From cb285cbfddfc0b633d6b8cdb4dc0d2bd2b8b51ef Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 05 Jan 2012 17:34:05 -0500
Subject: [PATCH] Fixed bug in receive hook for repositories in subfolders

---
 src/com/gitblit/DownloadZipServlet.java |   46 +++++++++++++++++++++++++++++-----------------
 1 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/src/com/gitblit/DownloadZipServlet.java b/src/com/gitblit/DownloadZipServlet.java
index 86ca4e7..ed3aa55 100644
--- a/src/com/gitblit/DownloadZipServlet.java
+++ b/src/com/gitblit/DownloadZipServlet.java
@@ -25,11 +25,16 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.gitblit.Constants.AccessRestrictionType;
-import com.gitblit.models.RepositoryModel;
 import com.gitblit.utils.JGitUtils;
 import com.gitblit.utils.StringUtils;
 
+/**
+ * Streams out a zip file from the specified repository for any tree path at any
+ * revision.
+ * 
+ * @author James Moger
+ * 
+ */
 public class DownloadZipServlet extends HttpServlet {
 
 	private static final long serialVersionUID = 1L;
@@ -40,12 +45,32 @@
 		super();
 	}
 
+	/**
+	 * Returns an url to this servlet for the specified parameters.
+	 * 
+	 * @param baseURL
+	 * @param repository
+	 * @param objectId
+	 * @param path
+	 * @return an url
+	 */
 	public static String asLink(String baseURL, String repository, String objectId, String path) {
-		return baseURL + (baseURL.endsWith("/") ? "" : "/") + "zip?r=" + repository
+		if (baseURL.length() > 0 && baseURL.charAt(baseURL.length() - 1) == '/') {
+			baseURL = baseURL.substring(0, baseURL.length() - 1);
+		}
+		return baseURL + Constants.ZIP_PATH + "?r=" + repository
 				+ (path == null ? "" : ("&p=" + path))
 				+ (objectId == null ? "" : ("&h=" + objectId));
 	}
 
+	/**
+	 * Creates a zip stream from the repository of the requested data.
+	 * 
+	 * @param request
+	 * @param response
+	 * @throws javax.servlet.ServletException
+	 * @throws java.io.IOException
+	 */
 	private void processRequest(javax.servlet.http.HttpServletRequest request,
 			javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException,
 			java.io.IOException {
@@ -53,8 +78,8 @@
 			logger.warn("Zip downloads are disabled");
 			response.sendError(HttpServletResponse.SC_FORBIDDEN);
 			return;
-
 		}
+		
 		String repository = request.getParameter("r");
 		String basePath = request.getParameter("p");
 		String objectId = request.getParameter("h");
@@ -65,18 +90,6 @@
 				name = name.substring(name.lastIndexOf('/') + 1);
 			}
 
-			// check roles first
-			boolean authorized = request.isUserInRole(Constants.ADMIN_ROLE);
-			authorized |= request.isUserInRole(repository);
-
-			if (!authorized) {
-				RepositoryModel model = GitBlit.self().getRepositoryModel(repository);
-				if (model.accessRestriction.atLeast(AccessRestrictionType.VIEW)) {
-					logger.warn("Unauthorized access via zip servlet for " + model.name);
-					response.sendError(HttpServletResponse.SC_FORBIDDEN);
-					return;
-				}
-			}
 			if (!StringUtils.isEmpty(basePath)) {
 				name += "-" + basePath.replace('/', '_');
 			}
@@ -89,7 +102,6 @@
 			Date date = JGitUtils.getCommitDate(commit);
 			String contentType = "application/octet-stream";
 			response.setContentType(contentType + "; charset=" + response.getCharacterEncoding());
-			// response.setContentLength(attachment.getFileSize());
 			response.setHeader("Content-Disposition", "attachment; filename=\"" + name + ".zip"
 					+ "\"");
 			response.setDateHeader("Last-Modified", date.getTime());

--
Gitblit v1.9.1