From 5e88265c36b93f63a68bcafb373434a9fbbaa42e Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 19 Oct 2012 22:47:34 -0400
Subject: [PATCH] Construct access permissions from already retrieved data
---
src/com/gitblit/GitBlit.java | 416 ++++++++++++++++++++++++++++++++++++++++++----------------
1 files changed, 300 insertions(+), 116 deletions(-)
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index f86c66a..ce556b6 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -55,35 +55,37 @@
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
import org.apache.wicket.protocol.http.WebResponse;
-import org.eclipse.jgit.errors.RepositoryNotFoundException;
+import org.apache.wicket.resource.ContextRelativeResource;
+import org.apache.wicket.util.resource.ResourceStreamNotFoundException;
import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.lib.RepositoryCache;
import org.eclipse.jgit.lib.RepositoryCache.FileKey;
import org.eclipse.jgit.lib.StoredConfig;
import org.eclipse.jgit.storage.file.FileBasedConfig;
import org.eclipse.jgit.storage.file.WindowCache;
import org.eclipse.jgit.storage.file.WindowCacheConfig;
-import org.eclipse.jgit.transport.ServiceMayNotContinueException;
-import org.eclipse.jgit.transport.resolver.FileResolver;
-import org.eclipse.jgit.transport.resolver.RepositoryResolver;
-import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
-import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
import org.eclipse.jgit.util.FS;
import org.eclipse.jgit.util.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.gitblit.Constants.AccessPermission;
import com.gitblit.Constants.AccessRestrictionType;
import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.Constants.FederationRequest;
import com.gitblit.Constants.FederationStrategy;
import com.gitblit.Constants.FederationToken;
+import com.gitblit.Constants.RegistrantType;
import com.gitblit.models.FederationModel;
import com.gitblit.models.FederationProposal;
import com.gitblit.models.FederationSet;
+import com.gitblit.models.ForkModel;
import com.gitblit.models.Metric;
import com.gitblit.models.ProjectModel;
+import com.gitblit.models.RegistrantAccessPermission;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.SearchResult;
import com.gitblit.models.ServerSettings;
@@ -101,6 +103,7 @@
import com.gitblit.utils.MetricUtils;
import com.gitblit.utils.ObjectCache;
import com.gitblit.utils.StringUtils;
+import com.gitblit.wicket.WicketUtils;
/**
* GitBlit is the servlet context listener singleton that acts as the core for
@@ -141,8 +144,6 @@
private final AtomicReference<String> repositoryListSettingsChecksum = new AtomicReference<String>("");
- private RepositoryResolver<Void> repositoryResolver;
-
private ServletContext servletContext;
private File repositoriesFolder;
@@ -168,6 +169,11 @@
// set the static singleton reference
gitblit = this;
}
+ }
+
+ public GitBlit(final IUserService userService) {
+ this.userService = userService;
+ gitblit = this;
}
/**
@@ -515,6 +521,28 @@
}
/**
+ * Authenticate a user based on HTTP request paramters.
+ * This method is inteded to be used as fallback when other
+ * means of authentication are failing (username / password or cookies).
+ * @param httpRequest
+ * @return a user object or null
+ */
+ public UserModel authenticate(HttpServletRequest httpRequest) {
+ return null;
+ }
+
+ /**
+ * Open a file resource using the Servlet container.
+ * @param file to open
+ * @return InputStream of the opened file
+ * @throws ResourceStreamNotFoundException
+ */
+ public InputStream getResourceAsStream(String file) throws ResourceStreamNotFoundException {
+ ContextRelativeResource res = WicketUtils.getResource(file);
+ return res.getResourceStream().getInputStream();
+ }
+
+ /**
* Sets a cookie for the specified user.
*
* @param response
@@ -604,12 +632,44 @@
}
/**
- * Returns the list of all users who are allowed to bypass the access
- * restriction placed on the specified repository.
+ * Returns the list of users and their access permissions for the specified repository.
