From 6069be20b5ebb786a1b890fa9c91350ffd355b0f Mon Sep 17 00:00:00 2001 From: James Moger <james.moger@gitblit.com> Date: Wed, 18 Nov 2015 09:15:50 -0500 Subject: [PATCH] Require admin permissions to view the filestore page --- src/main/java/com/gitblit/wicket/pages/RootPage.java | 16 +++++++++------- 1 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/gitblit/wicket/pages/RootPage.java b/src/main/java/com/gitblit/wicket/pages/RootPage.java index b48f722..6ed5a35 100644 --- a/src/main/java/com/gitblit/wicket/pages/RootPage.java +++ b/src/main/java/com/gitblit/wicket/pages/RootPage.java @@ -185,6 +185,11 @@ // navigation links List<NavLink> navLinks = new ArrayList<NavLink>(); if (!authenticateView || (authenticateView && isLoggedIn)) { + UserModel user = UserModel.ANONYMOUS; + if (isLoggedIn) { + user = GitBlitWebSession.get().getUser(); + } + navLinks.add(new PageNavLink(isLoggedIn ? "gb.myDashboard" : "gb.dashboard", MyDashboardPage.class, getRootPageParameters())); if (isLoggedIn && app().tickets().isReady()) { @@ -192,7 +197,9 @@ } navLinks.add(new PageNavLink("gb.repositories", RepositoriesPage.class, getRootPageParameters())); - navLinks.add(new PageNavLink("gb.filestore", FilestorePage.class, getRootPageParameters())); + if (user.canAdmin()) { + navLinks.add(new PageNavLink("gb.filestore", FilestorePage.class, getRootPageParameters())); + } navLinks.add(new PageNavLink("gb.activity", ActivityPage.class, getRootPageParameters())); if (allowLucene) { navLinks.add(new PageNavLink("gb.search", LuceneSearchPage.class)); @@ -200,11 +207,6 @@ if (!authenticateView || (authenticateView && isLoggedIn)) { addDropDownMenus(navLinks); - } - - UserModel user = UserModel.ANONYMOUS; - if (isLoggedIn) { - user = GitBlitWebSession.get().getUser(); } // add nav link extensions @@ -568,7 +570,7 @@ char[] password = RootPage.this.password.getObject().toCharArray(); HttpServletRequest request = ((WebRequest)RequestCycle.get().getRequest()).getHttpServletRequest(); - + UserModel user = app().authentication().authenticate(username, password, request.getRemoteAddr()); if (user == null) { error(getString("gb.invalidUsernameOrPassword")); -- Gitblit v1.9.1