From efe8ecb216b0e2f2f1dceb26c4f21dcec1fb497c Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 11 Nov 2011 17:59:15 -0500
Subject: [PATCH] Revised user access checks to account for repository ownership.

---
 src/com/gitblit/models/UserModel.java |   16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java
index fcf2b26..dadc44e 100644
--- a/src/com/gitblit/models/UserModel.java
+++ b/src/com/gitblit/models/UserModel.java
@@ -20,6 +20,8 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import com.gitblit.utils.StringUtils;
+
 /**
  * UserModel is a serializable model class that represents a user and the user's
  * restricted repository memberships. Instances of UserModels are also used as
@@ -43,10 +45,24 @@
 		this.username = username;
 	}
 
+	/**
+	 * This method does not take into consideration Ownership where the
+	 * administrator has not explicitly granted access to the owner.
+	 * 
+	 * @param repositoryName
+	 * @return
+	 */
+	@Deprecated
 	public boolean canAccessRepository(String repositoryName) {
 		return canAdmin || repositories.contains(repositoryName.toLowerCase());
 	}
 
+	public boolean canAccessRepository(RepositoryModel repository) {
+		boolean isOwner = !StringUtils.isEmpty(repository.owner)
+				&& repository.owner.equals(username);
+		return canAdmin || isOwner || repositories.contains(repository.name.toLowerCase());
+	}
+
 	public void addRepository(String name) {
 		repositories.add(name.toLowerCase());
 	}

--
Gitblit v1.9.1