+ *
+ * @param repository
+ * @return a list of User-AccessPermission tuples
+ */
+ public List<RegistrantAccessPermission> getUserAccessPermissions(RepositoryModel repository) {
+ List<RegistrantAccessPermission> permissions = new ArrayList<RegistrantAccessPermission>();
+ for (String user : userService.getUsernamesForRepositoryRole(repository.name)) {
+ AccessPermission ap = userService.getUserModel(user).getRepositoryPermission(repository);
+ permissions.add(new RegistrantAccessPermission(user, ap, RegistrantType.USER));
+ }
+ return permissions;
+ }
+
+ /**
+ * Sets the access permissions to the specified repository for the specified users.
+ *
+ * @param repository
+ * @param permissions
+ * @return true if the user models have been updated
+ */
+ public boolean setUserAccessPermissions(RepositoryModel repository, Collection<RegistrantAccessPermission> permissions) {
+ List<UserModel> users = new ArrayList<UserModel>();
+ for (RegistrantAccessPermission up : permissions) {
+ UserModel user = userService.getUserModel(up.registrant);
+ user.setRepositoryPermission(repository.name, up.permission);
+ users.add(user);
+ }
+ return userService.updateUserModels(users);
+ }
+
+ /**
+ * Returns the list of all users who have an explicit access permission
+ * for the specified repository.
*
* @see IUserService.getUsernamesForRepositoryRole(String)
* @param repository
- * @return list of all usernames that can bypass the access restriction
+ * @return list of all usernames that have an access permission for the repository
*/
public List<String> getRepositoryUsers(RepositoryModel repository) {
return userService.getUsernamesForRepositoryRole(repository.name);
@@ -624,8 +684,11 @@
* @param usernames
* @return true if successful
*/
+ @Deprecated
public boolean setRepositoryUsers(RepositoryModel repository, List<String> repositoryUsers) {
- return userService.setUsernamesForRepositoryRole(repository.name, repositoryUsers);
+ // rejects all changes since 1.2.0 because this would elevate
+ // all discrete access permissions to RW+
+ return false;
}
/**
@@ -645,6 +708,22 @@
throw new GitBlitException(MessageFormat.format(
"Failed to rename ''{0}'' because ''{1}'' already exists.", username,
user.username));
+ }
+
+ // rename repositories and owner fields for all repositories
+ for (RepositoryModel model : getRepositoryModels(user)) {
+ if (model.isUsersPersonalRepository(username)) {
+ // personal repository
+ model.owner = user.username;
+ String oldRepositoryName = model.name;
+ model.name = "~" + user.username + model.name.substring(model.projectPath.length());
+ model.projectPath = "~" + user.username;
+ updateRepositoryModel(oldRepositoryName, model, false);
+ } else if (model.isOwner(username)) {
+ // common/shared repo
+ model.owner = user.username;
+ updateRepositoryModel(model.name, model, false);
+ }
}
}
if (!userService.updateUserModel(username, user)) {
@@ -683,14 +762,46 @@
public TeamModel getTeamModel(String teamname) {
return userService.getTeamModel(teamname);
}
-
+
/**
- * Returns the list of all teams who are allowed to bypass the access
- * restriction placed on the specified repository.
+ * Returns the list of teams and their access permissions for the specified repository.
+ *
+ * @param repository
+ * @return a list of Team-AccessPermission tuples
+ */
+ public List<RegistrantAccessPermission> getTeamAccessPermissions(RepositoryModel repository) {
+ List<RegistrantAccessPermission> permissions = new ArrayList<RegistrantAccessPermission>();
+ for (String team : userService.getTeamnamesForRepositoryRole(repository.name)) {
+ AccessPermission ap = userService.getTeamModel(team).getRepositoryPermission(repository);
+ permissions.add(new RegistrantAccessPermission(team, ap, RegistrantType.TEAM));
+ }
+ return permissions;
+ }
+
+ /**
+ * Sets the access permissions to the specified repository for the specified teams.
