From 27ae9095639bb228a1b7ff86a3ebe4264abf05be Mon Sep 17 00:00:00 2001
From: mschaefers <mschaefers@scoop-gmbh.de>
Date: Thu, 29 Nov 2012 12:33:09 -0500
Subject: [PATCH] feature: when using LdapUserService one can configure Gitblit to fetch all users from ldap that can possibly login. This allows to see newly generated LDAP users instantly in Gitblit. By now an LDAP user had to log in once to appear in GitBlit.
---
src/com/gitblit/models/TeamModel.java | 228 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 221 insertions(+), 7 deletions(-)
diff --git a/src/com/gitblit/models/TeamModel.java b/src/com/gitblit/models/TeamModel.java
index 3258ef6..9587ca7 100644
--- a/src/com/gitblit/models/TeamModel.java
+++ b/src/com/gitblit/models/TeamModel.java
@@ -16,10 +16,21 @@
package com.gitblit.models;
import java.io.Serializable;
+import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
import java.util.HashSet;
+import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map;
import java.util.Set;
+
+import com.gitblit.Constants.AccessPermission;
+import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.PermissionType;
+import com.gitblit.Constants.RegistrantType;
+import com.gitblit.Constants.Unused;
+import com.gitblit.utils.StringUtils;
/**
* TeamModel is a serializable model class that represents a group of users and
@@ -34,32 +45,235 @@
// field names are reflectively mapped in EditTeam page
public String name;
+ public boolean canAdmin;
+ public boolean canFork;
+ public boolean canCreate;
public final Set<String> users = new HashSet<String>();
+ // retained for backwards-compatibility with RPC clients
+ @Deprecated
public final Set<String> repositories = new HashSet<String>();
+ public final Map<String, AccessPermission> permissions = new LinkedHashMap<String, AccessPermission>();
public final Set<String> mailingLists = new HashSet<String>();
+ public final List<String> preReceiveScripts = new ArrayList<String>();
+ public final List<String> postReceiveScripts = new ArrayList<String>();
public TeamModel(String name) {
this.name = name;
}
+ /**
+ * @use hasRepositoryPermission
+ * @param name
+ * @return
+ */
+ @Deprecated
+ @Unused
public boolean hasRepository(String name) {
- return repositories.contains(name.toLowerCase());
+ return hasRepositoryPermission(name);
}
+ @Deprecated
+ @Unused
public void addRepository(String name) {
- repositories.add(name.toLowerCase());
+ addRepositoryPermission(name);
}
+ @Deprecated
+ @Unused
public void addRepositories(Collection<String> names) {
- for (String name:names) {
- repositories.add(name.toLowerCase());
- }
- }
+ addRepositoryPermissions(names);
+ }
+ @Deprecated
+ @Unused
public void removeRepository(String name) {
- repositories.remove(name.toLowerCase());
+ removeRepositoryPermission(name);
+ }
+
+
+ /**
+ * Returns a list of repository permissions for this team.
+ *
+ * @return the team's list of permissions
+ */
+ public List<RegistrantAccessPermission> getRepositoryPermissions() {
+ List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
+ if (canAdmin) {
+ // team has REWIND access to all repositories
+ return list;
+ }
+ for (Map.Entry<String, AccessPermission> entry : permissions.entrySet()) {
+ String registrant = entry.getKey();
+ String source = null;
+ boolean editable = true;
+ PermissionType pType = PermissionType.EXPLICIT;
+ if (StringUtils.findInvalidCharacter(registrant) != null) {
+ // a regex will have at least 1 invalid character
+ pType = PermissionType.REGEX;
+ source = registrant;
+ }
+ list.add(new RegistrantAccessPermission(registrant, entry.getValue(), pType, RegistrantType.REPOSITORY, source, editable));
+ }
+ Collections.sort(list);
+ return list;
}
+ /**
+ * Returns true if the team has any type of specified access permission for
+ * this repository.
+ *
+ * @param name
+ * @return true if team has a specified access permission for the repository
+ */
+ public boolean hasRepositoryPermission(String name) {
+ String repository = AccessPermission.repositoryFromRole(name).toLowerCase();
+ if (permissions.containsKey(repository)) {
+ // exact repository permission specified
+ return true;
+ } else {
+ // search for regex permission match
+ for (String key : permissions.keySet()) {
+ if (name.matches(key)) {
+ AccessPermission p = permissions.get(key);
+ if (p != null) {
+ return true;
+ }
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Returns true if the team has an explicitly specified access permission for
+ * this repository.
