From 2ea85bfe371215ef21fcd528bc40fa57c48ee698 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 31 Oct 2012 16:38:03 -0400
Subject: [PATCH] Personal repositories must always be owned by the account the repo is stored in

---
 src/com/gitblit/wicket/pages/RepositoryPage.java |   34 +++++++++++++++++++++++++++++-----
 1 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/RepositoryPage.java b/src/com/gitblit/wicket/pages/RepositoryPage.java
index 879c432..2bd1ec2 100644
--- a/src/com/gitblit/wicket/pages/RepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/RepositoryPage.java
@@ -48,6 +48,7 @@
 import com.gitblit.PagesServlet;
 import com.gitblit.SyndicationServlet;
 import com.gitblit.models.ProjectModel;
+import com.gitblit.models.RefModel;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.SubmoduleModel;
 import com.gitblit.models.UserModel;
@@ -97,6 +98,26 @@
 
 		if (!getRepositoryModel().hasCommits) {
 			setResponsePage(EmptyRepositoryPage.class, params);
+		}
+		
+		if (getRepositoryModel().isCollectingGarbage) {
+			error(MessageFormat.format(getString("gb.busyCollectingGarbage"), getRepositoryModel().name), true);
+		}
+
+		if (objectId != null) {
+			RefModel branch = null;
+			if ((branch = JGitUtils.getBranch(getRepository(), objectId)) != null) {
+				UserModel user = GitBlitWebSession.get().getUser();
+				if (user == null) {
+					// workaround until get().getUser() is reviewed throughout the app
+					user = UserModel.ANONYMOUS;
+				}
+				boolean canAccess = user.hasBranchPermission(repositoryName,
+								branch.reference.getName());
+				if (!canAccess) {
+					error(getString("gb.accessDeined"), true);
+				}
+			}
 		}
 
 		// register the available page links for this page and user
@@ -196,6 +217,9 @@
 		add(new Label("pageName", pageName).setRenderBodyOnly(true));
 		
 		UserModel user = GitBlitWebSession.get().getUser();
+		if (user == null) {
+			user = UserModel.ANONYMOUS;
+		}
 
 		// indicate origin repository
 		RepositoryModel model = getRepositoryModel();
@@ -206,7 +230,7 @@
 			if (origin == null) {
 				// no origin repository
 				add(new Label("originRepository").setVisible(false));
-			} else if (!user.canViewRepository(origin)) {
+			} else if (!user.canView(origin)) {
 				// show origin repository without link
 				Fragment forkFrag = new Fragment("originRepository", "originFragment", this);
 				forkFrag.add(new Label("originRepository", StringUtils.stripDotGit(model.originRepository)));
@@ -231,7 +255,7 @@
 		}
 
 		// fork controls
-		if (!allowForkControls() || user == null) {
+		if (!allowForkControls() || user == null || !user.isAuthenticated) {
 			// must be logged-in to fork, hide all fork controls
 			add(new ExternalLink("forkLink", "").setVisible(false));
 			add(new ExternalLink("myForkLink", "").setVisible(false));
@@ -239,13 +263,13 @@
 		} else {
 			String fork = GitBlit.self().getFork(user.username, model.name);
 			boolean hasFork = fork != null;
-			boolean canFork = user.canForkRepository(model);
+			boolean canFork = user.canFork(model);
 
 			if (hasFork || !canFork) {
 				// user not allowed to fork or fork already exists or repo forbids forking
 				add(new ExternalLink("forkLink", "").setVisible(false));
 				
-				if (user.canFork && !model.allowForks) {
+				if (user.canFork() && !model.allowForks) {
 					// show forks prohibited indicator
 					Fragment wc = new Fragment("forksProhibitedIndicator", "forksProhibitedFragment", this);
 					Label lbl = new Label("forksProhibited", getString("gb.forksProhibited"));
@@ -573,4 +597,4 @@
 			getRequestCycle().setRequestTarget(new RedirectRequestTarget(absoluteUrl));
 		}
 	}
-}
\ No newline at end of file
+}

--
Gitblit v1.9.1