From 5e88265c36b93f63a68bcafb373434a9fbbaa42e Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 19 Oct 2012 22:47:34 -0400
Subject: [PATCH] Construct access permissions from already retrieved data

---
 src/com/gitblit/wicket/pages/RepositoryPage.java |   29 ++++++++++++++++++++++++-----
 1 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/RepositoryPage.java b/src/com/gitblit/wicket/pages/RepositoryPage.java
index 879c432..bacf233 100644
--- a/src/com/gitblit/wicket/pages/RepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/RepositoryPage.java
@@ -48,6 +48,7 @@
 import com.gitblit.PagesServlet;
 import com.gitblit.SyndicationServlet;
 import com.gitblit.models.ProjectModel;
+import com.gitblit.models.RefModel;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.SubmoduleModel;
 import com.gitblit.models.UserModel;
@@ -91,6 +92,21 @@
 		}
 		objectId = WicketUtils.getObject(params);
 		
+		if (objectId != null) {
+			RefModel branch = null;
+			if ((branch = JGitUtils.getBranch(getRepository(), objectId)) != null) {
+				UserModel user = GitBlitWebSession.get().getUser();
+				if (user == null) {
+					// workaround until get().getUser() is reviewed throughout the app
+					user = UserModel.ANONYMOUS;
+				}
+				boolean canAccess = user.hasBranchPermission(repositoryName,
+								branch.reference.getName());
+				if (!canAccess) {
+					error("Access denied", true);
+				}
+			}
+		}
 		if (StringUtils.isEmpty(repositoryName)) {
 			error(MessageFormat.format(getString("gb.repositoryNotSpecifiedFor"), getPageName()), true);
 		}
@@ -196,6 +212,9 @@
 		add(new Label("pageName", pageName).setRenderBodyOnly(true));
 		
 		UserModel user = GitBlitWebSession.get().getUser();
+		if (user == null) {
+			user = UserModel.ANONYMOUS;
+		}
 
 		// indicate origin repository
 		RepositoryModel model = getRepositoryModel();
@@ -206,7 +225,7 @@
 			if (origin == null) {
 				// no origin repository
 				add(new Label("originRepository").setVisible(false));
-			} else if (!user.canViewRepository(origin)) {
+			} else if (!user.canView(origin)) {
 				// show origin repository without link
 				Fragment forkFrag = new Fragment("originRepository", "originFragment", this);
 				forkFrag.add(new Label("originRepository", StringUtils.stripDotGit(model.originRepository)));
@@ -231,7 +250,7 @@
 		}
 
 		// fork controls
-		if (!allowForkControls() || user == null) {
+		if (!allowForkControls() || user == null || !user.isAuthenticated) {
 			// must be logged-in to fork, hide all fork controls
 			add(new ExternalLink("forkLink", "").setVisible(false));
 			add(new ExternalLink("myForkLink", "").setVisible(false));
@@ -239,13 +258,13 @@
 		} else {
 			String fork = GitBlit.self().getFork(user.username, model.name);
 			boolean hasFork = fork != null;
-			boolean canFork = user.canForkRepository(model);
+			boolean canFork = user.canFork(model);
 
 			if (hasFork || !canFork) {
 				// user not allowed to fork or fork already exists or repo forbids forking
 				add(new ExternalLink("forkLink", "").setVisible(false));
 				
-				if (user.canFork && !model.allowForks) {
+				if (user.canFork() && !model.allowForks) {
 					// show forks prohibited indicator
 					Fragment wc = new Fragment("forksProhibitedIndicator", "forksProhibitedFragment", this);
 					Label lbl = new Label("forksProhibited", getString("gb.forksProhibited"));
@@ -573,4 +592,4 @@
 			getRequestCycle().setRequestTarget(new RedirectRequestTarget(absoluteUrl));
 		}
 	}
-}
\ No newline at end of file
+}

--
Gitblit v1.9.1