From 27ae9095639bb228a1b7ff86a3ebe4264abf05be Mon Sep 17 00:00:00 2001
From: mschaefers <mschaefers@scoop-gmbh.de>
Date: Thu, 29 Nov 2012 12:33:09 -0500
Subject: [PATCH] feature: when using LdapUserService one can configure Gitblit to fetch all users from ldap that can possibly login. This allows to see newly generated LDAP users instantly in Gitblit. By now an LDAP user had to log in once to appear in GitBlit.
---
src/com/gitblit/wicket/pages/EditRepositoryPage.java | 283 +++++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 227 insertions(+), 56 deletions(-)
diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index 572f650..dead34a 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -27,6 +27,9 @@
import java.util.Set;
import org.apache.wicket.PageParameters;
+import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.ajax.form.AjaxFormChoiceComponentUpdatingBehavior;
+import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
import org.apache.wicket.behavior.SimpleAttributeModifier;
import org.apache.wicket.extensions.markup.html.form.palette.Palette;
import org.apache.wicket.markup.html.WebMarkupContainer;
@@ -36,6 +39,7 @@
import org.apache.wicket.markup.html.form.DropDownChoice;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.IChoiceRenderer;
+import org.apache.wicket.markup.html.form.RadioChoice;
import org.apache.wicket.markup.html.form.TextField;
import org.apache.wicket.markup.html.list.ListItem;
import org.apache.wicket.markup.html.list.ListView;
@@ -47,10 +51,13 @@
import com.gitblit.Constants;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationStrategy;
+import com.gitblit.Constants.RegistrantType;
import com.gitblit.GitBlit;
import com.gitblit.GitBlitException;
import com.gitblit.Keys;
+import com.gitblit.models.RegistrantAccessPermission;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.UserModel;
import com.gitblit.utils.ArrayUtils;
@@ -59,12 +66,15 @@
import com.gitblit.wicket.StringChoiceRenderer;
import com.gitblit.wicket.WicketUtils;
import com.gitblit.wicket.panels.BulletListPanel;
+import com.gitblit.wicket.panels.RegistrantPermissionsPanel;
public class EditRepositoryPage extends RootSubPage {
private final boolean isCreate;
private boolean isAdmin;
+
+ RepositoryModel repositoryModel;
private IModel<String> mailingLists;
@@ -75,7 +85,24 @@
RepositoryModel model = new RepositoryModel();
String restriction = GitBlit.getString(Keys.git.defaultAccessRestriction, null);
model.accessRestriction = AccessRestrictionType.fromName(restriction);
+ String authorization = GitBlit.getString(Keys.git.defaultAuthorizationControl, null);
+ model.authorizationControl = AuthorizationControl.fromName(authorization);
+
+ GitBlitWebSession session = GitBlitWebSession.get();
+ UserModel user = session.getUser();
+ if (user != null && user.canCreate() && !user.canAdmin()) {
+ // personal create permissions, inject personal repository path
+ model.name = user.getPersonalPath() + "/";
+ model.projectPath = user.getPersonalPath();
+ model.owner = user.username;
+ // personal repositories are private by default
+ model.accessRestriction = AccessRestrictionType.VIEW;
+ model.authorizationControl = AuthorizationControl.NAMED;
+ }
+
setupPage(model);
+ setStatelessHint(false);
+ setOutputMarkupId(true);
}
public EditRepositoryPage(PageParameters params) {
@@ -85,28 +112,45 @@
String name = WicketUtils.getRepositoryName(params);
RepositoryModel model = GitBlit.self().getRepositoryModel(name);
setupPage(model);
+ setStatelessHint(false);
+ setOutputMarkupId(true);
+ }
+
+ @Override
+ protected boolean requiresPageMap() {
+ return true;
}
- protected void setupPage(final RepositoryModel repositoryModel) {
+ protected void setupPage(RepositoryModel model) {
+ this.repositoryModel = model;
+
// ensure this user can create or edit this repository
