From 06ae63123c94038b90153f4847de2c57c0193db8 Mon Sep 17 00:00:00 2001
From: Rafael Cavazin <rafaelcavazin@gmail.com>
Date: Sun, 27 Jan 2013 09:46:50 -0500
Subject: [PATCH] updating current development
---
src/com/gitblit/models/UserModel.java | 75 ++++++++++++++++++++++++++++---------
1 files changed, 57 insertions(+), 18 deletions(-)
diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java
index e81d7ca..bec011d 100644
--- a/src/com/gitblit/models/UserModel.java
+++ b/src/com/gitblit/models/UserModel.java
@@ -21,6 +21,7 @@
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -28,6 +29,7 @@
import com.gitblit.Constants.AccessPermission;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AccountType;
import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.PermissionType;
import com.gitblit.Constants.RegistrantType;
@@ -55,6 +57,11 @@
public String cookie;
public String displayName;
public String emailAddress;
+ public String organizationalUnit;
+ public String organization;
+ public String locality;
+ public String stateProvince;
+ public String countryCode;
public boolean canAdmin;
public boolean canFork;
public boolean canCreate;
@@ -67,15 +74,22 @@
// non-persisted fields
public boolean isAuthenticated;
+ public AccountType accountType;
public UserModel(String username) {
this.username = username;
this.isAuthenticated = true;
+ this.accountType = AccountType.LOCAL;
}
private UserModel() {
this.username = "$anonymous";
this.isAuthenticated = false;
+ this.accountType = AccountType.LOCAL;
+ }
+
+ public boolean isLocalAccount() {
+ return accountType.isLocal();
}
/**
@@ -94,8 +108,7 @@
@Deprecated
@Unused
public boolean canAccessRepository(RepositoryModel repository) {
- boolean isOwner = !StringUtils.isEmpty(repository.owner)
- && repository.owner.equals(username);
+ boolean isOwner = repository.isOwner(username);
boolean allowAuthenticated = isAuthenticated && AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl);
return canAdmin() || isOwner || repositories.contains(repository.name.toLowerCase())
|| hasTeamAccess(repository.name) || allowAuthenticated;
@@ -138,30 +151,42 @@
*/
public List<RegistrantAccessPermission> getRepositoryPermissions() {
List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
+ if (canAdmin()) {
+ // user has REWIND access to all repositories
+ return list;
+ }
for (Map.Entry<String, AccessPermission> entry : permissions.entrySet()) {
String registrant = entry.getKey();
+ AccessPermission ap = entry.getValue();
String source = null;
- boolean editable = true;
+ boolean mutable = true;
PermissionType pType = PermissionType.EXPLICIT;
- if (canAdmin()) {
- pType = PermissionType.ADMINISTRATOR;
- editable = false;
- } else if (isMyPersonalRepository(registrant)) {
+ if (isMyPersonalRepository(registrant)) {
pType = PermissionType.OWNER;
- editable = false;
+ ap = AccessPermission.REWIND;
+ mutable = false;
} else if (StringUtils.findInvalidCharacter(registrant) != null) {
// a regex will have at least 1 invalid character
pType = PermissionType.REGEX;
source = registrant;
}
- if (AccessPermission.MISSING.equals(entry.getValue())) {
- // repository can not be found, permission is not editable
- editable = false;
- }
- list.add(new RegistrantAccessPermission(registrant, entry.getValue(), pType, RegistrantType.REPOSITORY, source, editable));
+ list.add(new RegistrantAccessPermission(registrant, ap, pType, RegistrantType.REPOSITORY, source, mutable));
}
Collections.sort(list);
- return list;
+
+ // include immutable team permissions, being careful to preserve order
+ Set<RegistrantAccessPermission> set = new LinkedHashSet<RegistrantAccessPermission>(list);
+ for (TeamModel team : teams) {
+ for (RegistrantAccessPermission teamPermission : team.getRepositoryPermissions()) {
+ // we can not change an inherited team permission, though we can override
+ teamPermission.registrantType = RegistrantType.REPOSITORY;
+ teamPermission.permissionType = PermissionType.TEAM;
+ teamPermission.source = team.name;
+ teamPermission.mutable = false;
+ set.add(teamPermission);
+ }
+ }
+ return new ArrayList<RegistrantAccessPermission>(set);
}
/**
@@ -252,7 +277,14 @@
ap.registrant = username;
ap.registrantType = RegistrantType.USER;
ap.permission = AccessPermission.NONE;
- ap.isEditable = false;
+ ap.mutable = false;
+
+ if (AccessRestrictionType.NONE.equals(repository.accessRestriction)) {
+ // anonymous rewind
+ ap.permissionType = PermissionType.ADMINISTRATOR;
+ ap.permission = AccessPermission.REWIND;
+ return ap;
+ }
// administrator
if (canAdmin()) {
@@ -278,7 +310,7 @@
}
if (AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl) && isAuthenticated) {
- // AUTHENTICATED is a shortcut for authorizing all logged-in users RW access
+ // AUTHENTICATED is a shortcut for authorizing all logged-in users RW+ access
ap.permission = AccessPermission.REWIND;
return ap;
}
@@ -291,7 +323,7 @@
if (p != null) {
ap.permissionType = PermissionType.EXPLICIT;
ap.permission = p;
- ap.isEditable = true;
+ ap.mutable = true;
return ap;
}
} else {
@@ -334,6 +366,12 @@
public boolean canView(RepositoryModel repository) {
return canAccess(repository, AccessRestrictionType.VIEW, AccessPermission.VIEW);
+ }
+
+ public boolean canView(RepositoryModel repository, String ref) {
+ // Default UserModel doesn't implement ref-level security.
+ // Other Realms (i.e. Gerrit) may override this method.
+ return canView(repository);
}
public boolean canClone(RepositoryModel repository) {
@@ -562,9 +600,10 @@
return nameVerified && emailVerified;
}
+ @Deprecated
public boolean hasBranchPermission(String repositoryName, String branch) {
// Default UserModel doesn't implement branch-level security. Other Realms (i.e. Gerrit) may override this method.
- return hasRepositoryPermission(repositoryName);
+ return hasRepositoryPermission(repositoryName) || hasTeamRepositoryPermission(repositoryName);
}
public boolean isMyPersonalRepository(String repository) {
--
Gitblit v1.9.1