From f22a0633d08e38ac4bf92b5165a708e11b4d6598 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 03 Oct 2012 17:31:37 -0400
Subject: [PATCH] Implemented support for toggling User.canFork in Manager

---
 src/com/gitblit/GitFilter.java |  113 ++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 96 insertions(+), 17 deletions(-)

diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java
index b310442..8ce4d3a 100644
--- a/src/com/gitblit/GitFilter.java
+++ b/src/com/gitblit/GitFilter.java
@@ -22,18 +22,32 @@
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.StringUtils;
 
+/**
+ * The GitFilter is an AccessRestrictionFilter which ensures that Git client
+ * requests for push, clone, or view restricted repositories are authenticated
+ * and authorized.
+ * 
+ * @author James Moger
+ * 
+ */
 public class GitFilter extends AccessRestrictionFilter {
 
-	protected final String gitReceivePack = "/git-receive-pack";
+	protected static final String gitReceivePack = "/git-receive-pack";
 
-	protected final String gitUploadPack = "/git-upload-pack";
+	protected static final String gitUploadPack = "/git-upload-pack";
 
-	protected final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",
+	protected static final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",
 			"/objects" };
 
-	@Override
-	protected String extractRepositoryName(String url) {
-		String repository = url;
+	/**
+	 * Extract the repository name from the url.
+	 * 
+	 * @param url
+	 * @return repository name
+	 */
+	public static String getRepositoryName(String value) {
+		String repository = value;
+		// get the repository name from the url by finding a known url suffix
 		for (String urlSuffix : suffixes) {
 			if (repository.indexOf(urlSuffix) > -1) {
 				repository = repository.substring(0, repository.indexOf(urlSuffix));
@@ -42,8 +56,26 @@
 		return repository;
 	}
 
+	/**
+	 * Extract the repository name from the url.
+	 * 
+	 * @param url
+	 * @return repository name
+	 */
 	@Override
-	protected String getUrlRequestType(String suffix) {
+	protected String extractRepositoryName(String url) {
+		return GitFilter.getRepositoryName(url);
+	}
+
+	/**
+	 * Analyze the url and returns the action of the request. Return values are
+	 * either "/git-receive-pack" or "/git-upload-pack".
+	 * 
+	 * @param serverUrl
+	 * @return action of the request
+	 */
+	@Override
+	protected String getUrlRequestAction(String suffix) {
 		if (!StringUtils.isEmpty(suffix)) {
 			if (suffix.startsWith(gitReceivePack)) {
 				return gitReceivePack;
@@ -53,27 +85,74 @@
 				return gitReceivePack;
 			} else if (suffix.contains("?service=git-upload-pack")) {
 				return gitUploadPack;
+			} else {
+				return gitUploadPack;
 			}
 		}
 		return null;
 	}
-
+	
+	/**
+	 * Determine if the repository can receive pushes.
+	 * 
+	 * @param repository
+	 * @param action
+	 * @return true if the action may be performed
+	 */
 	@Override
-	protected boolean requiresAuthentication(RepositoryModel repository) {
-		return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
+	protected boolean isActionAllowed(RepositoryModel repository, String action) {
+		if (!StringUtils.isEmpty(action)) {
+			if (action.equals(gitReceivePack)) {
+				// Push request
+				if (!repository.isBare) {
+					logger.warn("Gitblit does not allow pushes to repositories with a working copy");
+					return false;
+				}
+			}
+		}
+		return true;
 	}
 
+	/**
+	 * Determine if the repository requires authentication.
+	 * 
+	 * @param repository
+	 * @param action
+	 * @return true if authentication required
+	 */
 	@Override
-	protected boolean canAccess(RepositoryModel repository, UserModel user, String urlRequestType) {
+	protected boolean requiresAuthentication(RepositoryModel repository, String action) {
+		if (gitUploadPack.equals(action)) {
+			// send to client
+			return repository.accessRestriction.atLeast(AccessRestrictionType.CLONE);	
+		} else if (gitReceivePack.equals(action)) {
+			// receive from client
+			return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
+		}
+		return false;
+	}
+
+	/**
+	 * Determine if the user can access the repository and perform the specified
+	 * action.
+	 * 
+	 * @param repository
+	 * @param user
+	 * @param action
+	 * @return true if user may execute the action on the repository
+	 */
+	@Override
+	protected boolean canAccess(RepositoryModel repository, UserModel user, String action) {
 		if (!GitBlit.getBoolean(Keys.git.enableGitServlet, true)) {
 			// Git Servlet disabled
 			return false;
-		}
-		if (repository.isFrozen || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
-			boolean authorizedUser = user.canAccessRepository(repository.name);
-			if (urlRequestType.equals(gitReceivePack)) {
+		}		
+		boolean readOnly = repository.isFrozen;	
+		if (readOnly || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
+			boolean authorizedUser = user.canAccessRepository(repository);
+			if (action.equals(gitReceivePack)) {
 				// Push request
-				if (!repository.isFrozen && authorizedUser) {
+				if (!readOnly && authorizedUser) {
 					// clone-restricted or push-authorized
 					return true;
 				} else {
@@ -82,7 +161,7 @@
 							user.username, repository));
 					return false;
 				}
-			} else if (urlRequestType.equals(gitUploadPack)) {
+			} else if (action.equals(gitUploadPack)) {
 				// Clone request
 				boolean cloneRestricted = repository.accessRestriction
 						.atLeast(AccessRestrictionType.CLONE);

--
Gitblit v1.9.1