+ *
+ * @param repository
+ * @param permissions
+ * @return true if the team models have been updated
+ */
+ public boolean setTeamAccessPermissions(RepositoryModel repository, Collection<RegistrantAccessPermission> permissions) {
+ List<TeamModel> teams = new ArrayList<TeamModel>();
+ for (RegistrantAccessPermission tp : permissions) {
+ TeamModel team = userService.getTeamModel(tp.registrant);
+ team.setRepositoryPermission(repository.name, tp.permission);
+ teams.add(team);
+ }
+ return userService.updateTeamModels(teams);
+ }
+
+ /**
+ * Returns the list of all teams who have an explicit access permission for
+ * the specified repository.
*
* @see IUserService.getTeamnamesForRepositoryRole(String)
* @param repository
- * @return list of all teamnames that can bypass the access restriction
+ * @return list of all teamnames with explicit access permissions to the repository
*/
public List<String> getRepositoryTeams(RepositoryModel repository) {
return userService.getTeamnamesForRepositoryRole(repository.name);
@@ -705,8 +816,11 @@
* @param teamnames
* @return true if successful
*/
+ @Deprecated
public boolean setRepositoryTeams(RepositoryModel repository, List<String> repositoryTeams) {
- return userService.setTeamnamesForRepositoryRole(repository.name, repositoryTeams);
+ // rejects all changes since 1.2.0 because this would elevate
+ // all discrete access permissions to RW+
+ return false;
}
/**
@@ -745,17 +859,17 @@
* Adds the repository to the list of cached repositories if Gitblit is
* configured to cache the repository list.
*
- * @param name
+ * @param model
*/
- private void addToCachedRepositoryList(String name, RepositoryModel model) {
+ private void addToCachedRepositoryList(RepositoryModel model) {
if (settings.getBoolean(Keys.git.cacheRepositoryList, true)) {
- repositoryListCache.put(name, model);
+ repositoryListCache.put(model.name, model);
// update the fork origin repository with this repository clone
if (!StringUtils.isEmpty(model.originRepository)) {
if (repositoryListCache.containsKey(model.originRepository)) {
RepositoryModel origin = repositoryListCache.get(model.originRepository);
- origin.addFork(name);
+ origin.addFork(model.name);
}
}
}
@@ -894,32 +1008,18 @@
* @return repository or null
*/
public Repository getRepository(String repositoryName, boolean logError) {
+ File dir = FileKey.resolve(new File(repositoriesFolder, repositoryName), FS.DETECTED);
+ if (dir == null)
+ return null;
+
Repository r = null;
try {
- r = repositoryResolver.open(null, repositoryName);
- } catch (RepositoryNotFoundException e) {
- r = null;
+ FileKey key = FileKey.exact(dir, FS.DETECTED);
+ r = RepositoryCache.open(key, true);
+ } catch (IOException e) {
if (logError) {
logger.error("GitBlit.getRepository(String) failed to find "
+ new File(repositoriesFolder, repositoryName).getAbsolutePath());
- }
- } catch (ServiceNotAuthorizedException e) {
- r = null;
- if (logError) {
- logger.error("GitBlit.getRepository(String) failed to find "
- + new File(repositoriesFolder, repositoryName).getAbsolutePath(), e);
- }
- } catch (ServiceNotEnabledException e) {
- r = null;
- if (logError) {
- logger.error("GitBlit.getRepository(String) failed to find "
- + new File(repositoriesFolder, repositoryName).getAbsolutePath(), e);
- }
