From b799d545f37f7123aaa1ee1d0ff3b61f1f3cc8c2 Mon Sep 17 00:00:00 2001
From: David Ostrovsky <david@ostrovsky.org>
Date: Thu, 10 Apr 2014 18:58:08 -0400
Subject: [PATCH] Add review SSH command

---
 src/main/java/com/gitblit/git/GitblitUploadPackFactory.java |   63 +++++++++----------------------
 1 files changed, 18 insertions(+), 45 deletions(-)

diff --git a/src/main/java/com/gitblit/git/GitblitUploadPackFactory.java b/src/main/java/com/gitblit/git/GitblitUploadPackFactory.java
index 01dfc08..a72d4ad 100644
--- a/src/main/java/com/gitblit/git/GitblitUploadPackFactory.java
+++ b/src/main/java/com/gitblit/git/GitblitUploadPackFactory.java
@@ -15,23 +15,18 @@
  */
 package com.gitblit.git;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
 import javax.servlet.http.HttpServletRequest;
 
-import org.eclipse.jgit.lib.Ref;
 import org.eclipse.jgit.lib.Repository;
-import org.eclipse.jgit.transport.RefFilter;
 import org.eclipse.jgit.transport.UploadPack;
 import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
 import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
 import org.eclipse.jgit.transport.resolver.UploadPackFactory;
 
-import com.gitblit.Constants;
-import com.gitblit.GitBlit;
+import com.gitblit.manager.IAuthenticationManager;
 import com.gitblit.models.UserModel;
+import com.gitblit.transport.git.GitDaemonClient;
+import com.gitblit.transport.ssh.SshSession;
 
 /**
  * The upload pack factory creates an upload pack which controls what refs are
@@ -43,6 +38,12 @@
  */
 public class GitblitUploadPackFactory<X> implements UploadPackFactory<X> {
 
+	private final IAuthenticationManager authenticationManager;
+
+	public GitblitUploadPackFactory(IAuthenticationManager authenticationManager) {
+		this.authenticationManager = authenticationManager;
+	}
+
 	@Override
 	public UploadPack create(X req, Repository db)
 			throws ServiceNotEnabledException, ServiceNotAuthorizedException {
@@ -52,7 +53,8 @@
 
 		if (req instanceof HttpServletRequest) {
 			// http/https request may or may not be authenticated
-			user = GitBlit.self().authenticate((HttpServletRequest) req);
+			HttpServletRequest client = (HttpServletRequest) req;
+			user = authenticationManager.authenticate(client);
 			if (user == null) {
 				user = UserModel.ANONYMOUS;
 			}
@@ -61,47 +63,18 @@
 			GitDaemonClient client = (GitDaemonClient) req;
 			// set timeout from Git daemon
 			timeout = client.getDaemon().getTimeout();
+		} else if (req instanceof SshSession) {
+			// SSH request is always authenticated
+			SshSession client = (SshSession) req;
+			user = authenticationManager.authenticate(client);
+			if (user == null) {
+				throw new ServiceNotAuthorizedException();
+			}
 		}
 
-		RefFilter refFilter = new UserRefFilter(user);
 		UploadPack up = new UploadPack(db);
-		up.setRefFilter(refFilter);
 		up.setTimeout(timeout);
 
 		return up;
-	}
-
-	/**
-	 * Restricts advertisement of certain refs based on the permission of the
-	 * requesting user.
-	 */
-	public static class UserRefFilter implements RefFilter {
-
-		final UserModel user;
-
-		public UserRefFilter(UserModel user) {
-			this.user = user;
-		}
-
-		@Override
-		public Map<String, Ref> filter(Map<String, Ref> refs) {
-			if (user.canAdmin()) {
-				// admins can see all refs
-				return refs;
-			}
-
-			// normal users can not clone any gitblit refs
-			// JGit's RefMap is custom and does not support iterator removal :(
-			List<String> toRemove = new ArrayList<String>();
-			for (String ref : refs.keySet()) {
-				if (ref.startsWith(Constants.R_GITBLIT)) {
-					toRemove.add(ref);
-				}
-			}
-			for (String ref : toRemove) {
-				refs.remove(ref);
-			}
-			return refs;
-		}
 	}
 }
\ No newline at end of file

--
Gitblit v1.9.1