pushed to the BranchTicketService branch
+ // if the BranchTicketService is active it will reindex, as appropriate
+ for (ReceiveCommand cmd : commands) {
+ if (Result.OK.equals(cmd.getResult())
+ && BranchTicketService.BRANCH.equals(cmd.getRefName())) {
+ rp.getRepository().fireEvent(new ReceiveCommandEvent(repository, cmd));
+ }
+ }
+
+ // call post-receive plugins
+ for (ReceiveHook hook : gitblit.getExtensions(ReceiveHook.class)) {
+ try {
+ hook.onPostReceive(this, commands);
+ } catch (Exception e) {
+ LOGGER.error("Failed to execute extension", e);
+ }
+ }
+
// run Groovy hook scripts
Set<String> scripts = new LinkedHashSet<String>();
scripts.addAll(gitblit.getPostReceiveScriptsInherited(repository));
@@ -390,11 +472,7 @@
this.gitblitUrl = url;
}
- protected void setRepositoryUrl(String url) {
- this.repositoryUrl = url;
- }
-
- protected void sendRejection(final ReceiveCommand cmd, final String why, Object... objects) {
+ public void sendRejection(final ReceiveCommand cmd, final String why, Object... objects) {
String text;
if (ArrayUtils.isEmpty(objects)) {
text = why;
@@ -405,15 +483,15 @@
LOGGER.error(text + " (" + user.username + ")");
}
- protected void sendHeader(String msg, Object... objects) {
- sendMessage("--->", msg, objects);
+ public void sendHeader(String msg, Object... objects) {
+ sendInfo("--> ", msg, objects);
}
- protected void sendMessage(String msg, Object... objects) {
- sendMessage(" ", msg, objects);
+ public void sendInfo(String msg, Object... objects) {
+ sendInfo(" ", msg, objects);
}
- protected void sendMessage(String prefix, String msg, Object... objects) {
+ private void sendInfo(String prefix, String msg, Object... objects) {
String text;
if (ArrayUtils.isEmpty(objects)) {
text = msg;
@@ -422,10 +500,12 @@
text = MessageFormat.format(msg, objects);
super.sendMessage(prefix + text);
}
- LOGGER.info(text + " (" + user.username + ")");
+ if (!StringUtils.isEmpty(msg)) {
+ LOGGER.info(text + " (" + user.username + ")");
+ }
}
- protected void sendError(String msg, Object... objects) {
+ public void sendError(String msg, Object... objects) {
String text;
if (ArrayUtils.isEmpty(objects)) {
text = msg;
@@ -434,7 +514,9 @@
text = MessageFormat.format(msg, objects);
super.sendError(text);
}
- LOGGER.error(text + " (" + user.username + ")");
+ if (!StringUtils.isEmpty(msg)) {
+ LOGGER.error(text + " (" + user.username + ")");
+ }
}
/**
@@ -488,4 +570,16 @@
}
}
}
+
+ public IGitblit getGitblit() {
+ return gitblit;
+ }
+
+ public RepositoryModel getRepositoryModel() {
+ return repository;
+ }
+
+ public UserModel getUserModel() {
+ return user;
+ }
}
--
Gitblit v1.9.1