From 072bbe1b223c6f6c7a80ee86e00a41e15913b4ee Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 20 Jul 2011 15:50:54 -0400
Subject: [PATCH] Updated to Jetty 7.4.4
---
src/com/gitblit/wicket/pages/EditRepositoryPage.java | 127 +++++++++++++++++++++++++++++++++++++-----
1 files changed, 112 insertions(+), 15 deletions(-)
diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index 8820290..af9358e 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -1,9 +1,24 @@
+/*
+ * Copyright 2011 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package com.gitblit.wicket.pages;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Date;
+import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -23,22 +38,24 @@
import com.gitblit.Constants.AccessRestrictionType;
import com.gitblit.GitBlit;
import com.gitblit.GitBlitException;
+import com.gitblit.Keys;
+import com.gitblit.models.RepositoryModel;
+import com.gitblit.models.UserModel;
import com.gitblit.utils.StringUtils;
-import com.gitblit.wicket.AdminPage;
-import com.gitblit.wicket.BasePage;
+import com.gitblit.wicket.GitBlitWebSession;
import com.gitblit.wicket.WicketUtils;
-import com.gitblit.wicket.models.RepositoryModel;
-@AdminPage
public class EditRepositoryPage extends BasePage {
private final boolean isCreate;
+
+ private boolean isAdmin;
public EditRepositoryPage() {
// create constructor
super();
isCreate = true;
- setupPage(new RepositoryModel("", "", "", new Date()));
+ setupPage(new RepositoryModel());
}
public EditRepositoryPage(PageParameters params) {
@@ -51,6 +68,9 @@
}
protected void setupPage(final RepositoryModel repositoryModel) {
+ // ensure this user can create or edit this repository
+ checkPermissions(repositoryModel);
+
List<String> repositoryUsers = new ArrayList<String>();
if (isCreate) {
super.setupPage("", getString("gb.newRepository"));
@@ -58,11 +78,16 @@
super.setupPage("", getString("gb.edit"));
if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
repositoryUsers.addAll(GitBlit.self().getRepositoryUsers(repositoryModel));
+ Collections.sort(repositoryUsers);
}
}
- final Palette<String> usersPalette = new Palette<String>("users", new ListModel<String>(repositoryUsers), new CollectionModel<String>(GitBlit.self().getAllUsernames()), new ChoiceRenderer<String>("", ""), 10, false);
- CompoundPropertyModel<RepositoryModel> model = new CompoundPropertyModel<RepositoryModel>(repositoryModel);
+ final String oldName = repositoryModel.name;
+ final Palette<String> usersPalette = new Palette<String>("users", new ListModel<String>(
+ repositoryUsers), new CollectionModel<String>(GitBlit.self().getAllUsernames()),
+ new ChoiceRenderer<String>("", ""), 10, false);
+ CompoundPropertyModel<RepositoryModel> model = new CompoundPropertyModel<RepositoryModel>(
+ repositoryModel);
Form<RepositoryModel> form = new Form<RepositoryModel>("editForm", model) {
private static final long serialVersionUID = 1L;
@@ -78,6 +103,22 @@
// automatically convert backslashes to forward slashes
repositoryModel.name = repositoryModel.name.replace('\\', '/');
+ // Automatically replace // with /
+ repositoryModel.name = repositoryModel.name.replace("//", "/");
+
+ // prohibit folder paths
+ if (repositoryModel.name.startsWith("/")) {
+ error("Leading root folder references (/) are prohibited.");
+ return;
+ }
+ if (repositoryModel.name.startsWith("../")) {
+ error("Relative folder references (../) are prohibited.");
+ return;
+ }
+ if (repositoryModel.name.contains("/../")) {
+ error("Relative folder references (../) are prohibited.");
+ return;
+ }
// confirm valid characters in repository name
char[] validChars = { '/', '.', '_', '-' };
@@ -88,7 +129,8 @@
ok |= c == vc;
}
if (!ok) {
- error(MessageFormat.format("Illegal character '{0}' in repository name!", c));
+ error(MessageFormat.format(
+ "Illegal character ''{0}'' in repository name!", c));
return;
}
}
@@ -99,16 +141,21 @@
error("Please select access restriction!");
return;
}
-
+
// save the repository
- GitBlit.self().editRepositoryModel(repositoryModel, isCreate);
-
+ GitBlit.self().updateRepositoryModel(oldName, repositoryModel, isCreate);
+
// save the repository access list
if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
Iterator<String> users = usersPalette.getSelectedChoices();
List<String> repositoryUsers = new ArrayList<String>();
while (users.hasNext()) {
repositoryUsers.add(users.next());
+ }
+ // ensure the owner is added to the user list
+ if (repositoryModel.owner != null
+ && !repositoryUsers.contains(repositoryModel.owner)) {
+ repositoryUsers.add(repositoryModel.owner);
}
GitBlit.self().setRepositoryUsers(repositoryModel, repositoryUsers);
}
@@ -122,18 +169,68 @@
};
// field names reflective match RepositoryModel fields
- form.add(new TextField<String>("name").setEnabled(isCreate));
+ form.add(new TextField<String>("name").setEnabled(isCreate || isAdmin));
form.add(new TextField<String>("description"));
- form.add(new TextField<String>("owner"));
- form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays.asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));
+ form.add(new DropDownChoice<String>("owner", GitBlit.self().getAllUsernames())
+ .setEnabled(GitBlitWebSession.get().canAdmin()));
+ form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
+ .asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));
+ form.add(new CheckBox("isFrozen"));
form.add(new CheckBox("useTickets"));
form.add(new CheckBox("useDocs"));
form.add(new CheckBox("showRemoteBranches"));
+ form.add(new CheckBox("showReadme"));
form.add(usersPalette);
add(form);
}
+ /**
+ * Unfortunately must repeat part of AuthorizaitonStrategy here because that
+ * mechanism does not take PageParameters into consideration, only page
+ * instantiation.
+ *
+ * Repository Owners should be able to edit their repository.
+ */
+ private void checkPermissions(RepositoryModel model) {
+ boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);
+ boolean allowAdmin = GitBlit.getBoolean(Keys.web.allowAdministration, true);
+
+ GitBlitWebSession session = GitBlitWebSession.get();
+ UserModel user = session.getUser();
+
+ if (allowAdmin) {
+ if (authenticateAdmin) {
+ if (user == null) {
+ // No Login Available
+ error("Administration requires a login", true);
+ }
+ if (isCreate) {
+ // Create Repository
+ if (!user.canAdmin) {
+ // Only Administrators May Create
+ error("Only an administrator may create a repository", true);
+ }
+ } else {
+ // Edit Repository
+ if (user.canAdmin) {
+ // Admins can edit everything
+ isAdmin = true;
+ return;
+ } else {
+ if (!model.owner.equalsIgnoreCase(user.username)) {
+ // User is not an Admin nor Owner
+ error("Only an administrator or the owner may edit a repository", true);
+ }
+ }
+ }
+ }
+ } else {
+ // No Administration Permitted
+ error("Administration is disabled", true);
+ }
+ }
+
private class AccessRestrictionRenderer implements IChoiceRenderer<AccessRestrictionType> {
private static final long serialVersionUID = 1L;
--
Gitblit v1.9.1