From efe8ecb216b0e2f2f1dceb26c4f21dcec1fb497c Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 11 Nov 2011 17:59:15 -0500
Subject: [PATCH] Revised user access checks to account for repository ownership.

---
 src/com/gitblit/AuthenticationFilter.java |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/src/com/gitblit/AuthenticationFilter.java b/src/com/gitblit/AuthenticationFilter.java
index 277b220..caa8a07 100644
--- a/src/com/gitblit/AuthenticationFilter.java
+++ b/src/com/gitblit/AuthenticationFilter.java
@@ -171,7 +171,7 @@
 			super(req);
 			user = new UserModel("anonymous");
 		}
-		
+
 		UserModel getUser() {
 			return user;
 		}
@@ -190,6 +190,9 @@
 			if (role.equals(Constants.ADMIN_ROLE)) {
 				return user.canAdmin;
 			}
+			// Gitblit does not currently use actual roles in the traditional
+			// servlet container sense.  That is the reason this is marked
+			// deprecated, but I may want to revisit this.
 			return user.canAccessRepository(role);
 		}
 

--
Gitblit v1.9.1