From 6069be20b5ebb786a1b890fa9c91350ffd355b0f Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 18 Nov 2015 09:15:50 -0500
Subject: [PATCH] Require admin permissions to view the filestore page
---
src/main/java/com/gitblit/wicket/pages/FilestorePage.java | 44 +++++++++++++++++---------------------------
src/main/java/com/gitblit/wicket/pages/RootPage.java | 16 +++++++++-------
2 files changed, 26 insertions(+), 34 deletions(-)
diff --git a/src/main/java/com/gitblit/wicket/pages/FilestorePage.java b/src/main/java/com/gitblit/wicket/pages/FilestorePage.java
index 5f103ed..97d5f25 100644
--- a/src/main/java/com/gitblit/wicket/pages/FilestorePage.java
+++ b/src/main/java/com/gitblit/wicket/pages/FilestorePage.java
@@ -29,51 +29,41 @@
import org.apache.wicket.markup.repeater.data.ListDataProvider;
import com.gitblit.Constants;
-import com.gitblit.Keys;
import com.gitblit.models.FilestoreModel;
import com.gitblit.models.UserModel;
import com.gitblit.wicket.FilestoreUI;
-import com.gitblit.wicket.GitBlitWebSession;
+import com.gitblit.wicket.RequiresAdminRole;
import com.gitblit.wicket.WicketUtils;
/**
* Page to display the current status of the filestore.
- * Certain errors also displayed to aid in fault finding
+ * Certain errors also displayed to aid in fault finding
*
* @author Paul Martin
- *
- *
*/
+@RequiresAdminRole
public class FilestorePage extends RootPage {
public FilestorePage() {
super();
setupPage("", "");
- // check to see if we should display a login message
- boolean authenticateView = app().settings().getBoolean(Keys.web.authenticateViewPages, true);
- if (authenticateView && !GitBlitWebSession.get().isLoggedIn()) {
- String messageSource = app().settings().getString(Keys.web.loginMessage, "gitblit");
- return;
- }
-
+
final List<FilestoreModel> files = app().filestore().getAllObjects();
final long nBytesUsed = app().filestore().getFilestoreUsedByteCount();
final long nBytesAvailable = app().filestore().getFilestoreAvailableByteCount();
-
- // Load the markdown welcome message
- String messageSource = app().settings().getString(Keys.web.repositoriesMessage, "gitblit");
- String message = MessageFormat.format(getString("gb.filestoreStats"), files.size(),
- FileUtils.byteCountToDisplaySize(nBytesUsed), FileUtils.byteCountToDisplaySize(nBytesAvailable) );
+
+ String message = MessageFormat.format(getString("gb.filestoreStats"), files.size(),
+ FileUtils.byteCountToDisplaySize(nBytesUsed), FileUtils.byteCountToDisplaySize(nBytesAvailable) );
Component repositoriesMessage = new Label("repositoriesMessage", message)
.setEscapeModelStrings(false).setVisible(message.length() > 0);
-
+
add(repositoriesMessage);
-
+
BookmarkablePageLink<Void> helpLink = new BookmarkablePageLink<Void>("filestoreHelp", FilestoreUsage.class);
helpLink.add(new Label("helpMessage", getString("gb.filestoreHelp")));
add(helpLink);
-
+
DataView<FilestoreModel> filesView = new DataView<FilestoreModel>("fileRow",
new ListDataProvider<FilestoreModel>(files)) {
@@ -89,26 +79,26 @@
@Override
public void populateItem(final Item<FilestoreModel> item) {
final FilestoreModel entry = item.getModelObject();
-
+
DateFormat dateFormater = new SimpleDateFormat(Constants.ISO8601);
-
+
UserModel user = app().users().getUserModel(entry.getChangedBy());
user = user == null ? UserModel.ANONYMOUS : user;
-
+
Label icon = FilestoreUI.getStatusIcon("status", entry);
item.add(icon);
item.add(new Label("on", dateFormater.format(entry.getChangedOn())));
item.add(new Label("by", user.getDisplayName()));
-
+
item.add(new Label("oid", entry.oid));
- item.add(new Label("size", FileUtils.byteCountToDisplaySize(entry.getSize())));
-
+ item.add(new Label("size", FileUtils.byteCountToDisplaySize(entry.getSize())));
+
WicketUtils.setAlternatingBackground(item, counter);
counter++;
}
};
-
+
add(filesView);
}
}
diff --git a/src/main/java/com/gitblit/wicket/pages/RootPage.java b/src/main/java/com/gitblit/wicket/pages/RootPage.java
index b48f722..6ed5a35 100644
--- a/src/main/java/com/gitblit/wicket/pages/RootPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/RootPage.java
@@ -185,6 +185,11 @@
// navigation links
List<NavLink> navLinks = new ArrayList<NavLink>();
if (!authenticateView || (authenticateView && isLoggedIn)) {
+ UserModel user = UserModel.ANONYMOUS;
+ if (isLoggedIn) {
+ user = GitBlitWebSession.get().getUser();
+ }
+
navLinks.add(new PageNavLink(isLoggedIn ? "gb.myDashboard" : "gb.dashboard", MyDashboardPage.class,
getRootPageParameters()));
if (isLoggedIn && app().tickets().isReady()) {
@@ -192,7 +197,9 @@
}
navLinks.add(new PageNavLink("gb.repositories", RepositoriesPage.class,
getRootPageParameters()));
- navLinks.add(new PageNavLink("gb.filestore", FilestorePage.class, getRootPageParameters()));
+ if (user.canAdmin()) {
+ navLinks.add(new PageNavLink("gb.filestore", FilestorePage.class, getRootPageParameters()));
+ }
navLinks.add(new PageNavLink("gb.activity", ActivityPage.class, getRootPageParameters()));
if (allowLucene) {
navLinks.add(new PageNavLink("gb.search", LuceneSearchPage.class));
@@ -200,11 +207,6 @@
if (!authenticateView || (authenticateView && isLoggedIn)) {
addDropDownMenus(navLinks);
- }
-
- UserModel user = UserModel.ANONYMOUS;
- if (isLoggedIn) {
- user = GitBlitWebSession.get().getUser();
}
// add nav link extensions
@@ -568,7 +570,7 @@
char[] password = RootPage.this.password.getObject().toCharArray();
HttpServletRequest request = ((WebRequest)RequestCycle.get().getRequest()).getHttpServletRequest();
-
+
UserModel user = app().authentication().authenticate(username, password, request.getRemoteAddr());
if (user == null) {
error(getString("gb.invalidUsernameOrPassword"));
--
Gitblit v1.9.1