From 18edd81951a034a2bda9459ff1ef2dcd686eb39b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 29 Nov 2012 18:45:55 -0500
Subject: [PATCH] Hide some user links based on authentication type
---
src/com/gitblit/wicket/pages/EditRepositoryPage.java | 268 +++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 218 insertions(+), 50 deletions(-)
diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index 0176249..dead34a 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -27,6 +27,9 @@
import java.util.Set;
import org.apache.wicket.PageParameters;
+import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.ajax.form.AjaxFormChoiceComponentUpdatingBehavior;
+import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
import org.apache.wicket.behavior.SimpleAttributeModifier;
import org.apache.wicket.extensions.markup.html.form.palette.Palette;
import org.apache.wicket.markup.html.WebMarkupContainer;
@@ -36,6 +39,7 @@
import org.apache.wicket.markup.html.form.DropDownChoice;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.IChoiceRenderer;
+import org.apache.wicket.markup.html.form.RadioChoice;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.markup.html.list.ListItem;
import org.apache.wicket.markup.html.list.ListView;
@@ -47,10 +51,13 @@
import com.gitblit.Constants;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationStrategy;
+import com.gitblit.Constants.RegistrantType;
import com.gitblit.GitBlit;
import com.gitblit.GitBlitException;
import com.gitblit.Keys;
+import com.gitblit.models.RegistrantAccessPermission;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.UserModel;
import com.gitblit.utils.ArrayUtils;
@@ -59,12 +66,15 @@
import com.gitblit.wicket.StringChoiceRenderer;
import com.gitblit.wicket.WicketUtils;
import com.gitblit.wicket.panels.BulletListPanel;
+import com.gitblit.wicket.panels.RegistrantPermissionsPanel;
public class EditRepositoryPage extends RootSubPage {
private final boolean isCreate;
private boolean isAdmin;
+
+ RepositoryModel repositoryModel;
private IModel<String> mailingLists;
@@ -75,7 +85,24 @@
RepositoryModel model = new RepositoryModel();
String restriction = GitBlit.getString(Keys.git.defaultAccessRestriction, null);
model.accessRestriction = AccessRestrictionType.fromName(restriction);
+ String authorization = GitBlit.getString(Keys.git.defaultAuthorizationControl, null);
+ model.authorizationControl = AuthorizationControl.fromName(authorization);
+
+ GitBlitWebSession session = GitBlitWebSession.get();
+ UserModel user = session.getUser();
+ if (user != null && user.canCreate() && !user.canAdmin()) {
+ // personal create permissions, inject personal repository path
+ model.name = user.getPersonalPath() + "/";
+ model.projectPath = user.getPersonalPath();
+ model.owner = user.username;
+ // personal repositories are private by default
+ model.accessRestriction = AccessRestrictionType.VIEW;
+ model.authorizationControl = AuthorizationControl.NAMED;
+ }
+
setupPage(model);
+ setStatelessHint(false);
+ setOutputMarkupId(true);
}
public EditRepositoryPage(PageParameters params) {
@@ -85,28 +112,45 @@
String name = WicketUtils.getRepositoryName(params);
RepositoryModel model = GitBlit.self().getRepositoryModel(name);
setupPage(model);
+ setStatelessHint(false);
+ setOutputMarkupId(true);
+ }
+
+ @Override
+ protected boolean requiresPageMap() {
+ return true;
}
- protected void setupPage(final RepositoryModel repositoryModel) {
+ protected void setupPage(RepositoryModel model) {
+ this.repositoryModel = model;
+
// ensure this user can create or edit this repository
checkPermissions(repositoryModel);
List<String> indexedBranches = new ArrayList<String>();
List<String> federationSets = new ArrayList<String>();
- List<String> repositoryUsers = new ArrayList<String>();
- List<String> repositoryTeams = new ArrayList<String>();
+ final List<RegistrantAccessPermission> repositoryUsers = new ArrayList<RegistrantAccessPermission>();
+ final List<RegistrantAccessPermission> repositoryTeams = new ArrayList<RegistrantAccessPermission>();
List<String> preReceiveScripts = new ArrayList<String>();