checkPermissions(repositoryModel);
List<String> indexedBranches = new ArrayList<String>();
List<String> federationSets = new ArrayList<String>();
- List<String> repositoryUsers = new ArrayList<String>();
- List<String> repositoryTeams = new ArrayList<String>();
+ final List<RegistrantAccessPermission> repositoryUsers = new ArrayList<RegistrantAccessPermission>();
+ final List<RegistrantAccessPermission> repositoryTeams = new ArrayList<RegistrantAccessPermission>();
List<String> preReceiveScripts = new ArrayList<String>();
List<String> postReceiveScripts = new ArrayList<String>();
+ GitBlitWebSession session = GitBlitWebSession.get();
+ final UserModel user = session.getUser() == null ? UserModel.ANONYMOUS : session.getUser();
+ final boolean allowEditName = isCreate || isAdmin || repositoryModel.isUsersPersonalRepository(user.username);
+
if (isCreate) {
- super.setupPage(getString("gb.newRepository"), "");
+ if (user.canAdmin()) {
+ super.setupPage(getString("gb.newRepository"), "");
+ } else {
+ super.setupPage(getString("gb.newRepository"), user.getDisplayName());
+ }
} else {
super.setupPage(getString("gb.edit"), repositoryModel.name);
- if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
- repositoryUsers.addAll(GitBlit.self().getRepositoryUsers(repositoryModel));
- repositoryTeams.addAll(GitBlit.self().getRepositoryTeams(repositoryModel));
- Collections.sort(repositoryUsers);
- }
+ repositoryUsers.addAll(GitBlit.self().getUserAccessPermissions(repositoryModel));
+ repositoryTeams.addAll(GitBlit.self().getTeamAccessPermissions(repositoryModel));
+ Collections.sort(repositoryUsers);
+ Collections.sort(repositoryTeams);
+
federationSets.addAll(repositoryModel.federationSets);
if (!ArrayUtils.isEmpty(repositoryModel.indexedBranches)) {
indexedBranches.addAll(repositoryModel.indexedBranches);
@@ -114,15 +158,11 @@
}
final String oldName = repositoryModel.name;
- // users palette
- final Palette<String> usersPalette = new Palette<String>("users", new ListModel<String>(
- repositoryUsers), new CollectionModel<String>(GitBlit.self().getAllUsernames()),
- new StringChoiceRenderer(), 10, false);
- // teams palette
- final Palette<String> teamsPalette = new Palette<String>("teams", new ListModel<String>(
- repositoryTeams), new CollectionModel<String>(GitBlit.self().getAllTeamnames()),
- new StringChoiceRenderer(), 8, false);
+ final RegistrantPermissionsPanel usersPalette = new RegistrantPermissionsPanel("users",
+ RegistrantType.USER, GitBlit.self().getAllUsernames(), repositoryUsers, getAccessPermissions());
+ final RegistrantPermissionsPanel teamsPalette = new RegistrantPermissionsPanel("teams",
+ RegistrantType.TEAM, GitBlit.self().getAllTeamnames(), repositoryTeams, getAccessPermissions());
// indexed local branches palette
List<String> allLocalBranches = new ArrayList<String>();
@@ -180,9 +220,9 @@
};
customFieldsListView.setReuseItems(true);
- CompoundPropertyModel<RepositoryModel> model = new CompoundPropertyModel<RepositoryModel>(
+ CompoundPropertyModel<RepositoryModel> rModel = new CompoundPropertyModel<RepositoryModel>(
repositoryModel);
- Form<RepositoryModel> form = new Form<RepositoryModel>("editForm", model) {
+ Form<RepositoryModel> form = new Form<RepositoryModel>("editForm", rModel) {
private static final long serialVersionUID = 1L;
@@ -190,11 +230,14 @@
protected void onSubmit() {
try {
// confirm a repository name was entered
- if (StringUtils.isEmpty(repositoryModel.name)) {
+ if (repositoryModel.name == null && StringUtils.isEmpty(repositoryModel.name)) {
error(getString("gb.pleaseSetRepositoryName"));
return;
}
-
+
+ // ensure name is trimmed
+ repositoryModel.name = repositoryModel.name.trim();
+
// automatically convert backslashes to forward slashes
repositoryModel.name = repositoryModel.name.replace('\\', '/');
// Automatically replace // with /