+ *
+ * @param name
+ * @return if the team has an explicitly specified access permission
+ */
+ public boolean hasExplicitRepositoryPermission(String name) {
+ String repository = AccessPermission.repositoryFromRole(name).toLowerCase();
+ return permissions.containsKey(repository);
+ }
+
+ /**
+ * Adds a repository permission to the team.
+ * <p>
+ * Role may be formatted as:
+ * <ul>
+ * <li> myrepo.git <i>(this is implicitly RW+)</i>
+ * <li> RW+:myrepo.git
+ * </ul>
+ * @param role
+ */
+ public void addRepositoryPermission(String role) {
+ AccessPermission permission = AccessPermission.permissionFromRole(role);
+ String repository = AccessPermission.repositoryFromRole(role).toLowerCase();
+ repositories.add(repository);
+ permissions.put(repository, permission);
+ }
+
+ public void addRepositoryPermissions(Collection<String> roles) {
+ for (String role:roles) {
+ addRepositoryPermission(role);
+ }
+ }
+
+ public AccessPermission removeRepositoryPermission(String name) {
+ String repository = AccessPermission.repositoryFromRole(name).toLowerCase();
+ repositories.remove(repository);
+ return permissions.remove(repository);
+ }
+
+ public void setRepositoryPermission(String repository, AccessPermission permission) {
+ permissions.put(repository.toLowerCase(), permission);
+ repositories.add(repository.toLowerCase());
+ }
+
+ public RegistrantAccessPermission getRepositoryPermission(RepositoryModel repository) {
+ RegistrantAccessPermission ap = new RegistrantAccessPermission();
+ ap.registrant = name;
+ ap.registrantType = RegistrantType.TEAM;
+ ap.permission = AccessPermission.NONE;
+ ap.mutable = false;
+
+ if (canAdmin) {
+ ap.permissionType = PermissionType.ADMINISTRATOR;
+ ap.permission = AccessPermission.REWIND;
+ return ap;
+ }
+
+ if (permissions.containsKey(repository.name.toLowerCase())) {
+ // exact repository permission specified
+ AccessPermission p = permissions.get(repository.name.toLowerCase());
+ if (p != null) {
+ ap.permissionType = PermissionType.EXPLICIT;
+ ap.permission = p;
+ ap.mutable = true;
+ return ap;
+ }
+ } else {
+ // search for case-insensitive regex permission match
+ for (String key : permissions.keySet()) {
+ if (StringUtils.matchesIgnoreCase(repository.name, key)) {
+ AccessPermission p = permissions.get(key);
+ if (p != null) {
+ // take first match
+ ap.permissionType = PermissionType.REGEX;
+ ap.permission = p;
+ ap.source = key;
+ return ap;
+ }
+ }
+ }
+ }
+ return ap;
+ }
+
+ protected boolean canAccess(RepositoryModel repository, AccessRestrictionType ifRestriction, AccessPermission requirePermission) {
+ if (repository.accessRestriction.atLeast(ifRestriction)) {
+ RegistrantAccessPermission ap = getRepositoryPermission(repository);
+ return ap.permission.atLeast(requirePermission);
+ }
+ return true;
+ }
+
+ public boolean canView(RepositoryModel repository) {
+ return canAccess(repository, AccessRestrictionType.VIEW, AccessPermission.VIEW);
+ }
+
+ public boolean canClone(RepositoryModel repository) {
+ return canAccess(repository, AccessRestrictionType.CLONE, AccessPermission.CLONE);
+ }
+
+ public boolean canPush(RepositoryModel repository) {
+ if (repository.isFrozen) {
+ return false;
+ }
+ return canAccess(repository, AccessRestrictionType.PUSH, AccessPermission.PUSH);
+ }
+
+ public boolean canCreateRef(RepositoryModel repository) {
+ if (repository.isFrozen) {
+ return false;
+ }
+ return canAccess(repository, AccessRestrictionType.PUSH, AccessPermission.CREATE);
+ }
+
+ public boolean canDeleteRef(RepositoryModel repository) {
+ if (repository.isFrozen) {
+ return false;
+ }
+ return canAccess(repository, AccessRestrictionType.PUSH, AccessPermission.DELETE);
+ }
+
+ public boolean canRewindRef(RepositoryModel repository) {
+ if (repository.isFrozen) {
+ return false;
+ }
+ return canAccess(repository, AccessRestrictionType.PUSH, AccessPermission.REWIND);
+ }
+
public boolean hasUser(String name) {
return users.contains(name.toLowerCase());
}
--
Gitblit v1.9.1