List<String> postReceiveScripts = new ArrayList<String>();
+ GitBlitWebSession session = GitBlitWebSession.get();
+ final UserModel user = session.getUser() == null ? UserModel.ANONYMOUS : session.getUser();
+ final boolean allowEditName = isCreate || isAdmin || repositoryModel.isUsersPersonalRepository(user.username);
+
if (isCreate) {
- super.setupPage(getString("gb.newRepository"), "");
+ if (user.canAdmin()) {
+ super.setupPage(getString("gb.newRepository"), "");
+ } else {
+ super.setupPage(getString("gb.newRepository"), user.getDisplayName());
+ }
} else {
super.setupPage(getString("gb.edit"), repositoryModel.name);
- if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
- repositoryUsers.addAll(GitBlit.self().getRepositoryUsers(repositoryModel));
- repositoryTeams.addAll(GitBlit.self().getRepositoryTeams(repositoryModel));
- Collections.sort(repositoryUsers);
- }
+ repositoryUsers.addAll(GitBlit.self().getUserAccessPermissions(repositoryModel));
+ repositoryTeams.addAll(GitBlit.self().getTeamAccessPermissions(repositoryModel));
+ Collections.sort(repositoryUsers);
+ Collections.sort(repositoryTeams);
+
federationSets.addAll(repositoryModel.federationSets);
if (!ArrayUtils.isEmpty(repositoryModel.indexedBranches)) {
indexedBranches.addAll(repositoryModel.indexedBranches);
@@ -114,15 +158,11 @@
}
final String oldName = repositoryModel.name;
- // users palette
- final Palette<String> usersPalette = new Palette<String>("users", new ListModel<String>(
- repositoryUsers), new CollectionModel<String>(GitBlit.self().getAllUsernames()),
- new StringChoiceRenderer(), 10, false);
- // teams palette
- final Palette<String> teamsPalette = new Palette<String>("teams", new ListModel<String>(
- repositoryTeams), new CollectionModel<String>(GitBlit.self().getAllTeamnames()),
- new StringChoiceRenderer(), 8, false);
+ final RegistrantPermissionsPanel usersPalette = new RegistrantPermissionsPanel("users",
+ RegistrantType.USER, GitBlit.self().getAllUsernames(), repositoryUsers, getAccessPermissions());
+ final RegistrantPermissionsPanel teamsPalette = new RegistrantPermissionsPanel("teams",
+ RegistrantType.TEAM, GitBlit.self().getAllTeamnames(), repositoryTeams, getAccessPermissions());
// indexed local branches palette
List<String> allLocalBranches = new ArrayList<String>();
@@ -180,9 +220,9 @@
};
customFieldsListView.setReuseItems(true);
- CompoundPropertyModel<RepositoryModel> model = new CompoundPropertyModel<RepositoryModel>(
+ CompoundPropertyModel<RepositoryModel> rModel = new CompoundPropertyModel<RepositoryModel>(
repositoryModel);
- Form<RepositoryModel> form = new Form<RepositoryModel>("editForm", model) {
+ Form<RepositoryModel> form = new Form<RepositoryModel>("editForm", rModel) {
private static final long serialVersionUID = 1L;
@@ -190,11 +230,14 @@
protected void onSubmit() {
try {
// confirm a repository name was entered
- if (StringUtils.isEmpty(repositoryModel.name)) {
+ if (repositoryModel.name == null && StringUtils.isEmpty(repositoryModel.name)) {
error(getString("gb.pleaseSetRepositoryName"));
return;
}
-
+
+ // ensure name is trimmed
+ repositoryModel.name = repositoryModel.name.trim();
+
// automatically convert backslashes to forward slashes
repositoryModel.name = repositoryModel.name.replace('\\', '/');
// Automatically replace // with /
@@ -223,6 +266,22 @@
error(MessageFormat.format(getString("gb.illegalCharacterRepositoryName"),
c));
return;
+ }
+
+ if (user.canCreate() && !user.canAdmin() && allowEditName) {
+ // ensure repository name begins with the user's path
+ if (!repositoryModel.name.startsWith(user.getPersonalPath())) {
+ error(MessageFormat.format(getString("gb.illegalPersonalRepositoryLocation"),
+ user.getPersonalPath()));
+ return;
+ }
+
+ if (repositoryModel.name.equals(user.getPersonalPath())) {
+ // reset path prefix and show error
+ repositoryModel.name = user.getPersonalPath() + "/";
+ error(getString("gb.pleaseSetRepositoryName"));
+ return;
+ }
}
// confirm access restriction selection
@@ -298,28 +357,10 @@
// save the repository
GitBlit.self().updateRepositoryModel(oldName, repositoryModel, isCreate);
- // repository access
+ // repository access permissions
