From b7403152813c7fee783e3c999c7f7ae9fbaacce0 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 03 Feb 2012 18:16:16 -0500
Subject: [PATCH] Block pushes to a repository with a working copy (issue 49)

---
 src/com/gitblit/AccessRestrictionFilter.java |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java
index a8d50b8..e9b6587 100644
--- a/src/com/gitblit/AccessRestrictionFilter.java
+++ b/src/com/gitblit/AccessRestrictionFilter.java
@@ -62,6 +62,15 @@
 	protected abstract String getUrlRequestAction(String url);
 
 	/**
+	 * Determine if the action may be executed on the repository.
+	 * 
+	 * @param repository
+	 * @param action
+	 * @return true if the action may be performed
+	 */
+	protected abstract boolean isActionAllowed(RepositoryModel repository, String action);
+
+	/**
 	 * Determine if the repository requires authentication.
 	 * 
 	 * @param repository
@@ -110,6 +119,14 @@
 			httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);
 			return;
 		}
+		
+		// Confirm that the action may be executed on the repository
+		if (!isActionAllowed(model, urlRequestType)) {
+			logger.info(MessageFormat.format("ARF: action {0} on {1} forbidden ({2})",
+					urlRequestType, model, HttpServletResponse.SC_FORBIDDEN));
+			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+			return;
+		}
 
 		// Wrap the HttpServletRequest with the AccessRestrictionRequest which
 		// overrides the servlet container user principal methods.

--
Gitblit v1.9.1