From f22a0633d08e38ac4bf92b5165a708e11b4d6598 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 03 Oct 2012 17:31:37 -0400
Subject: [PATCH] Implemented support for toggling User.canFork in Manager

---
 src/com/gitblit/models/UserModel.java |  150 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 142 insertions(+), 8 deletions(-)

diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java
index 797c14e..6d5de3b 100644
--- a/src/com/gitblit/models/UserModel.java
+++ b/src/com/gitblit/models/UserModel.java
@@ -16,38 +16,172 @@
 package com.gitblit.models;
 
 import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.List;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
 
-public class UserModel implements Serializable {
+import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
+import com.gitblit.utils.StringUtils;
+
+/**
+ * UserModel is a serializable model class that represents a user and the user's
+ * restricted repository memberships. Instances of UserModels are also used as
+ * servlet user principals.
+ * 
+ * @author James Moger
+ * 
+ */
+public class UserModel implements Principal, Serializable, Comparable<UserModel> {
 
 	private static final long serialVersionUID = 1L;
 
+	public static final UserModel ANONYMOUS = new UserModel();
+	
 	// field names are reflectively mapped in EditUser page
 	public String username;
 	public String password;
+	public String cookie;
+	public String displayName;
+	public String emailAddress;
 	public boolean canAdmin;
-	public final List<String> repositories = new ArrayList<String>();
+	public boolean canFork;
+	public boolean excludeFromFederation;
+	public final Set<String> repositories = new HashSet<String>();
+	public final Set<TeamModel> teams = new HashSet<TeamModel>();
 
+	// non-persisted fields
+	public boolean isAuthenticated;
+	
 	public UserModel(String username) {
 		this.username = username;
+		this.isAuthenticated = true;
 	}
 
+	private UserModel() {
+		this.username = "anonymous";
+		this.isAuthenticated = false;
+	}
+
+	/**
+	 * This method does not take into consideration Ownership where the
+	 * administrator has not explicitly granted access to the owner.
+	 * 
+	 * @param repositoryName
+	 * @return
+	 */
+	@Deprecated
 	public boolean canAccessRepository(String repositoryName) {
-		return canAdmin || repositories.contains(repositoryName);
+		return canAdmin || repositories.contains(repositoryName.toLowerCase())
+				|| hasTeamAccess(repositoryName);
 	}
 
-	public void setRepositories(List<String> repositories) {
-		this.repositories.clear();
-		this.repositories.addAll(repositories);
+	public boolean canAccessRepository(RepositoryModel repository) {
+		boolean isOwner = !StringUtils.isEmpty(repository.owner)
+				&& repository.owner.equals(username);
+		boolean allowAuthenticated = isAuthenticated && AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl);
+		return canAdmin || isOwner || repositories.contains(repository.name.toLowerCase())
+				|| hasTeamAccess(repository.name) || allowAuthenticated;
+	}
+
+	public boolean hasTeamAccess(String repositoryName) {
+		for (TeamModel team : teams) {
+			if (team.hasRepository(repositoryName)) {
+				return true;
+			}
+		}
+		return false;
+	}
+	
+	public boolean canViewRepository(RepositoryModel repository) {
+		if (canAdmin) {
+			return true;
+		}
+		if (repository.accessRestriction.atLeast(AccessRestrictionType.VIEW)) {
+			return canAccessRepository(repository);
+		}
+		return true;
+	}
+	
+	public boolean canForkRepository(RepositoryModel repository) {
+		if (canAdmin) {
+			return true;
+		}
+		if (!canFork) {
+			// user has been prohibited from forking
+			return false;
+		}
+		if (!isAuthenticated) {
+			// unauthenticated user model
+			return false;
+		}
+		if (("~" + username).equalsIgnoreCase(repository.projectPath)) {
+			// this repository is already a personal repository
+			return false;
+		}
+		if (!repository.allowForks) {
+			// repository prohibits forks
+			return false;
+		}
+		if (repository.accessRestriction.atLeast(AccessRestrictionType.CLONE)) {
+			return canAccessRepository(repository);
+		}
+		// repository is not clone-restricted
+		return true;
+	}
+
+	public boolean hasRepository(String name) {
+		return repositories.contains(name.toLowerCase());
 	}
 
 	public void addRepository(String name) {
 		repositories.add(name.toLowerCase());
 	}
 
+	public void removeRepository(String name) {
+		repositories.remove(name.toLowerCase());
+	}
+
+	public boolean isTeamMember(String teamname) {
+		for (TeamModel team : teams) {
+			if (team.name.equalsIgnoreCase(teamname)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	public TeamModel getTeam(String teamname) {
+		if (teams == null) {
+			return null;
+		}
+		for (TeamModel team : teams) {
+			if (team.name.equalsIgnoreCase(teamname)) {
+				return team;
+			}
+		}
+		return null;
+	}
+
+	@Override
+	public String getName() {
+		return username;
+	}
+	
+	public String getDisplayName() {
+		if (StringUtils.isEmpty(displayName)) {
+			return username;
+		}
+		return displayName;
+	}
+
 	@Override
 	public String toString() {
 		return username;
 	}
+
+	@Override
+	public int compareTo(UserModel o) {
+		return username.compareTo(o.username);
+	}
 }

--
Gitblit v1.9.1