- } catch (ServiceMayNotContinueException e) {
- r = null;
- if (logError) {
- logger.error("GitBlit.getRepository(String) failed to find "
- + new File(repositoriesFolder, repositoryName).getAbsolutePath(), e);
}
}
return r;
@@ -977,14 +1077,13 @@
if (model == null) {
return null;
}
- if (model.accessRestriction.atLeast(AccessRestrictionType.VIEW)) {
- if (user != null && user.canAccessRepository(model)) {
- return model;
- }
- return null;
- } else {
+ if (user == null) {
+ user = UserModel.ANONYMOUS;
+ }
+ if (user.canView(model)) {
return model;
}
+ return null;
}
/**
@@ -1000,7 +1099,7 @@
if (model == null) {
return null;
}
- addToCachedRepositoryList(repositoryName, model);
+ addToCachedRepositoryList(model);
return model;
}
@@ -1022,7 +1121,7 @@
logger.info(MessageFormat.format("Config for \"{0}\" has changed. Reloading model and updating cache.", repositoryName));
model = loadRepositoryModel(repositoryName);
removeFromCachedRepositoryList(repositoryName);
- addToCachedRepositoryList(repositoryName, model);
+ addToCachedRepositoryList(model);
} else {
// update a few repository parameters
if (!model.hasCommits) {
@@ -1235,15 +1334,16 @@
return null;
}
RepositoryModel model = new RepositoryModel();
- model.name = repositoryName;
+ model.isBare = r.isBare();
+ File basePath = getFileOrFolder(Keys.git.repositoriesFolder, "git");
+ if (model.isBare) {
+ model.name = com.gitblit.utils.FileUtils.getRelativePath(basePath, r.getDirectory());
+ } else {
+ model.name = com.gitblit.utils.FileUtils.getRelativePath(basePath, r.getDirectory().getParentFile());
+ }
model.hasCommits = JGitUtils.hasCommits(r);
model.lastChange = JGitUtils.getLastChange(r);
- model.isBare = r.isBare();
- if (repositoryName.indexOf('/') == -1) {
- model.projectPath = "";
- } else {
- model.projectPath = repositoryName.substring(0, repositoryName.indexOf('/'));
- }
+ model.projectPath = StringUtils.getFirstPathElement(repositoryName);
StoredConfig config = r.getConfig();
boolean hasOrigin = !StringUtils.isEmpty(config.getString("remote", "origin", "url"));
@@ -1258,6 +1358,7 @@
"accessRestriction", settings.getString(Keys.git.defaultAccessRestriction, null)));
model.authorizationControl = AuthorizationControl.fromName(getConfig(config,
"authorizationControl", settings.getString(Keys.git.defaultAuthorizationControl, null)));
+ model.verifyCommitter = getConfig(config, "verifyCommitter", false);
model.showRemoteBranches = getConfig(config, "showRemoteBranches", hasOrigin);
model.isFrozen = getConfig(config, "isFrozen", false);
model.showReadme = getConfig(config, "showReadme", false);
@@ -1269,6 +1370,9 @@
Constants.CONFIG_GITBLIT, null, "federationSets")));
model.isFederated = getConfig(config, "isFederated", false);
model.origin = config.getString("remote", "origin", "url");
+ if (model.origin != null) {
+ model.origin = model.origin.replace('\\', '/');
+ }
model.preReceiveScripts = new ArrayList<String>(Arrays.asList(config.getStringList(
Constants.CONFIG_GITBLIT, null, "preReceiveScript")));
model.postReceiveScripts = new ArrayList<String>(Arrays.asList(config.getStringList(
@@ -1401,6 +1505,38 @@
// user does not have a fork
return null;
}
+
+ /**
+ * Returns the fork network for a repository by traversing up the fork graph
+ * to discover the root and then down through all children of the root node.
