From 27ae9095639bb228a1b7ff86a3ebe4264abf05be Mon Sep 17 00:00:00 2001
From: mschaefers <mschaefers@scoop-gmbh.de>
Date: Thu, 29 Nov 2012 12:33:09 -0500
Subject: [PATCH] feature: when using LdapUserService one can configure Gitblit to fetch all users from ldap that can possibly login. This allows to see newly generated LDAP users instantly in Gitblit. By now an LDAP user had to log in once to appear in GitBlit.
---
src/com/gitblit/models/UserModel.java | 51 ++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 38 insertions(+), 13 deletions(-)
diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java
index 7742d5d..bd40985 100644
--- a/src/com/gitblit/models/UserModel.java
+++ b/src/com/gitblit/models/UserModel.java
@@ -21,6 +21,7 @@
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -55,6 +56,11 @@
public String cookie;
public String displayName;
public String emailAddress;
+ public String organizationalUnit;
+ public String organization;
+ public String locality;
+ public String stateProvince;
+ public String countryCode;
public boolean canAdmin;
public boolean canFork;
public boolean canCreate;
@@ -138,30 +144,42 @@
*/
public List<RegistrantAccessPermission> getRepositoryPermissions() {
List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
+ if (canAdmin()) {
+ // user has REWIND access to all repositories
+ return list;
+ }
for (Map.Entry<String, AccessPermission> entry : permissions.entrySet()) {
String registrant = entry.getKey();
+ AccessPermission ap = entry.getValue();
String source = null;
- boolean editable = true;
+ boolean mutable = true;
PermissionType pType = PermissionType.EXPLICIT;
- if (canAdmin()) {
- pType = PermissionType.ADMINISTRATOR;
- editable = false;
- } else if (isMyPersonalRepository(registrant)) {
+ if (isMyPersonalRepository(registrant)) {
pType = PermissionType.OWNER;
- editable = false;
+ ap = AccessPermission.REWIND;
+ mutable = false;
} else if (StringUtils.findInvalidCharacter(registrant) != null) {
// a regex will have at least 1 invalid character
pType = PermissionType.REGEX;
source = registrant;
}
- if (AccessPermission.MISSING.equals(entry.getValue())) {
- // repository can not be found, permission is not editable
- editable = false;
- }
- list.add(new RegistrantAccessPermission(registrant, entry.getValue(), pType, RegistrantType.REPOSITORY, source, editable));
+ list.add(new RegistrantAccessPermission(registrant, ap, pType, RegistrantType.REPOSITORY, source, mutable));
}
Collections.sort(list);
- return list;
+
+ // include immutable team permissions, being careful to preserve order
+ Set<RegistrantAccessPermission> set = new LinkedHashSet<RegistrantAccessPermission>(list);
+ for (TeamModel team : teams) {
+ for (RegistrantAccessPermission teamPermission : team.getRepositoryPermissions()) {
+ // we can not change an inherited team permission, though we can override
+ teamPermission.registrantType = RegistrantType.REPOSITORY;
+ teamPermission.permissionType = PermissionType.TEAM;
+ teamPermission.source = team.name;
+ teamPermission.mutable = false;
+ set.add(teamPermission);
+ }
+ }
+ return new ArrayList<RegistrantAccessPermission>(set);
}
/**
@@ -254,6 +272,13 @@
ap.permission = AccessPermission.NONE;
ap.mutable = false;
+ if (AccessRestrictionType.NONE.equals(repository.accessRestriction)) {
+ // anonymous rewind
+ ap.permissionType = PermissionType.ADMINISTRATOR;
+ ap.permission = AccessPermission.REWIND;
+ return ap;
+ }
+
// administrator
if (canAdmin()) {
ap.permissionType = PermissionType.ADMINISTRATOR;
@@ -278,7 +303,7 @@
}
if (AuthorizationControl.AUTHENTICATED.equals(repository.authorizationControl) && isAuthenticated) {
- // AUTHENTICATED is a shortcut for authorizing all logged-in users RW access
+ // AUTHENTICATED is a shortcut for authorizing all logged-in users RW+ access
ap.permission = AccessPermission.REWIND;
return ap;
}
--
Gitblit v1.9.1