From 0e44acbb2fec928a1606dc60f427a148fff405c9 Mon Sep 17 00:00:00 2001
From: Mohamed Ragab <moragab@gmail.com>
Date: Wed, 02 May 2012 11:15:01 -0400
Subject: [PATCH] Added a script to facilitate setting the proxy host and port and no proxy hosts, and then it concatenates all the java system properties for setting the java proxy configurations and puts the resulting string in an environment variable JAVA_PROXY_CONFIG, modified the scirpts gitblit,  gitblit-ubuntu, and gitblit-centos to source the java-proxy-config.sh script and then include the resulting java proxy configuration in the java command

---
 src/com/gitblit/GitFilter.java |   75 +++++++++++++++++++++++++++++++++----
 1 files changed, 67 insertions(+), 8 deletions(-)

diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java
index b310442..e76fd76 100644
--- a/src/com/gitblit/GitFilter.java
+++ b/src/com/gitblit/GitFilter.java
@@ -22,6 +22,14 @@
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.StringUtils;
 
+/**
+ * The GitFilter is an AccessRestrictionFilter which ensures that Git client
+ * requests for push, clone, or view restricted repositories are authenticated
+ * and authorized.
+ * 
+ * @author James Moger
+ * 
+ */
 public class GitFilter extends AccessRestrictionFilter {
 
 	protected final String gitReceivePack = "/git-receive-pack";
@@ -31,9 +39,16 @@
 	protected final String[] suffixes = { gitReceivePack, gitUploadPack, "/info/refs", "/HEAD",
 			"/objects" };
 
+	/**
+	 * Extract the repository name from the url.
+	 * 
+	 * @param url
+	 * @return repository name
+	 */
 	@Override
 	protected String extractRepositoryName(String url) {
 		String repository = url;
+		// get the repository name from the url by finding a known url suffix
 		for (String urlSuffix : suffixes) {
 			if (repository.indexOf(urlSuffix) > -1) {
 				repository = repository.substring(0, repository.indexOf(urlSuffix));
@@ -42,8 +57,15 @@
 		return repository;
 	}
 
+	/**
+	 * Analyze the url and returns the action of the request. Return values are
+	 * either "/git-receive-pack" or "/git-upload-pack".
+	 * 
+	 * @param serverUrl
+	 * @return action of the request
+	 */
 	@Override
-	protected String getUrlRequestType(String suffix) {
+	protected String getUrlRequestAction(String suffix) {
 		if (!StringUtils.isEmpty(suffix)) {
 			if (suffix.startsWith(gitReceivePack)) {
 				return gitReceivePack;
@@ -53,27 +75,64 @@
 				return gitReceivePack;
 			} else if (suffix.contains("?service=git-upload-pack")) {
 				return gitUploadPack;
+			} else {
+				return gitUploadPack;
 			}
 		}
 		return null;
 	}
+	
+	/**
+	 * Determine if the repository can receive pushes.
+	 * 
+	 * @param repository
+	 * @param action
+	 * @return true if the action may be performed
+	 */
+	@Override
+	protected boolean isActionAllowed(RepositoryModel repository, String action) {
+		if (action.equals(gitReceivePack)) {
+			// Push request
+			if (!repository.isBare) {
+				logger.warn("Gitblit does not allow pushes to repositories with a working copy");
+				return false;
+			}
+		}
+		return true;
+	}
 
+	/**
+	 * Determine if the repository requires authentication.
+	 * 
+	 * @param repository
+	 * @return true if authentication required
+	 */
 	@Override
 	protected boolean requiresAuthentication(RepositoryModel repository) {
 		return repository.accessRestriction.atLeast(AccessRestrictionType.PUSH);
 	}
 
+	/**
+	 * Determine if the user can access the repository and perform the specified
+	 * action.
+	 * 
+	 * @param repository
+	 * @param user
+	 * @param action
+	 * @return true if user may execute the action on the repository
+	 */
 	@Override
-	protected boolean canAccess(RepositoryModel repository, UserModel user, String urlRequestType) {
+	protected boolean canAccess(RepositoryModel repository, UserModel user, String action) {
 		if (!GitBlit.getBoolean(Keys.git.enableGitServlet, true)) {
 			// Git Servlet disabled
 			return false;
-		}
-		if (repository.isFrozen || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
-			boolean authorizedUser = user.canAccessRepository(repository.name);
-			if (urlRequestType.equals(gitReceivePack)) {
+		}		
+		boolean readOnly = repository.isFrozen;	
+		if (readOnly || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
+			boolean authorizedUser = user.canAccessRepository(repository);
+			if (action.equals(gitReceivePack)) {
 				// Push request
-				if (!repository.isFrozen && authorizedUser) {
+				if (!readOnly && authorizedUser) {
 					// clone-restricted or push-authorized
 					return true;
 				} else {
@@ -82,7 +141,7 @@
 							user.username, repository));
 					return false;
 				}
-			} else if (urlRequestType.equals(gitUploadPack)) {
+			} else if (action.equals(gitUploadPack)) {
 				// Clone request
 				boolean cloneRestricted = repository.accessRestriction
 						.atLeast(AccessRestrictionType.CLONE);

--
Gitblit v1.9.1