From f22a0633d08e38ac4bf92b5165a708e11b4d6598 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 03 Oct 2012 17:31:37 -0400
Subject: [PATCH] Implemented support for toggling User.canFork in Manager
---
src/com/gitblit/GitFilter.java | 68 +++++++++++++++++++++++++++------
1 files changed, 55 insertions(+), 13 deletions(-)
diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java
index 3011413..8ce4d3a 100644
--- a/src/com/gitblit/GitFilter.java
+++ b/src/com/gitblit/GitFilter.java
@@ -32,11 +32,11 @@
*/
public class GitFilter extends AccessRestrictionFilter {
- protected final String gitReceivePack = "/git-receive-pack";
+ protected static final String gitReceivePack = "/git-receive-pack";
- protected final String gitUploadPack = "/git-upload-pack";
+ protected static final String gitUploadPack = "/git-upload-pack";
- protected final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",
+ protected static final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",
"/objects" };
/**
@@ -45,9 +45,8 @@
* @param url
* @return repository name
*/
- @Override
- protected String extractRepositoryName(String url) {
- String repository = url;
+ public static String getRepositoryName(String value) {
+ String repository = value;
// get the repository name from the url by finding a known url suffix
for (String urlSuffix : suffixes) {
if (repository.indexOf(urlSuffix) > -1) {
@@ -58,10 +57,21 @@
}
/**
+ * Extract the repository name from the url.
+ *
+ * @param url
+ * @return repository name
+ */
+ @Override
+ protected String extractRepositoryName(String url) {
+ return GitFilter.getRepositoryName(url);
+ }
+
+ /**
* Analyze the url and returns the action of the request. Return values are
* either "/git-receive-pack" or "/git-upload-pack".
*
- * @param url
+ * @param serverUrl
* @return action of the request
*/
@Override
@@ -75,20 +85,51 @@
return gitReceivePack;
} else if (suffix.contains("?service=git-upload-pack")) {
return gitUploadPack;
+ } else {
+ return gitUploadPack;
}
}
return null;
+ }
+
+ /**
+ * Determine if the repository can receive pushes.
+ *
+ * @param repository
+ * @param action
+ * @return true if the action may be performed
+ */
+ @Override
+ protected boolean isActionAllowed(RepositoryModel repository, String action) {
+ if (!StringUtils.isEmpty(action)) {
+ if (action.equals(gitReceivePack)) {
+ // Push request
+ if (!repository.isBare) {
+ logger.warn("Gitblit does not allow pushes to repositories with a working copy");
+ return false;
+ }
+ }
+ }
+ return true;
}
/**
* Determine if the repository requires authentication.
*
* @param repository
+ * @param action
* @return true if authentication required
*/
@Override
- protected boolean requiresAuthentication(RepositoryModel repository) {
- return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
+ protected boolean requiresAuthentication(RepositoryModel repository, String action) {
+ if (gitUploadPack.equals(action)) {
+ // send to client
+ return repository.accessRestriction.atLeast(AccessRestrictionType.CLONE);
+ } else if (gitReceivePack.equals(action)) {
+ // receive from client
+ return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
+ }
+ return false;
}
/**
@@ -105,12 +146,13 @@
if (!GitBlit.getBoolean(Keys.git.enableGitServlet, true)) {
// Git Servlet disabled
return false;
- }
- if (repository.isFrozen || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
- boolean authorizedUser = user.canAccessRepository(repository.name);
+ }
+ boolean readOnly = repository.isFrozen;
+ if (readOnly || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
+ boolean authorizedUser = user.canAccessRepository(repository);
if (action.equals(gitReceivePack)) {
// Push request
- if (!repository.isFrozen && authorizedUser) {
+ if (!readOnly && authorizedUser) {
// clone-restricted or push-authorized
return true;
} else {
--
Gitblit v1.9.1