githubFork/gitblit.git - Solinfo Gitblit

			@@ -18,6 +18,7 @@
			import java.text.MessageFormat;

			import com.gitblit.Constants.AccessRestrictionType;
			import com.gitblit.Constants.AuthorizationControl;
			import com.gitblit.models.RepositoryModel;
			import com.gitblit.models.UserModel;
			import com.gitblit.utils.StringUtils;
			@@ -32,12 +33,29 @@
			*/
			public class GitFilter extends AccessRestrictionFilter {

			protected final String gitReceivePack = "/git-receive-pack";
			protected static final String gitReceivePack = "/git-receive-pack";

			protected final String gitUploadPack = "/git-upload-pack";
			protected static final String gitUploadPack = "/git-upload-pack";

			protected final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",
			protected static final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",
			"/objects" };

			/**
			* Extract the repository name from the url.
			*
			* @param url
			* @return repository name
			*/
			public static String getRepositoryName(String value) {
			String repository = value;
			// get the repository name from the url by finding a known url suffix
			for (String urlSuffix : suffixes) {
			if (repository.indexOf(urlSuffix) > -1) {
			repository = repository.substring(0, repository.indexOf(urlSuffix));
			}
			}
			return repository;
			}

			/**
			* Extract the repository name from the url.
			@@ -47,14 +65,7 @@
			*/
			@Override
			protected String extractRepositoryName(String url) {
			String repository = url;
			// get the repository name from the url by finding a known url suffix
			for (String urlSuffix : suffixes) {
			if (repository.indexOf(urlSuffix) > -1) {
			repository = repository.substring(0, repository.indexOf(urlSuffix));
			}
			}
			return repository;
			return GitFilter.getRepositoryName(url);
			}

			/**
			@@ -83,6 +94,16 @@
			}

			/**
			* Determine if a non-existing repository can be created using this filter.
			*
			* @return true if the server allows repository creation on-push
			*/
			@Override
			protected boolean isCreationAllowed() {
			return GitBlit.getBoolean(Keys.git.allowCreateOnPush, true);
			}

			/**
			* Determine if the repository can receive pushes.
			*
			* @param repository
			@@ -91,11 +112,13 @@
			*/
			@Override
			protected boolean isActionAllowed(RepositoryModel repository, String action) {
			if (action.equals(gitReceivePack)) {
			// Push request
			if (!repository.isBare) {
			logger.warn("Gitblit does not allow pushes to repositories with a working copy");
			return false;
			if (!StringUtils.isEmpty(action)) {
			if (action.equals(gitReceivePack)) {
			// Push request
			if (!repository.isBare) {
			logger.warn("Gitblit does not allow pushes to repositories with a working copy");
			return false;
			}
			}
			}
			return true;
			@@ -105,11 +128,19 @@
			* Determine if the repository requires authentication.
			*
			* @param repository
			* @param action
			* @return true if authentication required
			*/
			@Override
			protected boolean requiresAuthentication(RepositoryModel repository) {
			return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
			protected boolean requiresAuthentication(RepositoryModel repository, String action) {
			if (gitUploadPack.equals(action)) {
			// send to client
			return repository.accessRestriction.atLeast(AccessRestrictionType.CLONE);
			} else if (gitReceivePack.equals(action)) {
			// receive from client
			return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
			}
			return false;
			}

			/**
			@@ -127,35 +158,91 @@
			// Git Servlet disabled
			return false;
			}
			boolean readOnly = repository.isFrozen;
			if (readOnly \|\| repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
			boolean authorizedUser = user.canAccessRepository(repository);
			if (action.equals(gitReceivePack)) {
			// Push request
			if (!readOnly && authorizedUser) {
			// clone-restricted or push-authorized
			return true;
			} else {
			// user is unauthorized to push to this repository
			logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",
			user.username, repository));
			return false;
			}
			} else if (action.equals(gitUploadPack)) {
			// Clone request
			boolean cloneRestricted = repository.accessRestriction
			.atLeast(AccessRestrictionType.CLONE);
			if (!cloneRestricted \|\| (cloneRestricted && authorizedUser)) {
			// push-restricted or clone-authorized
			return true;
			} else {
			// user is unauthorized to clone this repository
			logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}",
			user.username, repository));
			return false;
			}
			if (action.equals(gitReceivePack)) {
			// Push request
			if (user.canPush(repository)) {
			return true;
			} else {
			// user is unauthorized to push to this repository
			logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",
			user.username, repository));
			return false;
			}
			} else if (action.equals(gitUploadPack)) {
			// Clone request
			if (user.canClone(repository)) {
			return true;
			} else {
			// user is unauthorized to clone this repository
			logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}",
			user.username, repository));
			return false;
			}
			}
			return true;
			}

			/**
			* An authenticated user with the CREATE role can create a repository on
			* push.
			*
			* @param user
			* @param repository
			* @param action
			* @return the repository model, if it is created, null otherwise
			*/
			@Override
			protected RepositoryModel createRepository(UserModel user, String repository, String action) {
			boolean isPush = !StringUtils.isEmpty(action) && gitReceivePack.equals(action);
			if (isPush) {
			if (user.canCreate(repository)) {
			// user is pushing to a new repository
			// validate name
			if (repository.startsWith("../")) {
			logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository));
			return null;
			}
			if (repository.contains("/../")) {
			logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository));
			return null;
			}

			// confirm valid characters in repository name
			Character c = StringUtils.findInvalidCharacter(repository);
			if (c != null) {
			logger.error(MessageFormat.format("Invalid character '{0}' in repository name {1}!", c, repository));
			return null;
			}

			// create repository
			RepositoryModel model = new RepositoryModel();
			model.name = repository;
			model.owner = user.username;
			model.projectPath = StringUtils.getFirstPathElement(repository);
			if (model.isUsersPersonalRepository(user.username)) {
			// personal repository, default to private for user
			model.authorizationControl = AuthorizationControl.NAMED;
			model.accessRestriction = AccessRestrictionType.VIEW;
			} else {
			// common repository, user default server settings
			model.authorizationControl = AuthorizationControl.fromName(GitBlit.getString(Keys.git.defaultAuthorizationControl, ""));
			model.accessRestriction = AccessRestrictionType.fromName(GitBlit.getString(Keys.git.defaultAccessRestriction, ""));
			}

			// create the repository
			try {
			GitBlit.self().updateRepositoryModel(model.name, model, true);
			logger.info(MessageFormat.format("{0} created {1} ON-PUSH", user.username, model.name));
			return GitBlit.self().getRepositoryModel(model.name);
			} catch (GitBlitException e) {
			logger.error(MessageFormat.format("{0} failed to create repository {1} ON-PUSH!", user.username, model.name), e);
			}
			} else {
			logger.warn(MessageFormat.format("{0} is not permitted to create repository {1} ON-PUSH!", user.username, repository));
			}
			}

			// repository could not be created or action was not a push
			return null;
			}
			}