From f90dc635928f367f9078f814488c7e385ebc4e2e Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 20 May 2011 17:31:07 -0400
Subject: [PATCH] Documentation.

---
 src/com/gitblit/wicket/AuthorizationStrategy.java |   52 ++++++++++++++++++++++++++++++++++++----------------
 1 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/src/com/gitblit/wicket/AuthorizationStrategy.java b/src/com/gitblit/wicket/AuthorizationStrategy.java
index b99ad6d..d5a59ab 100644
--- a/src/com/gitblit/wicket/AuthorizationStrategy.java
+++ b/src/com/gitblit/wicket/AuthorizationStrategy.java
@@ -5,6 +5,9 @@
 import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;
 import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy;
 
+import com.gitblit.GitBlit;
+import com.gitblit.Keys;
+import com.gitblit.wicket.models.UserModel;
 import com.gitblit.wicket.pages.RepositoriesPage;
 
 public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements IUnauthorizedComponentInstantiationListener {
@@ -15,31 +18,48 @@
 	@SuppressWarnings({ "unchecked", "rawtypes" })
 	@Override
 	protected boolean isPageAuthorized(Class pageClass) {
-		if (BasePage.class.isAssignableFrom(pageClass))
-			return isAuthorized(pageClass);
-		// Return contruction by default
+		if (BasePage.class.isAssignableFrom(pageClass)) {
+			boolean authenticateView = GitBlit.self().settings().getBoolean(Keys.web.authenticateViewPages, true);
+			boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true);
+			boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true);
+			
+			GitBlitWebSession session = GitBlitWebSession.get();			
+			if (authenticateView && !session.isLoggedIn()) {
+				// authentication required
+				return false;
+			}
+			
+			UserModel user = session.getUser();
+			if (pageClass.isAnnotationPresent(AdminPage.class)) {
+				// admin page
+				if (allowAdmin) {
+					if (authenticateAdmin) {
+						// authenticate admin
+						if (user != null) {
+							return user.canAdmin();
+						}
+						return false;
+					} else {
+						// no admin authentication required
+						return true;
+					}
+				} else {
+					//admin prohibited
+					return false;
+				}
+			}
+		}
 		return true;
 	}
 
 	@Override
 	public void onUnauthorizedInstantiation(Component component) {
-		if (component instanceof BasePage) {			
-			GitBlitWebSession session = GitBlitWebSession.get();			
+		if (component instanceof BasePage) {
+			GitBlitWebSession session = GitBlitWebSession.get();
 			if (!session.isLoggedIn())
 				throw new RestartResponseAtInterceptPageException(LoginPage.class);
 			else
 				throw new RestartResponseAtInterceptPageException(RepositoriesPage.class);
 		}
-	}
-
-	protected boolean isAuthorized(Class<? extends BasePage> pageClass) {
-		GitBlitWebSession session = GitBlitWebSession.get();
-		if (!session.isLoggedIn())
-			return false;
-		User user = session.getUser();
-		if (pageClass.isAnnotationPresent(AdminPage.class)) {
-			
-		}
-		return true;
 	}
 }

--
Gitblit v1.9.1