From cb285cbfddfc0b633d6b8cdb4dc0d2bd2b8b51ef Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 05 Jan 2012 17:34:05 -0500
Subject: [PATCH] Fixed bug in receive hook for repositories in subfolders
---
src/com/gitblit/GitFilter.java | 54 +++++++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 47 insertions(+), 7 deletions(-)
diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java
index b310442..a7f0fe7 100644
--- a/src/com/gitblit/GitFilter.java
+++ b/src/com/gitblit/GitFilter.java
@@ -22,6 +22,14 @@
import com.gitblit.models.UserModel;
import com.gitblit.utils.StringUtils;
+/**
+ * The GitFilter is an AccessRestrictionFilter which ensures that Git client
+ * requests for push, clone, or view restricted repositories are authenticated
+ * and authorized.
+ *
+ * @author James Moger
+ *
+ */
public class GitFilter extends AccessRestrictionFilter {
protected final String gitReceivePack = "/git-receive-pack";
@@ -31,9 +39,16 @@
protected final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",
"/objects" };
+ /**
+ * Extract the repository name from the url.
+ *
+ * @param url
+ * @return repository name
+ */
@Override
protected String extractRepositoryName(String url) {
String repository = url;
+ // get the repository name from the url by finding a known url suffix
for (String urlSuffix : suffixes) {
if (repository.indexOf(urlSuffix) > -1) {
repository = repository.substring(0, repository.indexOf(urlSuffix));
@@ -42,8 +57,15 @@
return repository;
}
+ /**
+ * Analyze the url and returns the action of the request. Return values are
+ * either "/git-receive-pack" or "/git-upload-pack".
+ *
+ * @param serverUrl
+ * @return action of the request
+ */
@Override
- protected String getUrlRequestType(String suffix) {
+ protected String getUrlRequestAction(String suffix) {
if (!StringUtils.isEmpty(suffix)) {
if (suffix.startsWith(gitReceivePack)) {
return gitReceivePack;
@@ -53,27 +75,45 @@
return gitReceivePack;
} else if (suffix.contains("?service=git-upload-pack")) {
return gitUploadPack;
+ } else {
+ return gitUploadPack;
}
}
return null;
}
+ /**
+ * Determine if the repository requires authentication.
+ *
+ * @param repository
+ * @return true if authentication required
+ */
@Override
protected boolean requiresAuthentication(RepositoryModel repository) {
return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
}
+ /**
+ * Determine if the user can access the repository and perform the specified
+ * action.
+ *
+ * @param repository
+ * @param user
+ * @param action
+ * @return true if user may execute the action on the repository
+ */
@Override
- protected boolean canAccess(RepositoryModel repository, UserModel user, String urlRequestType) {
+ protected boolean canAccess(RepositoryModel repository, UserModel user, String action) {
if (!GitBlit.getBoolean(Keys.git.enableGitServlet, true)) {
// Git Servlet disabled
return false;
}
- if (repository.isFrozen || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
- boolean authorizedUser = user.canAccessRepository(repository.name);
- if (urlRequestType.equals(gitReceivePack)) {
+ boolean readOnly = repository.isFrozen;
+ if (readOnly || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
+ boolean authorizedUser = user.canAccessRepository(repository);
+ if (action.equals(gitReceivePack)) {
// Push request
- if (!repository.isFrozen && authorizedUser) {
+ if (!readOnly && authorizedUser) {
// clone-restricted or push-authorized
return true;
} else {
@@ -82,7 +122,7 @@
user.username, repository));
return false;
}
- } else if (urlRequestType.equals(gitUploadPack)) {
+ } else if (action.equals(gitUploadPack)) {
// Clone request
boolean cloneRestricted = repository.accessRestriction
.atLeast(AccessRestrictionType.CLONE);
--
Gitblit v1.9.1