From 27ae9095639bb228a1b7ff86a3ebe4264abf05be Mon Sep 17 00:00:00 2001
From: mschaefers <mschaefers@scoop-gmbh.de>
Date: Thu, 29 Nov 2012 12:33:09 -0500
Subject: [PATCH] feature: when using LdapUserService one can configure Gitblit to fetch all users from ldap that can possibly login. This allows to see newly generated LDAP users instantly in Gitblit. By now an LDAP user had to log in once to appear in GitBlit.
---
src/com/gitblit/client/GitblitClient.java | 181 +++++++++++++++++++++++++++++++++++++++------
1 files changed, 157 insertions(+), 24 deletions(-)
diff --git a/src/com/gitblit/client/GitblitClient.java b/src/com/gitblit/client/GitblitClient.java
index d37ee91..1101cd6 100644
--- a/src/com/gitblit/client/GitblitClient.java
+++ b/src/com/gitblit/client/GitblitClient.java
@@ -28,6 +28,11 @@
import java.util.TreeSet;
import com.gitblit.Constants;
+import com.gitblit.Constants.AccessPermission;
+import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
+import com.gitblit.Constants.PermissionType;
+import com.gitblit.Constants.RegistrantType;
import com.gitblit.GitBlitException.ForbiddenException;
import com.gitblit.GitBlitException.NotAllowedException;
import com.gitblit.GitBlitException.UnauthorizedException;
@@ -36,11 +41,13 @@
import com.gitblit.models.FederationModel;
import com.gitblit.models.FeedEntryModel;
import com.gitblit.models.FeedModel;
+import com.gitblit.models.RegistrantAccessPermission;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.ServerSettings;
import com.gitblit.models.ServerStatus;
import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
+import com.gitblit.utils.ArrayUtils;
import com.gitblit.utils.RpcUtils;
import com.gitblit.utils.StringUtils;
import com.gitblit.utils.SyndicationUtils;
@@ -184,6 +191,22 @@
return sb.toString();
}
}
+
+ public AccessRestrictionType getDefaultAccessRestriction() {
+ String restriction = null;
+ if (settings.hasKey(Keys.git.defaultAccessRestriction)) {
+ restriction = settings.get(Keys.git.defaultAccessRestriction).currentValue;
+ }
+ return AccessRestrictionType.fromName(restriction);
+ }
+
+ public AuthorizationControl getDefaultAuthorizationControl() {
+ String authorization = null;
+ if (settings.hasKey(Keys.git.defaultAuthorizationControl)) {
+ authorization = settings.get(Keys.git.defaultAuthorizationControl).currentValue;
+ }
+ return AuthorizationControl.fromName(authorization);
+ }
/**
* Returns the list of pre-receive scripts the repository inherited from the
@@ -208,7 +231,9 @@
if (repository != null) {
for (String teamname : getPermittedTeamnames(repository)) {
TeamModel team = getTeamModel(teamname);
- scripts.addAll(team.preReceiveScripts);
+ if (!ArrayUtils.isEmpty(team.preReceiveScripts)) {
+ scripts.addAll(team.preReceiveScripts);
+ }
}
}
return new ArrayList<String>(scripts);
@@ -258,7 +283,9 @@
if (repository != null) {
for (String teamname : getPermittedTeamnames(repository)) {
TeamModel team = getTeamModel(teamname);
- scripts.addAll(team.postReceiveScripts);
+ if (!ArrayUtils.isEmpty(team.postReceiveScripts)) {
+ scripts.addAll(team.postReceiveScripts);
+ }
}
}
return new ArrayList<String>(scripts);
@@ -278,9 +305,11 @@
// create list of available scripts by excluding inherited scripts
List<String> scripts = new ArrayList<String>();
- for (String script : settings.pushScripts) {
- if (!inherited.contains(script)) {
- scripts.add(script);
+ if (!ArrayUtils.isEmpty(settings.pushScripts)) {
+ for (String script : settings.pushScripts) {
+ if (!inherited.contains(script)) {
+ scripts.add(script);
+ }
}
}
return scripts;
@@ -312,6 +341,7 @@
List<UserModel> users = RpcUtils.getUsers(url, account, password);
allUsers.clear();
allUsers.addAll(users);
+ Collections.sort(users);
return allUsers;
}
@@ -319,6 +349,7 @@
List<TeamModel> teams = RpcUtils.getTeams(url, account, password);
allTeams.clear();
allTeams.addAll(teams);
+ Collections.sort(teams);
return allTeams;
}
@@ -447,6 +478,15 @@
public List<UserModel> getUsers() {
return allUsers;
}
+
+ public UserModel getUser(String username) {
+ for (UserModel user : getUsers()) {
+ if (user.username.equalsIgnoreCase(username)) {
+ return user;
+ }
+ }
+ return null;
+ }
public List<String> getUsernames() {
List<String> usernames = new ArrayList<String>();
@@ -460,11 +500,75 @@
public List<String> getPermittedUsernames(RepositoryModel repository) {
List<String> usernames = new ArrayList<String>();
for (UserModel user : this.allUsers) {
- if (user.repositories.contains(repository.name)) {
+ if (user.hasRepositoryPermission(repository.name)) {
usernames.add(user.username);
}
}
return usernames;
+ }
+
+ /**
+ * Returns the effective list of permissions for this user, taking into account
+ * team memberships, ownerships.
