From 8c8f1f537b62a608e9ef01b70bec5a8df4dc8e8a Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 16 Jan 2013 07:57:18 -0500
Subject: [PATCH] Escape metacharacters for settings updates

---
 src/com/gitblit/wicket/pages/EditUserPage.java |   53 ++++++++++++++++++++++++++++++-----------------------
 1 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/EditUserPage.java b/src/com/gitblit/wicket/pages/EditUserPage.java
index 6e35354..c060f23 100644
--- a/src/com/gitblit/wicket/pages/EditUserPage.java
+++ b/src/com/gitblit/wicket/pages/EditUserPage.java
@@ -34,19 +34,18 @@
 import org.apache.wicket.model.util.CollectionModel;
 import org.apache.wicket.model.util.ListModel;
 
-import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.RegistrantType;
 import com.gitblit.GitBlit;
 import com.gitblit.GitBlitException;
 import com.gitblit.Keys;
-import com.gitblit.models.RepositoryModel;
-import com.gitblit.models.RepositoryAccessPermission;
+import com.gitblit.models.RegistrantAccessPermission;
 import com.gitblit.models.TeamModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.StringUtils;
 import com.gitblit.wicket.RequiresAdminRole;
 import com.gitblit.wicket.StringChoiceRenderer;
 import com.gitblit.wicket.WicketUtils;
-import com.gitblit.wicket.panels.RepositoryPermissionsPanel;
+import com.gitblit.wicket.panels.RegistrantPermissionsPanel;
 
 @RequiresAdminRole
 public class EditUserPage extends RootSubPage {
@@ -56,13 +55,14 @@
 	public EditUserPage() {
 		// create constructor
 		super();
-		if (!GitBlit.self().supportsCredentialChanges()) {
+		if (!GitBlit.self().supportsAddUser()) {
 			error(MessageFormat.format(getString("gb.userServiceDoesNotPermitAddUser"),
-					GitBlit.getString(Keys.realm.userService, "users.conf")), true);
+					GitBlit.getString(Keys.realm.userService, "${baseFolder}/users.conf")), true);
 		}
 		isCreate = true;
 		setupPage(new UserModel(""));
 		setStatelessHint(false);
+		setOutputMarkupId(true);
 	}
 
 	public EditUserPage(PageParameters params) {
@@ -73,6 +73,12 @@
 		UserModel model = GitBlit.self().getUserModel(name);
 		setupPage(model);
 		setStatelessHint(false);
+		setOutputMarkupId(true);
+	}
+	
+	@Override
+	protected boolean requiresPageMap() {
+		return true;
 	}
 
 	protected void setupPage(final UserModel userModel) {
@@ -86,13 +92,9 @@
 				StringUtils.isEmpty(userModel.password) ? "" : userModel.password);
 		CompoundPropertyModel<UserModel> model = new CompoundPropertyModel<UserModel>(userModel);
 
-		List<String> repos = new ArrayList<String>();
-		for (String repo : GitBlit.self().getRepositoryList()) {
-			RepositoryModel repositoryModel = GitBlit.self().getRepositoryModel(repo);
-			if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
-				repos.add(repo);
-			}
-		}
+		// build list of projects including all repositories wildcards
+		List<String> repos = getAccessRestrictedRepositoryList(true, userModel);
+		
 		List<String> userTeams = new ArrayList<String>();
 		for (TeamModel team : userModel.teams) {
 			userTeams.add(team.name);
@@ -100,7 +102,7 @@
 		Collections.sort(userTeams);
 		
 		final String oldName = userModel.username;
-		final List<RepositoryAccessPermission> permissions = userModel.getRepositoryPermissions();
+		final List<RegistrantAccessPermission> permissions = GitBlit.self().getUserAccessPermissions(userModel);
 
 		final Palette<String> teams = new Palette<String>("teams", new ListModel<String>(
 				new ArrayList<String>(userTeams)), new CollectionModel<String>(GitBlit.self()
@@ -132,7 +134,7 @@
 				}
 				boolean rename = !StringUtils.isEmpty(oldName)
 						&& !oldName.equalsIgnoreCase(username);
-				if (GitBlit.self().supportsCredentialChanges()) {
+				if (GitBlit.self().supportsCredentialChanges(userModel)) {
 					if (!userModel.password.equals(confirmPassword.getObject())) {
 						error(getString("gb.passwordsDoNotMatch"));
 						return;
@@ -171,8 +173,8 @@
 				}
 
 				// update user permissions
-				for (RepositoryAccessPermission repositoryPermission : permissions) {
-					userModel.setRepositoryPermission(repositoryPermission.repository, repositoryPermission.permission);
+				for (RegistrantAccessPermission repositoryPermission : permissions) {
+					userModel.setRepositoryPermission(repositoryPermission.registrant, repositoryPermission.permission);
 				}
 
 				Iterator<String> selectedTeams = teams.getSelectedChoices();
@@ -208,16 +210,16 @@
 		form.add(new SimpleAttributeModifier("autocomplete", "off"));
 		
 		// not all user services support manipulating username and password
-		boolean editCredentials = GitBlit.self().supportsCredentialChanges();
+		boolean editCredentials = GitBlit.self().supportsCredentialChanges(userModel);
 		
 		// not all user services support manipulating display name
-		boolean editDisplayName = GitBlit.self().supportsDisplayNameChanges();
+		boolean editDisplayName = GitBlit.self().supportsDisplayNameChanges(userModel);
 
 		// not all user services support manipulating email address
-		boolean editEmailAddress = GitBlit.self().supportsEmailAddressChanges();
+		boolean editEmailAddress = GitBlit.self().supportsEmailAddressChanges(userModel);
 
 		// not all user services support manipulating team memberships
-		boolean editTeams = GitBlit.self().supportsTeamMembershipChanges();
+		boolean editTeams = GitBlit.self().supportsTeamMembershipChanges(userModel);
 
 		// field names reflective match UserModel fields
 		form.add(new TextField<String>("username").setEnabled(editCredentials));
@@ -231,12 +233,17 @@
 		form.add(new TextField<String>("displayName").setEnabled(editDisplayName));
 		form.add(new TextField<String>("emailAddress").setEnabled(editEmailAddress));
 		form.add(new CheckBox("canAdmin"));
-		form.add(new CheckBox("canFork"));
+		form.add(new CheckBox("canFork").setEnabled(GitBlit.getBoolean(Keys.web.allowForking, true)));
 		form.add(new CheckBox("canCreate"));
 		form.add(new CheckBox("excludeFromFederation"));
-		form.add(new RepositoryPermissionsPanel("repositories", permissions, getAccessPermissions()));
+		form.add(new RegistrantPermissionsPanel("repositories",	RegistrantType.REPOSITORY, repos, permissions, getAccessPermissions()));
 		form.add(teams.setEnabled(editTeams));
 
+		form.add(new TextField<String>("organizationalUnit").setEnabled(editDisplayName));
+		form.add(new TextField<String>("organization").setEnabled(editDisplayName));
+		form.add(new TextField<String>("locality").setEnabled(editDisplayName));
+		form.add(new TextField<String>("stateProvince").setEnabled(editDisplayName));
+		form.add(new TextField<String>("countryCode").setEnabled(editDisplayName));
 		form.add(new Button("save"));
 		Button cancel = new Button("cancel") {
 			private static final long serialVersionUID = 1L;

--
Gitblit v1.9.1