Gitblit devel
blame | history | patch | commit | commitdiff | ignore whitespace
James Moger
2011-06-01 a3bde69e9b3f3cc6212b0cd5fd7310b6a3301d8c 
 src/com/gitblit/GitBlitServlet.java


@@ -1,3 +1,18 @@


/*



 * Copyright 2011 gitblit.com.



 *



 * Licensed under the Apache License, Version 2.0 (the "License");



 * you may not use this file except in compliance with the License.



 * You may obtain a copy of the License at



 *



 *     http://www.apache.org/licenses/LICENSE-2.0



 *



 * Unless required by applicable law or agreed to in writing, software



 * distributed under the License is distributed on an "AS IS" BASIS,



 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.



 * See the License for the specific language governing permissions and



 * limitations under the License.



 */



package com.gitblit;







import java.io.IOException;



@@ -12,20 +27,21 @@


import org.slf4j.LoggerFactory;







import com.gitblit.Constants.AccessRestrictionType;



import com.gitblit.wicket.models.RepositoryModel;



import com.gitblit.models.RepositoryModel;







public class GitBlitServlet extends GitServlet {







   private static final long serialVersionUID = 1L;







   private final Logger logger = LoggerFactory.getLogger(GitBlitServlet.class);



   private transient Logger logger = LoggerFactory.getLogger(GitBlitServlet.class);







   public GitBlitServlet() {



      super();



   }







   @Override



   protected void service(final HttpServletRequest req, final HttpServletResponse rsp) throws ServletException, IOException {



   protected void service(final HttpServletRequest req, final HttpServletResponse rsp)



         throws ServletException, IOException {



      // admins have full git access to all repositories



      if (req.isUserInRole(Constants.ADMIN_ROLE)) {



         // admins can do whatever



@@ -40,36 +56,45 @@


      }



      int forwardSlash = url.indexOf('/');



      if (forwardSlash > -1) {



         String repository = url.substring(0, forwardSlash);



         String repository = url.substring(0, forwardSlash).toLowerCase();



         String function = url.substring(forwardSlash + 1);



         String query = req.getQueryString();



         String query = req.getQueryString() == null ? "" : req.getQueryString();



         RepositoryModel model = GitBlit.self().getRepositoryModel(repository);



         if (model != null) {



            if (model.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {



            if (model.isFrozen || model.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {



               boolean authorizedUser = req.isUserInRole(repository);



               if (function.startsWith("git-receive-pack") || (query.indexOf("service=git-receive-pack") > -1)) {



               if (function.startsWith("git-receive-pack")



                     || (query.indexOf("service=git-receive-pack") > -1)) {



                  // Push request



                  if (authorizedUser) {



                  if (!model.isFrozen && authorizedUser) {



                     // clone-restricted or push-authorized



                     super.service(req, rsp);



                     return;



                  } else {



                     // user is unauthorized to push to this repository



                     logger.warn(MessageFormat.format("user {0} is not authorized to push to {1} ", req.getUserPrincipal().getName(), repository));



                     rsp.sendError(HttpServletResponse.SC_FORBIDDEN, MessageFormat.format("you are not authorized to push to {0} ", repository));



                     logger.warn(MessageFormat.format(



                           "user {0} is not authorized to push to {1}", req



                                 .getUserPrincipal().getName(), repository));



                     rsp.sendError(HttpServletResponse.SC_FORBIDDEN, MessageFormat.format(



                           "you are not authorized to push to {0}", repository));



                     return;



                  }



               } else if (function.startsWith("git-upload-pack") || (query.indexOf("service=git-upload-pack") > -1)) {



               } else if (function.startsWith("git-upload-pack")



                     || (query.indexOf("service=git-upload-pack") > -1)) {



                  // Clone request



                  boolean cloneRestricted = model.accessRestriction.atLeast(AccessRestrictionType.CLONE);



                  boolean cloneRestricted = model.accessRestriction



                        .atLeast(AccessRestrictionType.CLONE);



                  if (!cloneRestricted || (cloneRestricted && authorizedUser)) {



                     // push-restricted or clone-authorized



                     super.service(req, rsp);



                     return;



                  } else {



                     // user is unauthorized to clone this repository



                     logger.warn(MessageFormat.format("user {0} is not authorized to clone {1} ", req.getUserPrincipal().getName(), repository));



                     rsp.sendError(HttpServletResponse.SC_FORBIDDEN, MessageFormat.format("you are not authorized to clone {0} ", repository));



                     logger.warn(MessageFormat.format(



                           "user {0} is not authorized to clone {1}", req



                                 .getUserPrincipal().getName(), repository));



                     rsp.sendError(HttpServletResponse.SC_FORBIDDEN, MessageFormat.format(



                           "you are not authorized to clone {0}", repository));



                     return;



                  }



               }