From eba89539a29deba954035056437279088c3e047b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 22 Oct 2012 16:52:48 -0400
Subject: [PATCH] Tweak permissions panel layout a bit
---
src/com/gitblit/AccessRestrictionFilter.java | 56 +++++++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 47 insertions(+), 9 deletions(-)
diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java
index e9b6587..78d33d2 100644
--- a/src/com/gitblit/AccessRestrictionFilter.java
+++ b/src/com/gitblit/AccessRestrictionFilter.java
@@ -62,6 +62,13 @@
protected abstract String getUrlRequestAction(String url);
/**
+ * Determine if a non-existing repository can be created using this filter.
+ *
+ * @return true if the filter allows repository creation
+ */
+ protected abstract boolean isCreationAllowed();
+
+ /**
* Determine if the action may be executed on the repository.
*
* @param repository
@@ -74,9 +81,10 @@
* Determine if the repository requires authentication.
*
* @param repository
+ * @param action
* @return true if authentication required
*/
- protected abstract boolean requiresAuthentication(RepositoryModel repository);
+ protected abstract boolean requiresAuthentication(RepositoryModel repository, String action);
/**
* Determine if the user can access the repository and perform the specified
@@ -89,6 +97,18 @@
*/
protected abstract boolean canAccess(RepositoryModel repository, UserModel user, String action);
+ /**
+ * Allows a filter to create a repository, if one does not exist.
+ *
+ * @param user
+ * @param repository
+ * @param action
+ * @return the repository model, if it is created, null otherwise
+ */
+ protected RepositoryModel createRepository(UserModel user, String repository, String action) {
+ return null;
+ }
+
/**
* doFilter does the actual work of preprocessing the request to ensure that
* the user may proceed.
@@ -110,14 +130,33 @@
String fullSuffix = fullUrl.substring(repository.length());
String urlRequestType = getUrlRequestAction(fullSuffix);
+ UserModel user = getUser(httpRequest);
+
// Load the repository model
RepositoryModel model = GitBlit.self().getRepositoryModel(repository);
if (model == null) {
- // repository not found. send 404.
- logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl,
- HttpServletResponse.SC_NOT_FOUND));
- httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);
- return;
+ if (isCreationAllowed()) {
+ if (user == null) {
+ // challenge client to provide credentials for creation. send 401.
+ if (GitBlit.isDebugMode()) {
+ logger.info(MessageFormat.format("ARF: CREATE CHALLENGE {0}", fullUrl));
+ }
+ httpResponse.setHeader("WWW-Authenticate", CHALLENGE);
+ httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ return;
+ } else {
+ // see if we can create a repository for this request
+ model = createRepository(user, repository, urlRequestType);
+ }
+ }
+
+ if (model == null) {
+ // repository not found. send 404.
+ logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl,
+ HttpServletResponse.SC_NOT_FOUND));
+ httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);
+ return;
+ }
}
// Confirm that the action may be executed on the repository
@@ -138,13 +177,12 @@
// Gitblit must conditionally authenticate users per-repository so just
// enabling http.receivepack is insufficient.
AuthenticatedRequest authenticatedRequest = new AuthenticatedRequest(httpRequest);
- UserModel user = getUser(httpRequest);
if (user != null) {
authenticatedRequest.setUser(user);
}
// BASIC authentication challenge and response processing
- if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model)) {
+ if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model, urlRequestType)) {
if (user == null) {
// challenge client to provide credentials. send 401.
if (GitBlit.isDebugMode()) {
@@ -155,7 +193,7 @@
return;
} else {
// check user access for request
- if (user.canAdmin || canAccess(model, user, urlRequestType)) {
+ if (user.canAdmin() || canAccess(model, user, urlRequestType)) {
// authenticated request permitted.
// pass processing to the restricted servlet.
newSession(authenticatedRequest, httpResponse);
--
Gitblit v1.9.1