From eecaad8b8e2c447429c31a01d49260ddd6b4ee03 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 16 Apr 2016 17:35:32 -0400
Subject: [PATCH] Proof of concept #1026

---
 src/main/java/com/gitblit/wicket/pages/PatchPage.java |   27 +++++++++++++++++++--------
 1 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/PatchPage.java b/src/main/java/com/gitblit/wicket/pages/PatchPage.java
index be959d0..bd904e1 100644
--- a/src/main/java/com/gitblit/wicket/pages/PatchPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/PatchPage.java
@@ -16,12 +16,12 @@
 package com.gitblit.wicket.pages;
 
 import org.apache.wicket.PageParameters;
-import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.markup.html.basic.Label;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.revwalk.RevCommit;
 
-import com.gitblit.GitBlit;
+import com.gitblit.models.RepositoryModel;
+import com.gitblit.models.UserModel;
 import com.gitblit.utils.DiffUtils;
 import com.gitblit.utils.JGitUtils;
 import com.gitblit.utils.StringUtils;
@@ -31,15 +31,14 @@
 import com.gitblit.wicket.WicketUtils;
 
 @CacheControl(LastModified.BOOT)
-public class PatchPage extends WebPage {
+public class PatchPage extends SessionPage {
 
-	public PatchPage(PageParameters params) {
+	public PatchPage(final PageParameters params) {
 		super(params);
 
 		if (!params.containsKey("r")) {
-			GitBlitWebSession.get().cacheErrorMessage(getString("gb.repositoryNotSpecified"));
+			error(getString("gb.repositoryNotSpecified"));
 			redirectToInterceptPage(new RepositoriesPage());
-			return;
 		}
 
 		final String repositoryName = WicketUtils.getRepositoryName(params);
@@ -47,9 +46,20 @@
 		final String objectId = WicketUtils.getObject(params);
 		final String blobPath = WicketUtils.getPath(params);
 
-		Repository r = GitBlit.self().getRepository(repositoryName);
+		GitBlitWebSession session = GitBlitWebSession.get();
+		UserModel user = session.getUser();
+
+		RepositoryModel model = app().repositories().getRepositoryModel(user, repositoryName);
+		if (model == null) {
+			// user does not have permission
+			error(getString("gb.canNotLoadRepository") + " " + repositoryName);
+			redirectToInterceptPage(new RepositoriesPage());
+			return;
+		}
+
+		Repository r = app().repositories().getRepository(repositoryName);
 		if (r == null) {
-			GitBlitWebSession.get().cacheErrorMessage(getString("gb.canNotLoadRepository") + " " + repositoryName);
+			error(getString("gb.canNotLoadRepository") + " " + repositoryName);
 			redirectToInterceptPage(new RepositoriesPage());
 			return;
 		}
@@ -69,4 +79,5 @@
 		add(new Label("patchText", patch));
 		r.close();
 	}
+
 }

--
Gitblit v1.9.1