+ *
+ * @param user
+ * @return the effective list of permissions for the user
+ */
+ public List<RegistrantAccessPermission> getUserAccessPermissions(UserModel user) {
+ Set<RegistrantAccessPermission> set = new LinkedHashSet<RegistrantAccessPermission>();
+ set.addAll(user.getRepositoryPermissions());
+ // Flag missing repositories
+ for (RegistrantAccessPermission permission : set) {
+ if (permission.mutable && PermissionType.EXPLICIT.equals(permission.permissionType)) {
+ RepositoryModel rm = getRepository(permission.registrant);
+ if (rm == null) {
+ permission.permissionType = PermissionType.MISSING;
+ permission.mutable = false;
+ continue;
+ }
+ }
+ }
+
+ // TODO reconsider ownership as a user property
+ // manually specify personal repository ownerships
+ for (RepositoryModel rm : allRepositories) {
+ if (rm.isUsersPersonalRepository(user.username) || rm.isOwner(user.username)) {
+ RegistrantAccessPermission rp = new RegistrantAccessPermission(rm.name, AccessPermission.REWIND,
+ PermissionType.OWNER, RegistrantType.REPOSITORY, null, false);
+ // user may be owner of a repository to which they've inherited
+ // a team permission, replace any existing perm with owner perm
+ set.remove(rp);
+ set.add(rp);
+ }
+ }
+
+ List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>(set);
+ Collections.sort(list);
+ return list;
+ }
+
+ public List<RegistrantAccessPermission> getUserAccessPermissions(RepositoryModel repository) {
+ List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
+ if (AccessRestrictionType.NONE.equals(repository.accessRestriction)) {
+ // no permissions needed, REWIND for everyone!
+ return list;
+ }
+ if (AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl)) {
+ // no permissions needed, REWIND for authenticated!