if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
- // save the user access list
- Iterator<String> users = usersPalette.getSelectedChoices();
- List<String> repositoryUsers = new ArrayList<String>();
- while (users.hasNext()) {
- repositoryUsers.add(users.next());
- }
- // ensure the owner is added to the user list
- if (repositoryModel.owner != null
- && !repositoryUsers.contains(repositoryModel.owner)) {
- repositoryUsers.add(repositoryModel.owner);
- }
- GitBlit.self().setRepositoryUsers(repositoryModel, repositoryUsers);
-
- // save the team access list
- Iterator<String> teams = teamsPalette.getSelectedChoices();
- List<String> repositoryTeams = new ArrayList<String>();
- while (teams.hasNext()) {
- repositoryTeams.add(teams.next());
- }
- GitBlit.self().setRepositoryTeams(repositoryModel, repositoryTeams);
+ GitBlit.self().setUserAccessPermissions(repositoryModel, repositoryUsers);
+ GitBlit.self().setTeamAccessPermissions(repositoryModel, repositoryTeams);
}
} catch (GitBlitException e) {
error(e.getMessage());
@@ -334,12 +375,14 @@
form.add(new SimpleAttributeModifier("autocomplete", "off"));
// field names reflective match RepositoryModel fields
- form.add(new TextField<String>("name").setEnabled(isCreate || isAdmin));
+ form.add(new TextField<String>("name").setEnabled(allowEditName));
form.add(new TextField<String>("description"));
form.add(new DropDownChoice<String>("owner", GitBlit.self().getAllUsernames())
- .setEnabled(GitBlitWebSession.get().canAdmin()));
- form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
- .asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));
+ .setEnabled(GitBlitWebSession.get().canAdmin() && !repositoryModel.isPersonalRepository()));
+ form.add(new CheckBox("allowForks"));
+ DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
+ .asList(AccessRestrictionType.values()), new AccessRestrictionRenderer());
+ form.add(accessRestriction);
form.add(new CheckBox("isFrozen"));
// TODO enable origin definition
form.add(new TextField<String>("origin").setEnabled(false/* isCreate */));
@@ -351,6 +394,11 @@
}
form.add(new DropDownChoice<String>("HEAD", availableRefs).setEnabled(availableRefs.size() > 0));
+ boolean gcEnabled = GitBlit.getBoolean(Keys.git.enableGarbageCollection, false);
+ List<Integer> gcPeriods = Arrays.asList(1, 2, 3, 4, 5, 7, 10, 14 );
+ form.add(new DropDownChoice<Integer>("gcPeriod", gcPeriods, new GCPeriodRenderer()).setEnabled(gcEnabled));
+ form.add(new TextField<String>("gcThreshold").setEnabled(gcEnabled));
+
// federation strategies - remove ORIGIN choice if this repository has
// no origin.
List<FederationStrategy> federationStrategies = new ArrayList<FederationStrategy>(
@@ -361,7 +409,7 @@
form.add(new DropDownChoice<FederationStrategy>("federationStrategy", federationStrategies,
new FederationTypeRenderer()));
form.add(new CheckBox("useTickets"));
- form.add(new CheckBox("useDocs"));
+ form.add(new CheckBox("useDocs"));
form.add(new CheckBox("showRemoteBranches"));
form.add(new CheckBox("showReadme"));
form.add(new CheckBox("skipSizeCalculation"));
@@ -370,6 +418,16 @@
: StringUtils.flattenStrings(repositoryModel.mailingLists, " "));
form.add(new TextField<String>("mailingLists", mailingLists));
form.add(indexedBranchesPalette);
+
+ List<AuthorizationControl> acList = Arrays.asList(AuthorizationControl.values());
+ final RadioChoice<AuthorizationControl> authorizationControl = new RadioChoice<Constants.AuthorizationControl>(
+ "authorizationControl", acList, new AuthorizationControlRenderer());
+ form.add(authorizationControl);
+
+ final CheckBox verifyCommitter = new CheckBox("verifyCommitter");
+ verifyCommitter.setOutputMarkupId(true);
+ form.add(verifyCommitter);
+
form.add(usersPalette);
form.add(teamsPalette);
form.add(federationSetsPalette);
@@ -383,7 +441,73 @@
WebMarkupContainer customFieldsSection = new WebMarkupContainer("customFieldsSection");
customFieldsSection.add(customFieldsListView);
form.add(customFieldsSection.setVisible(!GitBlit.getString(Keys.groovy.customFields, "").isEmpty()));
+
+ // initial enable/disable of permission controls
