From c32e24b337227fd357068489310e243e68807ed1 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 01 May 2014 13:57:55 -0400
Subject: [PATCH] Merged #52 "Fix inconsistency with owner permissions check"

---
 src/main/java/com/gitblit/models/UserModel.java       |    6 +++---
 src/main/java/com/gitblit/models/RepositoryModel.java |    4 ++--
 src/test/java/com/gitblit/tests/PermissionsTest.java  |   42 ++++++++++++++++++++++++++++++++++++++++--
 3 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/src/main/java/com/gitblit/models/RepositoryModel.java b/src/main/java/com/gitblit/models/RepositoryModel.java
index f84e96b..a81c622 100644
--- a/src/main/java/com/gitblit/models/RepositoryModel.java
+++ b/src/main/java/com/gitblit/models/RepositoryModel.java
@@ -182,9 +182,9 @@
 
 	public boolean isOwner(String username) {
 		if (StringUtils.isEmpty(username) || ArrayUtils.isEmpty(owners)) {
-			return false;
+			return isUsersPersonalRepository(username);
 		}
-		return owners.contains(username.toLowerCase());
+		return owners.contains(username.toLowerCase()) || isUsersPersonalRepository(username);
 	}
 
 	public boolean isPersonalRepository() {
diff --git a/src/main/java/com/gitblit/models/UserModel.java b/src/main/java/com/gitblit/models/UserModel.java
index 64bca82..e152274 100644
--- a/src/main/java/com/gitblit/models/UserModel.java
+++ b/src/main/java/com/gitblit/models/UserModel.java
@@ -552,15 +552,15 @@
 		}
 		return false;
 	}
-	
+
 	/**
 	 * Returns true if the user is allowed to administer the specified repository
-	 * 
+	 *
 	 * @param repo
 	 * @return true if the user can administer the repository
 	 */
 	public boolean canAdmin(RepositoryModel repo) {
-		return canAdmin() || isMyPersonalRepository(repo.name);
+		return canAdmin() || repo.isOwner(username) || isMyPersonalRepository(repo.name);
 	}
 
 	public boolean isAuthenticated() {
diff --git a/src/test/java/com/gitblit/tests/PermissionsTest.java b/src/test/java/com/gitblit/tests/PermissionsTest.java
index cffce51..46695e9 100644
--- a/src/test/java/com/gitblit/tests/PermissionsTest.java
+++ b/src/test/java/com/gitblit/tests/PermissionsTest.java
@@ -2508,7 +2508,7 @@
 
 	@Test
 	public void testOwner() throws Exception {
-		RepositoryModel repository = new RepositoryModel("myrepo.git", null, null, new Date());
+		RepositoryModel repository = new RepositoryModel("~jj/myrepo.git", null, null, new Date());
 		repository.authorizationControl = AuthorizationControl.NAMED;
 		repository.accessRestriction = AccessRestrictionType.VIEW;
 
@@ -2530,11 +2530,30 @@
 
 		assertFalse("owner CAN NOT delete!", user.canDelete(repository));
 		assertTrue("owner CAN NOT edit!", user.canEdit(repository));
+
+		// test personal repo owner
+		UserModel jj = new UserModel("jj");
+		assertFalse("jj SHOULD NOT HAVE a repository permission!", jj.hasRepositoryPermission(repository.name));
+		assertTrue("jj CAN NOT view!", jj.canView(repository));
+		assertTrue("jj CAN NOT clone!", jj.canClone(repository));
+		assertTrue("jj CAN NOT push!", jj.canPush(repository));
+
+		assertTrue("jj CAN NOT create ref!", jj.canCreateRef(repository));
+		assertTrue("jj CAN NOT delete ref!", jj.canDeleteRef(repository));
+		assertTrue("jj CAN NOT rewind ref!", jj.canRewindRef(repository));
+
+		assertEquals("jj has wrong permission!", AccessPermission.REWIND, jj.getRepositoryPermission(repository).permission);
+
+		assertFalse("jj CAN fork!", jj.canFork(repository));
+
+		assertTrue("jj CAN NOT delete!", jj.canDelete(repository));
+		assertTrue("jj CAN NOT edit!", jj.canEdit(repository));
+		assertTrue(repository.isOwner(jj.username));
 	}
 
 	@Test
 	public void testMultipleOwners() throws Exception {
-		RepositoryModel repository = new RepositoryModel("myrepo.git", null, null, new Date());
+		RepositoryModel repository = new RepositoryModel("~jj/myrepo.git", null, null, new Date());
 		repository.authorizationControl = AuthorizationControl.NAMED;
 		repository.accessRestriction = AccessRestrictionType.VIEW;
 
@@ -2579,6 +2598,25 @@
 
 		assertTrue(repository.isOwner(user.username));
 		assertTrue(repository.isOwner(user2.username));
+
+		// test personal repo owner
+		UserModel jj = new UserModel("jj");
+		assertFalse("jj SHOULD NOT HAVE a repository permission!", jj.hasRepositoryPermission(repository.name));
+		assertTrue("jj CAN NOT view!", jj.canView(repository));
+		assertTrue("jj CAN NOT clone!", jj.canClone(repository));
+		assertTrue("jj CAN NOT push!", jj.canPush(repository));
+
+		assertTrue("jj CAN NOT create ref!", jj.canCreateRef(repository));
+		assertTrue("jj CAN NOT delete ref!", jj.canDeleteRef(repository));
+		assertTrue("jj CAN NOT rewind ref!", jj.canRewindRef(repository));
+
+		assertEquals("jj has wrong permission!", AccessPermission.REWIND, jj.getRepositoryPermission(repository).permission);
+
+		assertFalse("jj CAN fork!", jj.canFork(repository));
+
+		assertTrue("jj CAN NOT delete!", jj.canDelete(repository));
+		assertTrue("jj CAN NOT edit!", jj.canEdit(repository));
+		assertTrue(repository.isOwner(jj.username));
 	}
 
 	@Test

--
Gitblit v1.9.1