From ba2f9aa95ee55f3672cd59474c65b959d0fe7fb5 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 26 Feb 2014 23:52:45 -0500
Subject: [PATCH] Do not grant fork CLONE permissions to users/teams with implied regex CLONE permissions (issue-320)

---
 src/main/java/com/gitblit/manager/GitblitManager.java |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/gitblit/manager/GitblitManager.java b/src/main/java/com/gitblit/manager/GitblitManager.java
index 95d50ac..9d096dd 100644
--- a/src/main/java/com/gitblit/manager/GitblitManager.java
+++ b/src/main/java/com/gitblit/manager/GitblitManager.java
@@ -172,7 +172,8 @@
 		if (!ArrayUtils.isEmpty(repository.owners)) {
 			for (String owner : repository.owners) {
 				UserModel originOwner = userManager.getUserModel(owner);
-				if (originOwner != null) {
+				if (originOwner != null && !originOwner.canClone(cloneModel)) {
+					// origin owner can't yet clone fork, grant explicit clone access
 					originOwner.setRepositoryPermission(cloneName, AccessPermission.CLONE);
 					reviseUser(originOwner.username, originOwner);
 				}
@@ -185,8 +186,8 @@
 		for (String name : users) {
 			if (!name.equalsIgnoreCase(user.username)) {
 				UserModel cloneUser = userManager.getUserModel(name);
-				if (cloneUser.canClone(repository)) {
-					// origin user can clone origin, grant clone access to fork
+				if (cloneUser.canClone(repository) && !cloneUser.canClone(cloneModel)) {
+					// origin user can't yet clone fork, grant explicit clone access
 					cloneUser.setRepositoryPermission(cloneName, AccessPermission.CLONE);
 				}
 				cloneUsers.add(cloneUser);
@@ -199,8 +200,8 @@
 		List<TeamModel> cloneTeams = new ArrayList<TeamModel>();
 		for (String name : teams) {
 			TeamModel cloneTeam = userManager.getTeamModel(name);
-			if (cloneTeam.canClone(repository)) {
-				// origin team can clone origin, grant clone access to fork
+			if (cloneTeam.canClone(repository) && !cloneTeam.canClone(cloneModel)) {
+				// origin team can't yet clone fork, grant explicit clone access
 				cloneTeam.setRepositoryPermission(cloneName, AccessPermission.CLONE);
 			}
 			cloneTeams.add(cloneTeam);

--
Gitblit v1.9.1