From 717267cdf6fff130865c194dc33620ac1cd10a51 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 31 Oct 2012 08:50:20 -0400
Subject: [PATCH] Reject add if permission selector has not been set
---
src/com/gitblit/GitBlit.java | 212 +++++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 189 insertions(+), 23 deletions(-)
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index ce556b6..e9b5e73 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -28,6 +28,7 @@
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
@@ -78,6 +79,7 @@
import com.gitblit.Constants.FederationRequest;
import com.gitblit.Constants.FederationStrategy;
import com.gitblit.Constants.FederationToken;
+import com.gitblit.Constants.PermissionType;
import com.gitblit.Constants.RegistrantType;
import com.gitblit.models.FederationModel;
import com.gitblit.models.FederationProposal;
@@ -103,6 +105,7 @@
import com.gitblit.utils.MetricUtils;
import com.gitblit.utils.ObjectCache;
import com.gitblit.utils.StringUtils;
+import com.gitblit.utils.TimeUtils;
import com.gitblit.wicket.WicketUtils;
/**
@@ -159,6 +162,8 @@
private MailExecutor mailExecutor;
private LuceneExecutor luceneExecutor;
+
+ private GCExecutor gcExecutor;
private TimeZone timezone;
@@ -250,6 +255,34 @@
*/
public static int getInteger(String key, int defaultValue) {
return self().settings.getInteger(key, defaultValue);
+ }
+
+ /**
+ * Returns the value in bytes for the specified key. If the key does not
+ * exist or the value for the key can not be interpreted as an integer, the
+ * defaultValue is returned.
+ *
+ * @see IStoredSettings.getFilesize(String key, int defaultValue)
+ * @param key
+ * @param defaultValue
+ * @return key value or defaultValue
+ */
+ public static int getFilesize(String key, int defaultValue) {
+ return self().settings.getFilesize(key, defaultValue);
+ }
+
+ /**
+ * Returns the value in bytes for the specified key. If the key does not
+ * exist or the value for the key can not be interpreted as a long, the
+ * defaultValue is returned.
+ *
+ * @see IStoredSettings.getFilesize(String key, long defaultValue)
+ * @param key
+ * @param defaultValue
+ * @return key value or defaultValue
+ */
+ public static long getFilesize(String key, long defaultValue) {
+ return self().settings.getFilesize(key, defaultValue);
}
/**
@@ -638,12 +671,35 @@
* @return a list of User-AccessPermission tuples
*/
public List<RegistrantAccessPermission> getUserAccessPermissions(RepositoryModel repository) {
- List<RegistrantAccessPermission> permissions = new ArrayList<RegistrantAccessPermission>();
- for (String user : userService.getUsernamesForRepositoryRole(repository.name)) {
- AccessPermission ap = userService.getUserModel(user).getRepositoryPermission(repository);
- permissions.add(new RegistrantAccessPermission(user, ap, RegistrantType.USER));
+ Set<RegistrantAccessPermission> permissions = new LinkedHashSet<RegistrantAccessPermission>();
+ if (!StringUtils.isEmpty(repository.owner)) {
+ UserModel owner = userService.getUserModel(repository.owner);
+ if (owner != null) {
+ permissions.add(new RegistrantAccessPermission(owner.username, AccessPermission.REWIND, PermissionType.OWNER, RegistrantType.USER, false));
+ }
}
- return permissions;
+ if (repository.isPersonalRepository()) {
+ UserModel owner = userService.getUserModel(repository.projectPath.substring(1));
+ if (owner != null) {
+ permissions.add(new RegistrantAccessPermission(owner.username, AccessPermission.REWIND, PermissionType.OWNER, RegistrantType.USER, false));
+ }
+ }
+ for (String user : userService.getUsernamesForRepositoryRole(repository.name)) {
+ UserModel model = userService.getUserModel(user);
+ AccessPermission ap = model.getRepositoryPermission(repository);
+ PermissionType pType = PermissionType.REGEX;
+ boolean editable = false;
+ if (repository.isOwner(model.username)) {
+ pType = PermissionType.OWNER;
+ } else if (repository.isUsersPersonalRepository(model.username)) {
+ pType = PermissionType.OWNER;
+ } else if (model.hasExplicitRepositoryPermission(repository.name)) {
+ pType = PermissionType.EXPLICIT;
+ editable = true;
+ }
+ permissions.add(new RegistrantAccessPermission(user, ap, pType, RegistrantType.USER, editable));
+ }
+ return new ArrayList<RegistrantAccessPermission>(permissions);
}
/**
@@ -656,9 +712,12 @@
public boolean setUserAccessPermissions(RepositoryModel repository, Collection<RegistrantAccessPermission> permissions) {
List<UserModel> users = new ArrayList<UserModel>();
for (RegistrantAccessPermission up : permissions) {
- UserModel user = userService.getUserModel(up.registrant);
- user.setRepositoryPermission(repository.name, up.permission);