+ *
+ * @param repository
+ * @return a ForkModel
+ */
+ public ForkModel getForkNetwork(String repository) {
+ if (settings.getBoolean(Keys.git.cacheRepositoryList, true)) {
+ // find the root
+ RepositoryModel model = repositoryListCache.get(repository);
+ while (model.originRepository != null) {
+ model = repositoryListCache.get(model.originRepository);
+ }
+ ForkModel root = getForkModel(model.name);
+ return root;
+ }
+ return null;
+ }
+
+ private ForkModel getForkModel(String repository) {
+ RepositoryModel model = repositoryListCache.get(repository);
+ ForkModel fork = new ForkModel(model);
+ if (!ArrayUtils.isEmpty(model.forks)) {
+ for (String aFork : model.forks) {
+ ForkModel fm = getForkModel(aFork);
+ fork.forks.add(fm);
+ }
+ }
+ return fork;
+ }
/**
* Returns the size in bytes of the repository. Gitblit caches the
@@ -1429,6 +1565,11 @@
*/
private void closeRepository(String repositoryName) {
Repository repository = getRepository(repositoryName);
+ if (repository == null) {
+ return;
+ }
+ RepositoryCache.close(repository);
+
// assume 2 uses in case reflection fails
int uses = 2;
try {
@@ -1525,6 +1666,13 @@
public void updateRepositoryModel(String repositoryName, RepositoryModel repository,
boolean isCreate) throws GitBlitException {
Repository r = null;
+ String projectPath = StringUtils.getFirstPathElement(repository.name);
+ if (!StringUtils.isEmpty(projectPath)) {
+ if (projectPath.equalsIgnoreCase(getString(Keys.web.repositoryRootGroupName, "main"))) {
+ // strip leading group name
+ repository.name = repository.name.substring(projectPath.length() + 1);
+ }
+ }
if (isCreate) {
// ensure created repository name ends with .git
if (!repository.name.toLowerCase().endsWith(org.eclipse.jgit.lib.Constants.DOT_GIT_EXT)) {
@@ -1592,6 +1740,14 @@
rf.close();
}
}
+
+ // remove this repository from any origin model's fork list
+ if (!StringUtils.isEmpty(repository.originRepository)) {
+ RepositoryModel origin = repositoryListCache.get(repository.originRepository);
+ if (origin != null && !ArrayUtils.isEmpty(origin.forks)) {
+ origin.forks.remove(repositoryName);
+ }
+ }
// clear the cache
clearRepositoryMetadataCache(repositoryName);
@@ -1600,17 +1756,7 @@
// load repository
logger.info("edit repository " + repository.name);
- try {
- r = repositoryResolver.open(null, repository.name);
- } catch (RepositoryNotFoundException e) {
- logger.error("Repository not found", e);
- } catch (ServiceNotAuthorizedException e) {
- logger.error("Service not authorized", e);
- } catch (ServiceNotEnabledException e) {
- logger.error("Service not enabled", e);
- } catch (ServiceMayNotContinueException e) {
- logger.error("Service may not continue", e);
- }
+ r = getRepository(repository.name);
}
// update settings
@@ -1634,7 +1780,7 @@
// update repository cache
removeFromCachedRepositoryList(repositoryName);
// model will actually be replaced on next load because config is stale
- addToCachedRepositoryList(repository.name, repository);
+ addToCachedRepositoryList(repository);
}
/**
@@ -1654,6 +1800,7 @@
config.setBoolean(Constants.CONFIG_GITBLIT, null, "allowForks", repository.allowForks);
config.setString(Constants.CONFIG_GITBLIT, null, "accessRestriction", repository.accessRestriction.name());
config.setString(Constants.CONFIG_GITBLIT, null, "authorizationControl", repository.authorizationControl.name());
+ config.setBoolean(Constants.CONFIG_GITBLIT, null, "verifyCommitter", repository.verifyCommitter);
config.setBoolean(Constants.CONFIG_GITBLIT, null, "showRemoteBranches", repository.showRemoteBranches);
config.setBoolean(Constants.CONFIG_GITBLIT, null, "isFrozen", repository.isFrozen);
config.setBoolean(Constants.CONFIG_GITBLIT, null, "showReadme", repository.showReadme);
@@ -1729,7 +1876,7 @@
clearRepositoryMetadataCache(repositoryName);
RepositoryModel model = removeFromCachedRepositoryList(repositoryName);
- if (!ArrayUtils.isEmpty(model.forks)) {
+ if (model != null && !ArrayUtils.isEmpty(model.forks)) {
resetRepositoryListCache();
}
@@ -2381,10 +2528,11 @@
* Parse the properties file and aggregate all the comments by the setting
* key. A setting model tracks the current value, the default value, the
* description of the setting and and directives about the setting.
