From 2bfb8ab137ac18b60cad0c375c7b9bef67499b94 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 23 Oct 2012 17:35:42 -0400
Subject: [PATCH] Enforce strict order for permission determination
---
src/com/gitblit/models/TeamModel.java | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/com/gitblit/models/TeamModel.java b/src/com/gitblit/models/TeamModel.java
index 6410eb4..7d557db 100644
--- a/src/com/gitblit/models/TeamModel.java
+++ b/src/com/gitblit/models/TeamModel.java
@@ -19,8 +19,8 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
-import java.util.HashMap;
import java.util.HashSet;
+import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -51,7 +51,7 @@
// retained for backwards-compatibility with RPC clients
@Deprecated
public final Set<String> repositories = new HashSet<String>();
- public final Map<String, AccessPermission> permissions = new HashMap<String, AccessPermission>();
+ public final Map<String, AccessPermission> permissions = new LinkedHashMap<String, AccessPermission>();
public final Set<String> mailingLists = new HashSet<String>();
public final List<String> preReceiveScripts = new ArrayList<String>();
public final List<String> postReceiveScripts = new ArrayList<String>();
@@ -191,6 +191,8 @@
AccessPermission p = permissions.get(key);
if (p != null) {
permission = p;
+ // take first match
+ break;
}
}
}
@@ -198,7 +200,7 @@
return permission;
}
- private boolean canAccess(RepositoryModel repository, AccessRestrictionType ifRestriction, AccessPermission requirePermission) {
+ protected boolean canAccess(RepositoryModel repository, AccessRestrictionType ifRestriction, AccessPermission requirePermission) {
if (repository.accessRestriction.atLeast(ifRestriction)) {
AccessPermission permission = getRepositoryPermission(repository);
return permission.atLeast(requirePermission);
--
Gitblit v1.9.1