@@ -212,6 +255,9 @@
if (repositoryModel.name.contains("/../")) {
error(getString("gb.illegalRelativeSlash"));
return;
+ }
+ if (repositoryModel.name.endsWith("/")) {
+ repositoryModel.name = repositoryModel.name.substring(0, repositoryModel.name.length() - 1);
}
// confirm valid characters in repository name
@@ -220,6 +266,22 @@
error(MessageFormat.format(getString("gb.illegalCharacterRepositoryName"),
c));
return;
+ }
+
+ if (user.canCreate() && !user.canAdmin() && allowEditName) {
+ // ensure repository name begins with the user's path
+ if (!repositoryModel.name.startsWith(user.getPersonalPath())) {
+ error(MessageFormat.format(getString("gb.illegalPersonalRepositoryLocation"),
+ user.getPersonalPath()));
+ return;
+ }
+
+ if (repositoryModel.name.equals(user.getPersonalPath())) {
+ // reset path prefix and show error
+ repositoryModel.name = user.getPersonalPath() + "/";
+ error(getString("gb.pleaseSetRepositoryName"));
+ return;
+ }
}
// confirm access restriction selection
@@ -295,28 +357,10 @@
// save the repository
GitBlit.self().updateRepositoryModel(oldName, repositoryModel, isCreate);
- // repository access
+ // repository access permissions
if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
- // save the user access list
- Iterator<String> users = usersPalette.getSelectedChoices();
- List<String> repositoryUsers = new ArrayList<String>();
- while (users.hasNext()) {
- repositoryUsers.add(users.next());
- }
- // ensure the owner is added to the user list
- if (repositoryModel.owner != null
- && !repositoryUsers.contains(repositoryModel.owner)) {
- repositoryUsers.add(repositoryModel.owner);
- }
- GitBlit.self().setRepositoryUsers(repositoryModel, repositoryUsers);
-
- // save the team access list
- Iterator<String> teams = teamsPalette.getSelectedChoices();
- List<String> repositoryTeams = new ArrayList<String>();
- while (teams.hasNext()) {
- repositoryTeams.add(teams.next());
- }
- GitBlit.self().setRepositoryTeams(repositoryModel, repositoryTeams);
+ GitBlit.self().setUserAccessPermissions(repositoryModel, repositoryUsers);
+ GitBlit.self().setTeamAccessPermissions(repositoryModel, repositoryTeams);
}
} catch (GitBlitException e) {
error(e.getMessage());
@@ -331,12 +375,14 @@
form.add(new SimpleAttributeModifier("autocomplete", "off"));
// field names reflective match RepositoryModel fields
- form.add(new TextField<String>("name").setEnabled(isCreate || isAdmin));
+ form.add(new TextField<String>("name").setEnabled(allowEditName));
form.add(new TextField<String>("description"));
form.add(new DropDownChoice<String>("owner", GitBlit.self().getAllUsernames())
- .setEnabled(GitBlitWebSession.get().canAdmin()));
- form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
- .asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));
+ .setEnabled(GitBlitWebSession.get().canAdmin() && !repositoryModel.isPersonalRepository()));
+ form.add(new CheckBox("allowForks"));
+ DropDownChoice<AccessRestrictionType> accessRestriction = new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
+ .asList(AccessRestrictionType.values()), new AccessRestrictionRenderer());
+ form.add(accessRestriction);
form.add(new CheckBox("isFrozen"));
// TODO enable origin definition
form.add(new TextField<String>("origin").setEnabled(false/* isCreate */));
@@ -348,6 +394,11 @@
}
form.add(new DropDownChoice<String>("HEAD", availableRefs).setEnabled(availableRefs.size() > 0));
+ boolean gcEnabled = GitBlit.getBoolean(Keys.git.enableGarbageCollection, false);
+ List<Integer> gcPeriods = Arrays.asList(1, 2, 3, 4, 5, 7, 10, 14 );
+ form.add(new DropDownChoice<Integer>("gcPeriod", gcPeriods, new GCPeriodRenderer()).setEnabled(gcEnabled));
+ form.add(new TextField<String>("gcThreshold").setEnabled(gcEnabled));
+
// federation strategies - remove ORIGIN choice if this repository has
// no origin.
