Gitblit devel
parent: d020116c | patch | commit | ignore whitespace
James Moger
2014-02-26 ba2f9aa95ee55f3672cd59474c65b959d0fe7fb5 
Do not grant fork CLONE permissions to users/teams with implied regex
CLONE permissions (issue-320)
2 files modified
12 ■■■■■ changed files
releases.moxie 1 ●●●● patch | view | raw | blame | history
src/main/java/com/gitblit/manager/GitblitManager.java 11 ●●●● patch | view | raw | blame | history 
 releases.moxie


@@ -16,6 +16,7 @@


    fixes:


    - Fixed incorrect tagger attribution in the dashboard (issue-276)


    - Fixed support for implied SSH urls in web.otherUrls (issue-311)


    - Fixed injection of unnecessary explicit CLONE permissions for a fork when users or teams already had implied regex permissions (issue-320)


    - Bind LDAP connection after establishing TLS initialization (issue-343)


    - Fixed NPE when attempting to add a permission without a registrant (issue-344)


    - Invalidate all cached repository data on "clear cache" (issue-346)




 src/main/java/com/gitblit/manager/GitblitManager.java


@@ -172,7 +172,8 @@


        if (!ArrayUtils.isEmpty(repository.owners)) {


            for (String owner : repository.owners) {


                UserModel originOwner = userManager.getUserModel(owner);


                if (originOwner != null) {


                if (originOwner != null && !originOwner.canClone(cloneModel)) {


                    // origin owner can't yet clone fork, grant explicit clone access


                    originOwner.setRepositoryPermission(cloneName, AccessPermission.CLONE);


                    reviseUser(originOwner.username, originOwner);


                }


@@ -185,8 +186,8 @@


        for (String name : users) {


            if (!name.equalsIgnoreCase(user.username)) {


                UserModel cloneUser = userManager.getUserModel(name);


                if (cloneUser.canClone(repository)) {


                    // origin user can clone origin, grant clone access to fork


                if (cloneUser.canClone(repository) && !cloneUser.canClone(cloneModel)) {


                    // origin user can't yet clone fork, grant explicit clone access


                    cloneUser.setRepositoryPermission(cloneName, AccessPermission.CLONE);


                }


                cloneUsers.add(cloneUser);


@@ -199,8 +200,8 @@


        List<TeamModel> cloneTeams = new ArrayList<TeamModel>();


        for (String name : teams) {


            TeamModel cloneTeam = userManager.getTeamModel(name);


            if (cloneTeam.canClone(repository)) {


                // origin team can clone origin, grant clone access to fork


            if (cloneTeam.canClone(repository) && !cloneTeam.canClone(cloneModel)) {


                // origin team can't yet clone fork, grant explicit clone access


                cloneTeam.setRepositoryPermission(cloneName, AccessPermission.CLONE);


            }


            cloneTeams.add(cloneTeam);