From 2d48e28bf1068b20129b2e3d5b96ecaff48f9f2f Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 23 Oct 2012 22:27:56 -0400
Subject: [PATCH] Implemented exclusion (X) permission

---
 src/com/gitblit/GitBlit.java |   65 +++++++++++++++++++-------------
 1 files changed, 39 insertions(+), 26 deletions(-)

diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index af13e02..e83da93 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -78,20 +78,20 @@
 import com.gitblit.Constants.FederationRequest;
 import com.gitblit.Constants.FederationStrategy;
 import com.gitblit.Constants.FederationToken;
+import com.gitblit.Constants.RegistrantType;
 import com.gitblit.models.FederationModel;
 import com.gitblit.models.FederationProposal;
 import com.gitblit.models.FederationSet;
 import com.gitblit.models.ForkModel;
 import com.gitblit.models.Metric;
 import com.gitblit.models.ProjectModel;
+import com.gitblit.models.RegistrantAccessPermission;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.SearchResult;
 import com.gitblit.models.ServerSettings;
 import com.gitblit.models.ServerStatus;
 import com.gitblit.models.SettingModel;
-import com.gitblit.models.TeamAccessPermission;
 import com.gitblit.models.TeamModel;
-import com.gitblit.models.UserAccessPermission;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.ByteFormat;
@@ -637,11 +637,13 @@
 	 * @param repository
 	 * @return a list of User-AccessPermission tuples
 	 */
-	public List<UserAccessPermission> getUserAccessPermissions(RepositoryModel repository) {
-		List<UserAccessPermission> permissions = new ArrayList<UserAccessPermission>();
+	public List<RegistrantAccessPermission> getUserAccessPermissions(RepositoryModel repository) {
+		List<RegistrantAccessPermission> permissions = new ArrayList<RegistrantAccessPermission>();
 		for (String user : userService.getUsernamesForRepositoryRole(repository.name)) {
-			AccessPermission ap = userService.getUserModel(user).getRepositoryPermission(repository);
-			permissions.add(new UserAccessPermission(user, ap));
+			UserModel model = userService.getUserModel(user);
+			AccessPermission ap = model.getRepositoryPermission(repository);
+			boolean isExplicit = model.hasExplicitRepositoryPermission(repository.name);
+			permissions.add(new RegistrantAccessPermission(user, ap, isExplicit, RegistrantType.USER));
 		}
 		return permissions;
 	}
@@ -653,12 +655,15 @@
 	 * @param permissions
 	 * @return true if the user models have been updated
 	 */
-	public boolean setUserAccessPermissions(RepositoryModel repository, List<UserAccessPermission> permissions) {
+	public boolean setUserAccessPermissions(RepositoryModel repository, Collection<RegistrantAccessPermission> permissions) {
 		List<UserModel> users = new ArrayList<UserModel>();
-		for (UserAccessPermission up : permissions) {
-			UserModel user = userService.getUserModel(up.user);
-			user.setRepositoryPermission(repository.name, up.permission);
-			users.add(user);
+		for (RegistrantAccessPermission up : permissions) {
+			if (up.isExplicit) {
+				// only set explicitly defined permissions
+				UserModel user = userService.getUserModel(up.registrant);
+				user.setRepositoryPermission(repository.name, up.permission);
+				users.add(user);
+			}
 		}
 		return userService.updateUserModels(users);
 	}
@@ -686,7 +691,9 @@
 	 */
 	@Deprecated
 	public boolean setRepositoryUsers(RepositoryModel repository, List<String> repositoryUsers) {
-		return userService.setUsernamesForRepositoryRole(repository.name, repositoryUsers);
+		// rejects all changes since 1.2.0 because this would elevate
+		// all discrete access permissions to RW+
+		return false;
 	}
 
 	/**
@@ -767,11 +774,13 @@
 	 * @param repository
 	 * @return a list of Team-AccessPermission tuples
 	 */
-	public List<TeamAccessPermission> getTeamAccessPermissions(RepositoryModel repository) {
-		List<TeamAccessPermission> permissions = new ArrayList<TeamAccessPermission>();
+	public List<RegistrantAccessPermission> getTeamAccessPermissions(RepositoryModel repository) {
+		List<RegistrantAccessPermission> permissions = new ArrayList<RegistrantAccessPermission>();
 		for (String team : userService.getTeamnamesForRepositoryRole(repository.name)) {
-			AccessPermission ap = userService.getTeamModel(team).getRepositoryPermission(repository);
-			permissions.add(new TeamAccessPermission(team, ap));
+			TeamModel model = userService.getTeamModel(team);
+			AccessPermission ap = model.getRepositoryPermission(repository);
+			boolean isExplicit = model.hasExplicitRepositoryPermission(repository.name);
+			permissions.add(new RegistrantAccessPermission(team, ap, isExplicit, RegistrantType.TEAM));
 		}
 		return permissions;
 	}
@@ -783,25 +792,27 @@
 	 * @param permissions
 	 * @return true if the team models have been updated
 	 */
-	public boolean setTeamAccessPermissions(RepositoryModel repository, List<TeamAccessPermission> permissions) {
+	public boolean setTeamAccessPermissions(RepositoryModel repository, Collection<RegistrantAccessPermission> permissions) {
 		List<TeamModel> teams = new ArrayList<TeamModel>();
-		for (TeamAccessPermission tp : permissions) {
-			TeamModel team = userService.getTeamModel(tp.team);
-			team.setRepositoryPermission(repository.name, tp.permission);
-			teams.add(team);
+		for (RegistrantAccessPermission tp : permissions) {
+			if (tp.isExplicit) {
+				// only set explicitly defined access permissions
+				TeamModel team = userService.getTeamModel(tp.registrant);
+				team.setRepositoryPermission(repository.name, tp.permission);
+				teams.add(team);
+			}
 		}
 		return userService.updateTeamModels(teams);
 	}
 	
 	/**
-	 * Returns the list of all teams who are allowed to bypass the access
-	 * restriction placed on the specified repository.
+	 * Returns the list of all teams who have an explicit access permission for
+	 * the specified repository.
 	 * 
 	 * @see IUserService.getTeamnamesForRepositoryRole(String)
 	 * @param repository
-	 * @return list of all teamnames that can bypass the access restriction
+	 * @return list of all teamnames with explicit access permissions to the repository
 	 */
-	@Deprecated
 	public List<String> getRepositoryTeams(RepositoryModel repository) {
 		return userService.getTeamnamesForRepositoryRole(repository.name);
 	}
@@ -817,7 +828,9 @@
 	 */
 	@Deprecated
 	public boolean setRepositoryTeams(RepositoryModel repository, List<String> repositoryTeams) {
-		return userService.setTeamnamesForRepositoryRole(repository.name, repositoryTeams);
+		// rejects all changes since 1.2.0 because this would elevate
+		// all discrete access permissions to RW+
+		return false;
 	}
 
 	/**

--
Gitblit v1.9.1