From 27ae9095639bb228a1b7ff86a3ebe4264abf05be Mon Sep 17 00:00:00 2001
From: mschaefers <mschaefers@scoop-gmbh.de>
Date: Thu, 29 Nov 2012 12:33:09 -0500
Subject: [PATCH] feature: when using LdapUserService one can configure Gitblit to fetch all users from ldap that can possibly login. This allows to see newly generated LDAP users instantly in Gitblit. By now an LDAP user had to log in once to appear in GitBlit.

---
 src/com/gitblit/RpcFilter.java |   25 ++++++++++++++-----------
 1 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/com/gitblit/RpcFilter.java b/src/com/gitblit/RpcFilter.java
index 2786f2a..1de9fcc 100644
--- a/src/com/gitblit/RpcFilter.java
+++ b/src/com/gitblit/RpcFilter.java
@@ -60,11 +60,11 @@
 		String fullUrl = getFullUrl(httpRequest);
 		RpcRequest requestType = RpcRequest.fromName(httpRequest.getParameter("req"));
 		if (requestType == null) {
-			httpResponse.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED);			
+			httpResponse.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED);
 			return;
 		}
 
-		boolean adminRequest = requestType.exceeds(RpcRequest.LIST_REPOSITORIES);
+		boolean adminRequest = requestType.exceeds(RpcRequest.LIST_SETTINGS);
 
 		// conditionally reject all rpc requests
 		if (!GitBlit.getBoolean(Keys.web.enableRpcServlet, true)) {
@@ -75,22 +75,23 @@
 
 		boolean authenticateView = GitBlit.getBoolean(Keys.web.authenticateViewPages, false);
 		boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);
-		
-		// Wrap the HttpServletRequest with the RpcServletnRequest which
+
+		// Wrap the HttpServletRequest with the RpcServletRequest which
 		// overrides the servlet container user principal methods.
 		AuthenticatedRequest authenticatedRequest = new AuthenticatedRequest(httpRequest);
 		UserModel user = getUser(httpRequest);
 		if (user != null) {
 			authenticatedRequest.setUser(user);
 		}
-		
-		// conditionally reject rpc administration requests
-		if (adminRequest && !GitBlit.getBoolean(Keys.web.enableRpcAdministration, false)) {
-			logger.warn(Keys.web.enableRpcAdministration + " must be set TRUE for administrative rpc requests.");
+
+		// conditionally reject rpc management/administration requests
+		if (adminRequest && !GitBlit.getBoolean(Keys.web.enableRpcManagement, false)) {
+			logger.warn(MessageFormat.format("{0} must be set TRUE for {1} rpc requests.",
+					Keys.web.enableRpcManagement, requestType.toString()));
 			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
 			return;
 		}
-		
+
 		// BASIC authentication challenge and response processing
 		if ((adminRequest && authenticateAdmin) || (!adminRequest && authenticateView)) {
 			if (user == null) {
@@ -104,7 +105,7 @@
 				return;
 			} else {
 				// check user access for request
-				if (user.canAdmin || canAccess(user, requestType)) {
+				if (user.canAdmin() || canAccess(user, requestType)) {
 					// authenticated request permitted.
 					// pass processing to the restricted servlet.
 					newSession(authenticatedRequest, httpResponse);
@@ -134,10 +135,12 @@
 
 	private boolean canAccess(UserModel user, RpcRequest requestType) {
 		switch (requestType) {
+		case GET_PROTOCOL:
+			return true;
 		case LIST_REPOSITORIES:
 			return true;
 		default:
-			return user.canAdmin;
+			return user.canAdmin();
 		}
 	}
 }
\ No newline at end of file

--
Gitblit v1.9.1