List<FederationStrategy> federationStrategies = new ArrayList<FederationStrategy>(
@@ -358,7 +409,7 @@
form.add(new DropDownChoice<FederationStrategy>("federationStrategy", federationStrategies,
new FederationTypeRenderer()));
form.add(new CheckBox("useTickets"));
- form.add(new CheckBox("useDocs"));
+ form.add(new CheckBox("useDocs"));
form.add(new CheckBox("showRemoteBranches"));
form.add(new CheckBox("showReadme"));
form.add(new CheckBox("skipSizeCalculation"));
@@ -367,20 +418,96 @@
: StringUtils.flattenStrings(repositoryModel.mailingLists, " "));
form.add(new TextField<String>("mailingLists", mailingLists));
form.add(indexedBranchesPalette);
+
+ List<AuthorizationControl> acList = Arrays.asList(AuthorizationControl.values());
+ final RadioChoice<AuthorizationControl> authorizationControl = new RadioChoice<Constants.AuthorizationControl>(
+ "authorizationControl", acList, new AuthorizationControlRenderer());
+ form.add(authorizationControl);
+
+ final CheckBox verifyCommitter = new CheckBox("verifyCommitter");
+ verifyCommitter.setOutputMarkupId(true);
+ form.add(verifyCommitter);
+
form.add(usersPalette);
form.add(teamsPalette);
form.add(federationSetsPalette);
form.add(preReceivePalette);
- form.add(new BulletListPanel("inheritedPreReceive", "inherited", GitBlit.self()
+ form.add(new BulletListPanel("inheritedPreReceive", getString("gb.inherited"), GitBlit.self()
.getPreReceiveScriptsInherited(repositoryModel)));
form.add(postReceivePalette);
- form.add(new BulletListPanel("inheritedPostReceive", "inherited", GitBlit.self()
+ form.add(new BulletListPanel("inheritedPostReceive", getString("gb.inherited"), GitBlit.self()
.getPostReceiveScriptsInherited(repositoryModel)));
WebMarkupContainer customFieldsSection = new WebMarkupContainer("customFieldsSection");
customFieldsSection.add(customFieldsListView);
form.add(customFieldsSection.setVisible(!GitBlit.getString(Keys.groovy.customFields, "").isEmpty()));
+
+ // initial enable/disable of permission controls
+ if (repositoryModel.accessRestriction.equals(AccessRestrictionType.NONE)) {
+ // anonymous everything, disable all controls
+ usersPalette.setEnabled(false);
+ teamsPalette.setEnabled(false);
+ authorizationControl.setEnabled(false);
+ verifyCommitter.setEnabled(false);
+ } else {
+ // authenticated something
+ // enable authorization controls
+ authorizationControl.setEnabled(true);
+ verifyCommitter.setEnabled(true);
+
+ boolean allowFineGrainedControls = repositoryModel.authorizationControl.equals(AuthorizationControl.NAMED);
+ usersPalette.setEnabled(allowFineGrainedControls);
+ teamsPalette.setEnabled(allowFineGrainedControls);
+ }
+
+ accessRestriction.add(new AjaxFormComponentUpdatingBehavior("onchange") {
+
+ private static final long serialVersionUID = 1L;
+ protected void onUpdate(AjaxRequestTarget target) {
+ // enable/disable permissions panel based on access restriction
+ boolean allowAuthorizationControl = repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE);
+ authorizationControl.setEnabled(allowAuthorizationControl);
+ verifyCommitter.setEnabled(allowAuthorizationControl);
+
+ boolean allowFineGrainedControls = allowAuthorizationControl && repositoryModel.authorizationControl.equals(AuthorizationControl.NAMED);
+ usersPalette.setEnabled(allowFineGrainedControls);
+ teamsPalette.setEnabled(allowFineGrainedControls);
+
+ if (allowFineGrainedControls) {
