| | |
|---|
| | | import java.util.Collections;
|
|---|
| | | import java.util.HashSet;
|
|---|
| | | import java.util.LinkedHashMap;
|
|---|
| | | import java.util.LinkedHashSet;
|
|---|
| | | import java.util.List;
|
|---|
| | | import java.util.Map;
|
|---|
| | | import java.util.Set;
|
|---|
| | |
|---|
| | | public String cookie;
|
|---|
| | | public String displayName;
|
|---|
| | | public String emailAddress;
|
|---|
| | | public String organizationalUnit;
|
|---|
| | | public String organization;
|
|---|
| | | public String locality;
|
|---|
| | | public String stateProvince;
|
|---|
| | | public String countryCode;
|
|---|
| | | public boolean canAdmin;
|
|---|
| | | public boolean canFork;
|
|---|
| | | public boolean canCreate;
|
|---|
| | |
|---|
| | | */
|
|---|
| | | public List<RegistrantAccessPermission> getRepositoryPermissions() {
|
|---|
| | | List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
|
|---|
| | | if (canAdmin()) {
|
|---|
| | | // user has REWIND access to all repositories
|
|---|
| | | return list;
|
|---|
| | | }
|
|---|
| | | for (Map.Entry<String, AccessPermission> entry : permissions.entrySet()) {
|
|---|
| | | String registrant = entry.getKey();
|
|---|
| | | AccessPermission ap = entry.getValue();
|
|---|
| | | String source = null;
|
|---|
| | | boolean editable = true;
|
|---|
| | | boolean mutable = true;
|
|---|
| | | PermissionType pType = PermissionType.EXPLICIT;
|
|---|
| | | if (canAdmin()) {
|
|---|
| | | pType = PermissionType.ADMINISTRATOR;
|
|---|
| | | editable = false;
|
|---|
| | | } else if (isMyPersonalRepository(registrant)) {
|
|---|
| | | if (isMyPersonalRepository(registrant)) {
|
|---|
| | | pType = PermissionType.OWNER;
|
|---|
| | | editable = false;
|
|---|
| | | ap = AccessPermission.REWIND;
|
|---|
| | | mutable = false;
|
|---|
| | | } else if (StringUtils.findInvalidCharacter(registrant) != null) {
|
|---|
| | | // a regex will have at least 1 invalid character
|
|---|
| | | pType = PermissionType.REGEX;
|
|---|
| | | source = registrant;
|
|---|
| | | }
|
|---|
| | | if (AccessPermission.MISSING.equals(entry.getValue())) {
|
|---|
| | | // repository can not be found, permission is not editable
|
|---|
| | | editable = false;
|
|---|
| | | }
|
|---|
| | | list.add(new RegistrantAccessPermission(registrant, entry.getValue(), pType, RegistrantType.REPOSITORY, source, editable));
|
|---|
| | | list.add(new RegistrantAccessPermission(registrant, ap, pType, RegistrantType.REPOSITORY, source, mutable));
|
|---|
| | | }
|
|---|
| | | Collections.sort(list);
|
|---|
| | | return list;
|
|---|
| | | |
|---|
| | | // include immutable team permissions, being careful to preserve order
|
|---|
| | | Set<RegistrantAccessPermission> set = new LinkedHashSet<RegistrantAccessPermission>(list);
|
|---|
| | | for (TeamModel team : teams) {
|
|---|
| | | for (RegistrantAccessPermission teamPermission : team.getRepositoryPermissions()) {
|
|---|
| | | // we can not change an inherited team permission, though we can override
|
|---|
| | | teamPermission.registrantType = RegistrantType.REPOSITORY;
|
|---|
| | | teamPermission.permissionType = PermissionType.TEAM;
|
|---|
| | | teamPermission.source = team.name;
|
|---|
| | | teamPermission.mutable = false;
|
|---|
| | | set.add(teamPermission);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | return new ArrayList<RegistrantAccessPermission>(set);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | |
|---|
| | | ap.registrant = username;
|
|---|
| | | ap.registrantType = RegistrantType.USER;
|
|---|
| | | ap.permission = AccessPermission.NONE;
|
|---|
| | | ap.isEditable = false;
|
|---|
| | | ap.mutable = false;
|
|---|
| | |
|
|---|
| | | if (AccessRestrictionType.NONE.equals(repository.accessRestriction)) {
|
|---|
| | | // anonymous rewind
|
|---|
| | | ap.permissionType = PermissionType.ADMINISTRATOR;
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | return ap;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | // administrator
|
|---|
| | | if (canAdmin()) {
|
|---|
| | |
|---|
| | | }
|
|---|
| | |
|
|---|
| | | if (AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl) && isAuthenticated) {
|
|---|
| | | // AUTHENTICATED is a shortcut for authorizing all logged-in users RW access
|
|---|
| | | // AUTHENTICATED is a shortcut for authorizing all logged-in users RW+ access
|
|---|
| | | ap.permission = AccessPermission.REWIND;
|
|---|
| | | return ap;
|
|---|
| | | }
|
|---|
| | |
|---|
| | | if (p != null) {
|
|---|
| | | ap.permissionType = PermissionType.EXPLICIT;
|
|---|
| | | ap.permission = p;
|
|---|
| | | ap.isEditable = true;
|
|---|
| | | ap.mutable = true;
|
|---|
| | | return ap;
|
|---|
| | | }
|
|---|
| | | } else {
|
|---|
| | |
|---|
| | |
|
|---|
| | | public boolean hasBranchPermission(String repositoryName, String branch) {
|
|---|
| | | // Default UserModel doesn't implement branch-level security. Other Realms (i.e. Gerrit) may override this method.
|
|---|
| | | return hasRepositoryPermission(repositoryName);
|
|---|
| | | return hasRepositoryPermission(repositoryName) || hasTeamRepositoryPermission(repositoryName);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | public boolean isMyPersonalRepository(String repository) {
|
|---|
