From a502d96a860456ec5e8c96761db70f7cabb74751 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 30 Apr 2016 04:19:14 -0400
Subject: [PATCH] Merge pull request #1073 from gitblit/1062-DocEditorUpdates

---
 src/main/java/com/gitblit/servlet/RpcFilter.java |   41 ++++++++++++++---------------------------
 1 files changed, 14 insertions(+), 27 deletions(-)

diff --git a/src/main/java/com/gitblit/servlet/RpcFilter.java b/src/main/java/com/gitblit/servlet/RpcFilter.java
index 02f419f..355bcb9 100644
--- a/src/main/java/com/gitblit/servlet/RpcFilter.java
+++ b/src/main/java/com/gitblit/servlet/RpcFilter.java
@@ -18,8 +18,8 @@
 import java.io.IOException;
 import java.text.MessageFormat;
 
-import javax.inject.Inject;
-import javax.inject.Singleton;
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
@@ -27,13 +27,11 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import com.gitblit.Constants;
+import com.gitblit.Constants.RpcRequest;
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
-import com.gitblit.Constants.RpcRequest;
-import com.gitblit.Keys.web;
+import com.gitblit.manager.IAuthenticationManager;
 import com.gitblit.manager.IRuntimeManager;
-import com.gitblit.manager.ISessionManager;
 import com.gitblit.models.UserModel;
 
 /**
@@ -52,17 +50,19 @@
 @Singleton
 public class RpcFilter extends AuthenticationFilter {
 
-	private final IStoredSettings settings;
+	private IStoredSettings settings;
 
-	private final IRuntimeManager runtimeManager;
+	private IRuntimeManager runtimeManager;
 
 	@Inject
 	public RpcFilter(
+			IStoredSettings settings,
 			IRuntimeManager runtimeManager,
-			ISessionManager sessionManager) {
+			IAuthenticationManager authenticationManager) {
 
-		super(sessionManager);
-		this.settings = runtimeManager.getSettings();
+		super(authenticationManager);
+
+		this.settings = settings;
 		this.runtimeManager = runtimeManager;
 	}
 
@@ -128,7 +128,7 @@
 				return;
 			} else {
 				// check user access for request
-				if (user.canAdmin() || canAccess(user, requestType)) {
+				if (user.canAdmin() || !adminRequest) {
 					// authenticated request permitted.
 					// pass processing to the restricted servlet.
 					newSession(authenticatedRequest, httpResponse);
@@ -138,10 +138,8 @@
 					return;
 				}
 				// valid user, but not for requested access. send 403.
-				if (runtimeManager.isDebugMode()) {
-					logger.info(MessageFormat.format("RPC: {0} forbidden to access {1}",
+				logger.warn(MessageFormat.format("RPC: {0} forbidden to access {1}",
 							user.username, fullUrl));
-				}
 				httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
 				return;
 			}
@@ -155,15 +153,4 @@
 		// pass processing to the restricted servlet.
 		chain.doFilter(authenticatedRequest, httpResponse);
 	}
-
-	private boolean canAccess(UserModel user, RpcRequest requestType) {
-		switch (requestType) {
-		case GET_PROTOCOL:
-			return true;
-		case LIST_REPOSITORIES:
-			return true;
-		default:
-			return user.canAdmin();
-		}
-	}
-}
\ No newline at end of file
+}

--
Gitblit v1.9.1