+ if (repositoryModel.accessRestriction.equals(AccessRestrictionType.NONE)) {
+ // anonymous everything, disable all controls
+ usersPalette.setEnabled(false);
+ teamsPalette.setEnabled(false);
+ authorizationControl.setEnabled(false);
+ verifyCommitter.setEnabled(false);
+ } else {
+ // authenticated something
+ // enable authorization controls
+ authorizationControl.setEnabled(true);
+ verifyCommitter.setEnabled(true);
+
+ boolean allowFineGrainedControls = repositoryModel.authorizationControl.equals(AuthorizationControl.NAMED);
+ usersPalette.setEnabled(allowFineGrainedControls);
+ teamsPalette.setEnabled(allowFineGrainedControls);
+ }
+
+ accessRestriction.add(new AjaxFormComponentUpdatingBehavior("onchange") {
+
+ private static final long serialVersionUID = 1L;
+ protected void onUpdate(AjaxRequestTarget target) {
+ // enable/disable permissions panel based on access restriction
+ boolean allowAuthorizationControl = repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE);
+ authorizationControl.setEnabled(allowAuthorizationControl);
+ verifyCommitter.setEnabled(allowAuthorizationControl);
+
+ boolean allowFineGrainedControls = allowAuthorizationControl && repositoryModel.authorizationControl.equals(AuthorizationControl.NAMED);
+ usersPalette.setEnabled(allowFineGrainedControls);
+ teamsPalette.setEnabled(allowFineGrainedControls);
+
+ if (allowFineGrainedControls) {
+ repositoryModel.authorizationControl = AuthorizationControl.NAMED;
+ }
+
+ target.addComponent(authorizationControl);
+ target.addComponent(verifyCommitter);
+ target.addComponent(usersPalette);
+ target.addComponent(teamsPalette);
+ }
+ });
+
+ authorizationControl.add(new AjaxFormChoiceComponentUpdatingBehavior() {
+
+ private static final long serialVersionUID = 1L;
+
+ protected void onUpdate(AjaxRequestTarget target) {
+ // enable/disable permissions panel based on access restriction
+ boolean allowAuthorizationControl = repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE);
+ authorizationControl.setEnabled(allowAuthorizationControl);
+
+ boolean allowFineGrainedControls = allowAuthorizationControl && repositoryModel.authorizationControl.equals(AuthorizationControl.NAMED);
+ usersPalette.setEnabled(allowFineGrainedControls);
+ teamsPalette.setEnabled(allowFineGrainedControls);
+
+ if (allowFineGrainedControls) {
+ repositoryModel.authorizationControl = AuthorizationControl.NAMED;
+ }
+
+ target.addComponent(authorizationControl);
+ target.addComponent(usersPalette);
+ target.addComponent(teamsPalette);
+ }
+ });
+
form.add(new Button("save"));
Button cancel = new Button("cancel") {
private static final long serialVersionUID = 1L;
@@ -421,13 +545,13 @@
}
if (isCreate) {
// Create Repository
- if (!user.canAdmin) {
- // Only Administrators May Create
+ if (!user.canCreate() && !user.canAdmin()) {
+ // Only administrators or permitted users may create
error(getString("gb.errorOnlyAdminMayCreateRepository"), true);
}
} else {
// Edit Repository
- if (user.canAdmin) {
+ if (user.canAdmin()) {
// Admins can edit everything
isAdmin = true;
return;
@@ -486,4 +610,48 @@
return Integer.toString(index);
}
}
+
+ private class AuthorizationControlRenderer implements IChoiceRenderer<AuthorizationControl> {
+
+ private static final long serialVersionUID = 1L;
+
+ private final Map<AuthorizationControl, String> map;
+
+ public AuthorizationControlRenderer() {
+ map = getAuthorizationControls();
+ }
+
+ @Override
+ public String getDisplayValue(AuthorizationControl type) {
+ return map.get(type);
+ }
+
+ @Override
+ public String getIdValue(AuthorizationControl type, int index) {
+ return Integer.toString(index);
+ }
+ }
+
+ private class GCPeriodRenderer implements IChoiceRenderer<Integer> {
+
+ private static final long serialVersionUID = 1L;
+
+ public GCPeriodRenderer() {
+ }
+
+ @Override
+ public String getDisplayValue(Integer value) {
+ if (value == 1) {
+ return getString("gb.duration.oneDay");
+ } else {
+ return MessageFormat.format(getString("gb.duration.days"), value);
+ }
+ }
+
+ @Override
+ public String getIdValue(Integer value, int index) {
+ return Integer.toString(index);
+ }
+ }
+
}
--
Gitblit v1.9.1