- users.add(user);
+ if (up.isEditable) {
+ // only set editable defined permissions
+ UserModel user = userService.getUserModel(up.registrant);
+ user.setRepositoryPermission(repository.name, up.permission);
+ users.add(user);
+ }
}
return userService.updateUserModels(users);
}
@@ -772,8 +831,15 @@
public List<RegistrantAccessPermission> getTeamAccessPermissions(RepositoryModel repository) {
List<RegistrantAccessPermission> permissions = new ArrayList<RegistrantAccessPermission>();
for (String team : userService.getTeamnamesForRepositoryRole(repository.name)) {
- AccessPermission ap = userService.getTeamModel(team).getRepositoryPermission(repository);
- permissions.add(new RegistrantAccessPermission(team, ap, RegistrantType.TEAM));
+ TeamModel model = userService.getTeamModel(team);
+ AccessPermission ap = model.getRepositoryPermission(repository);
+ PermissionType pType = PermissionType.REGEX;
+ boolean editable = false;
+ if (model.hasExplicitRepositoryPermission(repository.name)) {
+ pType = PermissionType.EXPLICIT;
+ editable = true;
+ }
+ permissions.add(new RegistrantAccessPermission(team, ap, pType, RegistrantType.TEAM, editable));
}
return permissions;
}
@@ -788,9 +854,12 @@
public boolean setTeamAccessPermissions(RepositoryModel repository, Collection<RegistrantAccessPermission> permissions) {
List<TeamModel> teams = new ArrayList<TeamModel>();
for (RegistrantAccessPermission tp : permissions) {
- TeamModel team = userService.getTeamModel(tp.registrant);
- team.setRepositoryPermission(repository.name, tp.permission);
- teams.add(team);
+ if (tp.isEditable) {
+ // only set explicitly defined access permissions
+ TeamModel team = userService.getTeamModel(tp.registrant);
+ team.setRepositoryPermission(repository.name, tp.permission);
+ teams.add(team);
+ }
}
return userService.updateTeamModels(teams);
}
@@ -979,6 +1048,16 @@
}
}
+ // rebuild fork networks
+ for (RepositoryModel model : repositoryListCache.values()) {
+ if (!StringUtils.isEmpty(model.originRepository)) {
+ if (repositoryListCache.containsKey(model.originRepository)) {
+ RepositoryModel origin = repositoryListCache.get(model.originRepository);
+ origin.addFork(model.name);
+ }
+ }
+ }
+
long duration = System.currentTimeMillis() - startTime;
logger.info(MessageFormat.format(msg, repositoryListCache.size(), duration));
}
@@ -1008,10 +1087,15 @@
* @return repository or null
*/
public Repository getRepository(String repositoryName, boolean logError) {
+ if (isCollectingGarbage(repositoryName)) {
+ logger.warn(MessageFormat.format("Rejecting request for {0}, busy collecting garbage!", repositoryName));
+ return null;
+ }
+
File dir = FileKey.resolve(new File(repositoriesFolder, repositoryName), FS.DETECTED);
if (dir == null)
return null;
-
+
Repository r = null;
try {
FileKey key = FileKey.exact(dir, FS.DETECTED);
@@ -1105,7 +1189,14 @@
// cached model
RepositoryModel model = repositoryListCache.get(repositoryName);
-
+
+ if (gcExecutor.isCollectingGarbage(model.name)) {
+ // Gitblit is busy collecting garbage, use our cached model
+ RepositoryModel rm = DeepCopier.copy(model);
+ rm.isCollectingGarbage = true;
+ return rm;
+ }
+
// check for updates
Repository r = getRepository(repositoryName);
if (r == null) {
@@ -1170,12 +1261,6 @@
}
project.title = projectConfigs.getString("project", name, "title");
project.description = projectConfigs.getString("project", name, "description");
- // TODO add more interesting metadata
- // project manager?
- // commit message regex?
- // RW+
- // RW
- // R
configs.put(name.toLowerCase(), project);
}
projectCache.clear();
@@ -1369,6 +1454,13 @@
model.federationSets = new ArrayList<String>(Arrays.asList(config.getStringList(
Constants.CONFIG_GITBLIT, null, "federationSets")));
model.isFederated = getConfig(config, "isFederated", false);
+ model.gcThreshold = getConfig(config, "gcThreshold", settings.getString(Keys.git.defaultGarbageCollectionThreshold, "500KB"));
+ model.gcPeriod = getConfig(config, "gcPeriod", settings.getInteger(Keys.git.defaultGarbageCollectionPeriod, 7));
+ try {
+ model.lastGC = new SimpleDateFormat(Constants.ISO8601).parse(getConfig(config, "lastGC", "1970-01-01'T'00:00:00Z"));
+ } catch (Exception e) {
+ model.lastGC = new Date(0);
+ }
model.origin = config.getString("remote", "origin", "url");
if (model.origin != null) {
model.origin = model.origin.replace('\\', '/');
@@ -1648,6 +1740,27 @@
private boolean getConfig(StoredConfig config, String field, boolean defaultValue) {
return config.getBoolean(Constants.CONFIG_GITBLIT, field, defaultValue);
}
+
+ /**
+ * Returns the gitblit string value for the specified key. If key is not
+ * set, returns defaultValue.
