Gitblit devel
parent: 55dc95d6 | patch | commit | ignore whitespace
James Moger
2014-05-01 0c8b287242e4fa45710a304570934201c8827e3e 
Fix inconsistency with owner permissions check
3 files modified
52 ■■■■ changed files
src/main/java/com/gitblit/models/RepositoryModel.java 4 ●●●● patch | view | raw | blame | history
src/main/java/com/gitblit/models/UserModel.java 6 ●●●● patch | view | raw | blame | history
src/test/java/com/gitblit/tests/PermissionsTest.java 42 ●●●●● patch | view | raw | blame | history 
 src/main/java/com/gitblit/models/RepositoryModel.java


@@ -182,9 +182,9 @@






    public boolean isOwner(String username) {



        if (StringUtils.isEmpty(username) || ArrayUtils.isEmpty(owners)) {



            return false;



            return isUsersPersonalRepository(username);



        }



        return owners.contains(username.toLowerCase());



        return owners.contains(username.toLowerCase()) || isUsersPersonalRepository(username);



    }







    public boolean isPersonalRepository() {





 src/main/java/com/gitblit/models/UserModel.java


@@ -552,15 +552,15 @@


        }



        return false;



    }



	






    /**



     * Returns true if the user is allowed to administer the specified repository



     * 


     *



     * @param repo



     * @return true if the user can administer the repository



     */



    public boolean canAdmin(RepositoryModel repo) {



        return canAdmin() || isMyPersonalRepository(repo.name);



        return canAdmin() || repo.isOwner(username) || isMyPersonalRepository(repo.name);



    }







    public boolean isAuthenticated() {





 src/test/java/com/gitblit/tests/PermissionsTest.java


@@ -2508,7 +2508,7 @@




    @Test


    public void testOwner() throws Exception {


        RepositoryModel repository = new RepositoryModel("myrepo.git", null, null, new Date());


        RepositoryModel repository = new RepositoryModel("~jj/myrepo.git", null, null, new Date());


        repository.authorizationControl = AuthorizationControl.NAMED;


        repository.accessRestriction = AccessRestrictionType.VIEW;




@@ -2530,11 +2530,30 @@




        assertFalse("owner CAN NOT delete!", user.canDelete(repository));


        assertTrue("owner CAN NOT edit!", user.canEdit(repository));




        // test personal repo owner


        UserModel jj = new UserModel("jj");


        assertFalse("jj SHOULD NOT HAVE a repository permission!", jj.hasRepositoryPermission(repository.name));


        assertTrue("jj CAN NOT view!", jj.canView(repository));


        assertTrue("jj CAN NOT clone!", jj.canClone(repository));


        assertTrue("jj CAN NOT push!", jj.canPush(repository));




        assertTrue("jj CAN NOT create ref!", jj.canCreateRef(repository));


        assertTrue("jj CAN NOT delete ref!", jj.canDeleteRef(repository));


        assertTrue("jj CAN NOT rewind ref!", jj.canRewindRef(repository));




        assertEquals("jj has wrong permission!", AccessPermission.REWIND, jj.getRepositoryPermission(repository).permission);




        assertFalse("jj CAN fork!", jj.canFork(repository));




        assertTrue("jj CAN NOT delete!", jj.canDelete(repository));


        assertTrue("jj CAN NOT edit!", jj.canEdit(repository));


        assertTrue(repository.isOwner(jj.username));


    }




    @Test


    public void testMultipleOwners() throws Exception {


        RepositoryModel repository = new RepositoryModel("myrepo.git", null, null, new Date());


        RepositoryModel repository = new RepositoryModel("~jj/myrepo.git", null, null, new Date());


        repository.authorizationControl = AuthorizationControl.NAMED;


        repository.accessRestriction = AccessRestrictionType.VIEW;




@@ -2579,6 +2598,25 @@




        assertTrue(repository.isOwner(user.username));


        assertTrue(repository.isOwner(user2.username));




        // test personal repo owner


        UserModel jj = new UserModel("jj");


        assertFalse("jj SHOULD NOT HAVE a repository permission!", jj.hasRepositoryPermission(repository.name));


        assertTrue("jj CAN NOT view!", jj.canView(repository));


        assertTrue("jj CAN NOT clone!", jj.canClone(repository));


        assertTrue("jj CAN NOT push!", jj.canPush(repository));




        assertTrue("jj CAN NOT create ref!", jj.canCreateRef(repository));


        assertTrue("jj CAN NOT delete ref!", jj.canDeleteRef(repository));


        assertTrue("jj CAN NOT rewind ref!", jj.canRewindRef(repository));




        assertEquals("jj has wrong permission!", AccessPermission.REWIND, jj.getRepositoryPermission(repository).permission);




        assertFalse("jj CAN fork!", jj.canFork(repository));




        assertTrue("jj CAN NOT delete!", jj.canDelete(repository));


        assertTrue("jj CAN NOT edit!", jj.canEdit(repository));


        assertTrue(repository.isOwner(jj.username));


    }




    @Test