From 20714aee0d2d2a989d93d6065e081aed8ac85fbf Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 10 Oct 2012 00:05:34 -0400
Subject: [PATCH] Finer-grained repository access permissions (issue 36)

---
 src/com/gitblit/GitFilter.java |   46 +++++++++++++++++++---------------------------
 1 files changed, 19 insertions(+), 27 deletions(-)

diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java
index 8ce4d3a..cfe4fe3 100644
--- a/src/com/gitblit/GitFilter.java
+++ b/src/com/gitblit/GitFilter.java
@@ -147,33 +147,25 @@
 			// Git Servlet disabled
 			return false;
 		}		
-		boolean readOnly = repository.isFrozen;	
-		if (readOnly || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
-			boolean authorizedUser = user.canAccessRepository(repository);
-			if (action.equals(gitReceivePack)) {
-				// Push request
-				if (!readOnly && authorizedUser) {
-					// clone-restricted or push-authorized
-					return true;
-				} else {
-					// user is unauthorized to push to this repository
-					logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",
-							user.username, repository));
-					return false;
-				}
-			} else if (action.equals(gitUploadPack)) {
-				// Clone request
-				boolean cloneRestricted = repository.accessRestriction
-						.atLeast(AccessRestrictionType.CLONE);
-				if (!cloneRestricted || (cloneRestricted && authorizedUser)) {
-					// push-restricted or clone-authorized
-					return true;
-				} else {
-					// user is unauthorized to clone this repository
-					logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}",
-							user.username, repository));
-					return false;
-				}
+		if (action.equals(gitReceivePack)) {
+			// Push request
+			if (user.canPush(repository)) {
+				return true;
+			} else {
+				// user is unauthorized to push to this repository
+				logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",
+						user.username, repository));
+				return false;
+			}
+		} else if (action.equals(gitUploadPack)) {
+			// Clone request
+			if (user.canClone(repository)) {
+				return true;
+			} else {
+				// user is unauthorized to clone this repository
+				logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}",
+						user.username, repository));
+				return false;
 			}
 		}
 		return true;

--
Gitblit v1.9.1