+ * @param referencePropertiesInputStream
*
* @return Map<String, SettingModel>
*/
- private ServerSettings loadSettingModels() {
+ private ServerSettings loadSettingModels(InputStream referencePropertiesInputStream) {
ServerSettings settingsModel = new ServerSettings();
settingsModel.supportsCredentialChanges = userService.supportsCredentialChanges();
settingsModel.supportsDisplayNameChanges = userService.supportsDisplayNameChanges();
@@ -2394,7 +2542,7 @@
// Read bundled Gitblit properties to extract setting descriptions.
// This copy is pristine and only used for populating the setting
// models map.
- InputStream is = servletContext.getResourceAsStream("/WEB-INF/reference.properties");
+ InputStream is = referencePropertiesInputStream;
BufferedReader propertiesReader = new BufferedReader(new InputStreamReader(is));
StringBuilder description = new StringBuilder();
SettingModel setting = new SettingModel();
@@ -2458,7 +2606,6 @@
this.settings = settings;
repositoriesFolder = getRepositoriesFolder();
logger.info("Git repositories folder " + repositoriesFolder.getAbsolutePath());
- repositoryResolver = new FileResolver<Void>(repositoriesFolder, true);
// calculate repository list settings checksum for future config changes
repositoryListSettingsChecksum.set(getRepositoryListSettingsChecksum());
@@ -2473,21 +2620,23 @@
logTimezone(Constants.NAME, getTimezone());
serverStatus = new ServerStatus(isGO());
- String realm = settings.getString(Keys.realm.userService, "users.properties");
- IUserService loginService = null;
- try {
- // check to see if this "file" is a login service class
- Class<?> realmClass = Class.forName(realm);
- loginService = (IUserService) realmClass.newInstance();
- } catch (Throwable t) {
- loginService = new GitblitUserService();
+
+ if (this.userService == null) {
+ String realm = settings.getString(Keys.realm.userService, "users.properties");
+ IUserService loginService = null;
+ try {
+ // check to see if this "file" is a login service class
+ Class<?> realmClass = Class.forName(realm);
+ loginService = (IUserService) realmClass.newInstance();
+ } catch (Throwable t) {
+ loginService = new GitblitUserService();
+ }
+ setUserService(loginService);
}
- setUserService(loginService);
// load and cache the project metadata
projectConfigs = new FileBasedConfig(getFileOrFolder(Keys.web.projectsFile, "projects.conf"), FS.detect());
getProjectConfigs();
-
mailExecutor = new MailExecutor(settings);
if (mailExecutor.isReady()) {
logger.info("Mail executor is scheduled to process the message queue every 2 minutes.");
@@ -2542,6 +2691,10 @@
*/
@Override
public void contextInitialized(ServletContextEvent contextEvent) {
+ contextInitialized(contextEvent, contextEvent.getServletContext().getResourceAsStream("/WEB-INF/reference.properties"));
+ }
+
+ public void contextInitialized(ServletContextEvent contextEvent, InputStream referencePropertiesInputStream) {
servletContext = contextEvent.getServletContext();
if (settings == null) {
// Gitblit WAR is running in a servlet container
@@ -2582,7 +2735,7 @@
}
}
- settingsModel = loadSettingModels();
+ settingsModel = loadSettingModels(referencePropertiesInputStream);
serverStatus.servletContainer = servletContext.getServerInfo();
}
@@ -2604,44 +2757,75 @@
*
* @param repository
* @param user
- * @return true, if successful
+ * @return the repository model of the fork, if successful
+ * @throws GitBlitException
*/
- public boolean fork(RepositoryModel repository, UserModel user) {
+ public RepositoryModel fork(RepositoryModel repository, UserModel user) throws GitBlitException {