+ return list;
+ }
+ // NAMED users and teams
+ for (UserModel user : allUsers) {
+ RegistrantAccessPermission ap = user.getRepositoryPermission(repository);
+ if (ap.permission.exceeds(AccessPermission.NONE)) {
+ list.add(ap);
+ }
+ }
+ return list;
+ }
+
+ public boolean setUserAccessPermissions(RepositoryModel repository, List<RegistrantAccessPermission> permissions) throws IOException {
+ return RpcUtils.setRepositoryMemberPermissions(repository, permissions, url, account, password);
}
public List<TeamModel> getTeams() {
@@ -483,13 +587,29 @@
public List<String> getPermittedTeamnames(RepositoryModel repository) {
List<String> teamnames = new ArrayList<String>();
for (TeamModel team : this.allTeams) {
- if (team.repositories.contains(repository.name)) {
+ if (team.hasRepositoryPermission(repository.name)) {
teamnames.add(team.name);
}
}
return teamnames;
}
+ public List<RegistrantAccessPermission> getTeamAccessPermissions(RepositoryModel repository) {
+ List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
+ for (TeamModel team : allTeams) {
+ RegistrantAccessPermission ap = team.getRepositoryPermission(repository);
+ if (ap.permission.exceeds(AccessPermission.NONE)) {
+ list.add(ap);
+ }
+ }
+ Collections.sort(list);
+ return list;
+ }
+
+ public boolean setTeamAccessPermissions(RepositoryModel repository, List<RegistrantAccessPermission> permissions) throws IOException {
+ return RpcUtils.setRepositoryTeamPermissions(repository, permissions, url, account, password);
+ }
+
public TeamModel getTeamModel(String name) {
for (TeamModel team : allTeams) {
if (team.name.equalsIgnoreCase(name)) {
@@ -506,45 +626,54 @@
public List<RepositoryModel> getRepositories() {
return allRepositories;
}
-
- public boolean createRepository(RepositoryModel repository, List<String> permittedUsers)
- throws IOException {
- return createRepository(repository, permittedUsers, null);
+
+ public RepositoryModel getRepository(String name) {
+ for (RepositoryModel repository : allRepositories) {
+ if (repository.name.equalsIgnoreCase(name)) {
+ return repository;
+ }
+ }
+ return null;
}
- public boolean createRepository(RepositoryModel repository, List<String> permittedUsers,
- List<String> permittedTeams) throws IOException {
+ public boolean createRepository(RepositoryModel repository, List<RegistrantAccessPermission> userPermissions)
+ throws IOException {
+ return createRepository(repository, userPermissions, null);
+ }
+
+ public boolean createRepository(RepositoryModel repository, List<RegistrantAccessPermission> userPermissions,
+ List<RegistrantAccessPermission> teamPermissions) throws IOException {
boolean success = true;
success &= RpcUtils.createRepository(repository, url, account, password);
- if (permittedUsers != null && permittedUsers.size() > 0) {
+ if (userPermissions != null && userPermissions.size() > 0) {
// if new repository has named members, set them
- success &= RpcUtils.setRepositoryMembers(repository, permittedUsers, url, account,
+ success &= RpcUtils.setRepositoryMemberPermissions(repository, userPermissions, url, account,
password);
}
- if (permittedTeams != null && permittedTeams.size() > 0) {
+ if (teamPermissions != null && teamPermissions.size() > 0) {
// if new repository has named teams, set them
- success &= RpcUtils.setRepositoryTeams(repository, permittedTeams, url, account,
+ success &= RpcUtils.setRepositoryTeamPermissions(repository, teamPermissions, url, account,
password);
}
return success;
}
public boolean updateRepository(String name, RepositoryModel repository,
- List<String> permittedUsers) throws IOException {
- return updateRepository(name, repository, permittedUsers, null);
+ List<RegistrantAccessPermission> userPermissions) throws IOException {
+ return updateRepository(name, repository, userPermissions, null);
}
public boolean updateRepository(String name, RepositoryModel repository,
- List<String> permittedUsers, List<String> permittedTeams) throws IOException {
+ List<RegistrantAccessPermission> userPermissions, List<RegistrantAccessPermission> teamPermissions) throws IOException {
boolean success = true;
success &= RpcUtils.updateRepository(name, repository, url, account, password);
// set the repository members
- if (permittedUsers != null) {
- success &= RpcUtils.setRepositoryMembers(repository, permittedUsers, url, account,
+ if (userPermissions != null) {
+ success &= RpcUtils.setRepositoryMemberPermissions(repository, userPermissions, url, account,
password);
}
- if (permittedTeams != null) {
- success &= RpcUtils.setRepositoryTeams(repository, permittedTeams, url, account,
+ if (teamPermissions != null) {
+ success &= RpcUtils.setRepositoryTeamPermissions(repository, teamPermissions, url, account,
password);
}
return success;
@@ -553,6 +682,10 @@
public boolean deleteRepository(RepositoryModel repository) throws IOException {
return RpcUtils.deleteRepository(repository, url, account, password);
}
+
+ public boolean clearRepositoryCache() throws IOException {
+ return RpcUtils.clearRepositoryCache(url, account, password);
+ }
public boolean createUser(UserModel user) throws IOException {
return RpcUtils.createUser(user, url, account, password);
--
Gitblit v1.9.1