Gitblit devel
view | history | commit | commitdiff
lemval
2012-01-31 1c30dad2115fc513791d8a5b292ad0f7d7b85749
commit | author | age
f13c4c 1 /*
JM 2  * Copyright 2011 gitblit.com.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
94b96b 16 package com.gitblit.wicket;
JM 17
18 import org.apache.wicket.Component;
19 import org.apache.wicket.RestartResponseAtInterceptPageException;
20 import org.apache.wicket.authorization.IUnauthorizedComponentInstantiationListener;
21 import org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy;
22
b55030 23 import com.gitblit.GitBlit;
JM 24 import com.gitblit.Keys;
1f9dae 25 import com.gitblit.models.UserModel;
JM 26 import com.gitblit.wicket.pages.BasePage;
94b96b 27 import com.gitblit.wicket.pages.RepositoriesPage;
JM 28
2a7306 29 public class AuthorizationStrategy extends AbstractPageAuthorizationStrategy implements
JM 30         IUnauthorizedComponentInstantiationListener {
94b96b 31
JM 32     public AuthorizationStrategy() {
33     }
34
35     @SuppressWarnings({ "unchecked", "rawtypes" })
36     @Override
37     protected boolean isPageAuthorized(Class pageClass) {
8c5d72 38         if (RepositoriesPage.class.equals(pageClass)) {
JM 39             // allow all requests to get to the RepositoriesPage with its inline
40             // authentication form
41             return true;
42         }
43
87cc1e 44         if (BasePage.class.isAssignableFrom(pageClass)) {
2a7306 45             boolean authenticateView = GitBlit.getBoolean(Keys.web.authenticateViewPages, true);
JM 46             boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);
47             boolean allowAdmin = GitBlit.getBoolean(Keys.web.allowAdministration, true);
48
49             GitBlitWebSession session = GitBlitWebSession.get();
b55030 50             if (authenticateView && !session.isLoggedIn()) {
JM 51                 // authentication required
87cc1e 52                 return false;
b55030 53             }
2a7306 54
511554 55             UserModel user = session.getUser();
1f9dae 56             if (pageClass.isAnnotationPresent(RequiresAdminRole.class)) {
b55030 57                 // admin page
JM 58                 if (allowAdmin) {
59                     if (authenticateAdmin) {
60                         // authenticate admin
61                         if (user != null) {
2a7306 62                             return user.canAdmin;
b55030 63                         }
JM 64                         return false;
65                     } else {
66                         // no admin authentication required
67                         return true;
68                     }
69                 } else {
2a7306 70                     // admin prohibited
b55030 71                     return false;
JM 72                 }
87cc1e 73             }
JM 74         }
94b96b 75         return true;
JM 76     }
77
78     @Override
79     public void onUnauthorizedInstantiation(Component component) {
155bf7 80         if (component instanceof BasePage) {
a7571b 81             throw new RestartResponseAtInterceptPageException(RepositoriesPage.class);
94b96b 82         }
JM 83     }
84 }