+ repositoryModel.authorizationControl = AuthorizationControl.NAMED;
+ }
+
+ target.addComponent(authorizationControl);
+ target.addComponent(verifyCommitter);
+ target.addComponent(usersPalette);
+ target.addComponent(teamsPalette);
+ }
+ });
+
+ authorizationControl.add(new AjaxFormChoiceComponentUpdatingBehavior() {
+
+ private static final long serialVersionUID = 1L;
+
+ protected void onUpdate(AjaxRequestTarget target) {
+ // enable/disable permissions panel based on access restriction
+ boolean allowAuthorizationControl = repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE);
+ authorizationControl.setEnabled(allowAuthorizationControl);
+
+ boolean allowFineGrainedControls = allowAuthorizationControl && repositoryModel.authorizationControl.equals(AuthorizationControl.NAMED);
+ usersPalette.setEnabled(allowFineGrainedControls);
+ teamsPalette.setEnabled(allowFineGrainedControls);
+
+ if (allowFineGrainedControls) {
+ repositoryModel.authorizationControl = AuthorizationControl.NAMED;
+ }
+
+ target.addComponent(authorizationControl);
+ target.addComponent(usersPalette);
+ target.addComponent(teamsPalette);
+ }
+ });
+
form.add(new Button("save"));
Button cancel = new Button("cancel") {
private static final long serialVersionUID = 1L;
@@ -414,31 +541,31 @@
if (authenticateAdmin) {
if (user == null) {
// No Login Available
- error("Administration requires a login", true);
+ error(getString("gb.errorAdminLoginRequired"), true);
}
if (isCreate) {
// Create Repository
- if (!user.canAdmin) {
- // Only Administrators May Create
- error("Only an administrator may create a repository", true);
+ if (!user.canCreate() && !user.canAdmin()) {
+ // Only administrators or permitted users may create
+ error(getString("gb.errorOnlyAdminMayCreateRepository"), true);
}
} else {
// Edit Repository
- if (user.canAdmin) {
+ if (user.canAdmin()) {
// Admins can edit everything
isAdmin = true;
return;
} else {
if (!model.owner.equalsIgnoreCase(user.username)) {
// User is not an Admin nor Owner
- error("Only an administrator or the owner may edit a repository", true);
+ error(getString("gb.errorOnlyAdminOrOwnerMayEditRepository"), true);
}
}
}
}
} else {
// No Administration Permitted
- error("Administration is disabled", true);
+ error(getString("gb.errorAdministrationDisabled"), true);
}
}
@@ -483,4 +610,48 @@
return Integer.toString(index);
}
}
+
+ private class AuthorizationControlRenderer implements IChoiceRenderer<AuthorizationControl> {
+
+ private static final long serialVersionUID = 1L;
+
+ private final Map<AuthorizationControl, String> map;
+
+ public AuthorizationControlRenderer() {
+ map = getAuthorizationControls();
+ }
+
+ @Override
+ public String getDisplayValue(AuthorizationControl type) {
+ return map.get(type);
+ }
+
+ @Override
+ public String getIdValue(AuthorizationControl type, int index) {
+ return Integer.toString(index);
+ }
+ }
+
+ private class GCPeriodRenderer implements IChoiceRenderer<Integer> {
+
+ private static final long serialVersionUID = 1L;
+
+ public GCPeriodRenderer() {
+ }
+
+ @Override
+ public String getDisplayValue(Integer value) {
+ if (value == 1) {
+ return getString("gb.duration.oneDay");
+ } else {
+ return MessageFormat.format(getString("gb.duration.days"), value);
+ }
+ }
+
+ @Override
+ public String getIdValue(Integer value, int index) {
+ return Integer.toString(index);
+ }
+ }
+
}
--
Gitblit v1.9.1