String cloneName = MessageFormat.format("~{0}/{1}.git", user.username, StringUtils.stripDotGit(StringUtils.getLastPathElement(repository.name)));
String fromUrl = MessageFormat.format("file://{0}/{1}", repositoriesFolder.getAbsolutePath(), repository.name);
+
+ // clone the repository
try {
- // clone the repository
JGitUtils.cloneRepository(repositoriesFolder, cloneName, fromUrl, true, null);
-
- // create a Gitblit repository model for the clone
- RepositoryModel cloneModel = repository.cloneAs(cloneName);
- cloneModel.owner = user.username;
- updateRepositoryModel(cloneName, cloneModel, false);
-
- if (AuthorizationControl.NAMED.equals(cloneModel.authorizationControl)) {
- // add the owner of the source repository to the clone's access list
- if (!StringUtils.isEmpty(repository.owner)) {
- UserModel owner = getUserModel(repository.owner);
- if (owner != null) {
- owner.repositories.add(cloneName);
- updateUserModel(owner.username, owner, false);
- }
- }
-
- // inherit origin's access lists
- List<String> users = getRepositoryUsers(repository);
- setRepositoryUsers(cloneModel, users);
-
- List<String> teams = getRepositoryTeams(repository);
- setRepositoryTeams(cloneModel, teams);
- }
-
- // add this clone to the cached model
- addToCachedRepositoryList(cloneModel.name, cloneModel);
- return true;
} catch (Exception e) {
- logger.error("failed to fork", e);
+ throw new GitBlitException(e);
}
- return false;
+
+ // create a Gitblit repository model for the clone
+ RepositoryModel cloneModel = repository.cloneAs(cloneName);
+ // owner has REWIND/RW+ permissions
+ cloneModel.owner = user.username;
+ updateRepositoryModel(cloneName, cloneModel, false);
+
+ // add the owner of the source repository to the clone's access list
+ if (!StringUtils.isEmpty(repository.owner)) {
+ UserModel originOwner = getUserModel(repository.owner);
+ if (originOwner != null) {
+ originOwner.setRepositoryPermission(cloneName, AccessPermission.CLONE);
+ updateUserModel(originOwner.username, originOwner, false);
+ }
+ }
+
+ // grant origin's user list clone permission to fork
+ List<String> users = getRepositoryUsers(repository);
+ List<UserModel> cloneUsers = new ArrayList<UserModel>();
+ for (String name : users) {
+ if (!name.equalsIgnoreCase(user.username)) {
+ UserModel cloneUser = getUserModel(name);
+ if (cloneUser.canClone(repository)) {
+ // origin user can clone origin, grant clone access to fork
+ cloneUser.setRepositoryPermission(cloneName, AccessPermission.CLONE);
+ }
+ cloneUsers.add(cloneUser);
+ }
+ }
+ userService.updateUserModels(cloneUsers);
+
+ // grant origin's team list clone permission to fork
+ List<String> teams = getRepositoryTeams(repository);
+ List<TeamModel> cloneTeams = new ArrayList<TeamModel>();
+ for (String name : teams) {
+ TeamModel cloneTeam = getTeamModel(name);
+ if (cloneTeam.canClone(repository)) {
+ // origin team can clone origin, grant clone access to fork
+ cloneTeam.setRepositoryPermission(cloneName, AccessPermission.CLONE);
+ }
+ cloneTeams.add(cloneTeam);
+ }
+ userService.updateTeamModels(cloneTeams);
+
+ // add this clone to the cached model
+ addToCachedRepositoryList(cloneModel);
+ return cloneModel;
+ }
+
+ /**
+ * Allow to understand if GitBlit supports and is configured to allow
+ * cookie-based authentication.
+ *
+ * @return status of Cookie authentication enablement.
+ */
+ public boolean allowCookieAuthentication() {
+ return GitBlit.getBoolean(Keys.web.allowCookieAuthentication, true) && userService.supportsCookies();
}
}
--
Gitblit v1.9.1