+ *
+ * @param config
+ * @param field
+ * @param defaultValue
+ * @return field value or defaultValue
+ */
+ private int getConfig(StoredConfig config, String field, int defaultValue) {
+ String value = config.getString(Constants.CONFIG_GITBLIT, null, field);
+ if (StringUtils.isEmpty(value)) {
+ return defaultValue;
+ }
+ try {
+ return Integer.parseInt(value);
+ } catch (Exception e) {
+ }
+ return defaultValue;
+ }
/**
* Creates/updates the repository model keyed by reopsitoryName. Saves all
@@ -1665,6 +1778,10 @@
*/
public void updateRepositoryModel(String repositoryName, RepositoryModel repository,
boolean isCreate) throws GitBlitException {
+ if (gcExecutor.isCollectingGarbage(repositoryName)) {
+ throw new GitBlitException(MessageFormat.format("sorry, Gitblit is busy collecting garbage in {0}",
+ repositoryName));
+ }
Repository r = null;
String projectPath = StringUtils.getFirstPathElement(repository.name);
if (!StringUtils.isEmpty(projectPath)) {
@@ -1809,6 +1926,11 @@
config.setString(Constants.CONFIG_GITBLIT, null, "federationStrategy",
repository.federationStrategy.name());
config.setBoolean(Constants.CONFIG_GITBLIT, null, "isFederated", repository.isFederated);
+ config.setString(Constants.CONFIG_GITBLIT, null, "gcThreshold", repository.gcThreshold);
+ config.setInt(Constants.CONFIG_GITBLIT, null, "gcPeriod", repository.gcPeriod);
+ if (repository.lastGC != null) {
+ config.setString(Constants.CONFIG_GITBLIT, null, "lastGC", new SimpleDateFormat(Constants.ISO8601).format(repository.lastGC));
+ }
updateList(config, "federationSets", repository.federationSets);
updateList(config, "preReceiveScript", repository.preReceiveScripts);
@@ -2604,6 +2726,12 @@
public void configureContext(IStoredSettings settings, boolean startFederation) {
logger.info("Reading configuration from " + settings.toString());
this.settings = settings;
+
+ // prepare service executors
+ mailExecutor = new MailExecutor(settings);
+ luceneExecutor = new LuceneExecutor(settings, repositoriesFolder);
+ gcExecutor = new GCExecutor(settings);
+
repositoriesFolder = getRepositoriesFolder();
logger.info("Git repositories folder " + repositoriesFolder.getAbsolutePath());
@@ -2637,16 +2765,43 @@
// load and cache the project metadata
projectConfigs = new FileBasedConfig(getFileOrFolder(Keys.web.projectsFile, "projects.conf"), FS.detect());
getProjectConfigs();
- mailExecutor = new MailExecutor(settings);
+
+ // schedule mail engine
if (mailExecutor.isReady()) {
logger.info("Mail executor is scheduled to process the message queue every 2 minutes.");
scheduledExecutor.scheduleAtFixedRate(mailExecutor, 1, 2, TimeUnit.MINUTES);
} else {
logger.warn("Mail server is not properly configured. Mail services disabled.");
}
- luceneExecutor = new LuceneExecutor(settings, repositoriesFolder);
+
+ // schedule lucene engine
logger.info("Lucene executor is scheduled to process indexed branches every 2 minutes.");
scheduledExecutor.scheduleAtFixedRate(luceneExecutor, 1, 2, TimeUnit.MINUTES);
+
+ // schedule gc engine
+ if (gcExecutor.isReady()) {
+ logger.info("GC executor is scheduled to scan repositories every 24 hours.");
+ Calendar c = Calendar.getInstance();
+ c.set(Calendar.HOUR_OF_DAY, settings.getInteger(Keys.git.garbageCollectionHour, 0));
+ c.set(Calendar.MINUTE, 0);
+ c.set(Calendar.SECOND, 0);
+ c.set(Calendar.MILLISECOND, 0);
+ Date cd = c.getTime();
+ Date now = new Date();
+ int delay = 0;
+ if (cd.before(now)) {
+ c.add(Calendar.DATE, 1);
+ cd = c.getTime();
+ }
+ delay = (int) ((cd.getTime() - now.getTime())/TimeUtils.MIN);
+ String when = delay + " mins";
+ if (delay > 60) {
+ when = MessageFormat.format("{0,number,0.0} hours", ((float)delay)/60f);
+ }
+ logger.info(MessageFormat.format("Next scheculed GC scan is in {0}", when));
+ scheduledExecutor.scheduleAtFixedRate(gcExecutor, delay, 60*24, TimeUnit.MINUTES);
+ }
+
if (startFederation) {
configureFederation();
}
@@ -2748,9 +2903,20 @@
logger.info("Gitblit context destroyed by servlet container.");
scheduledExecutor.shutdownNow();
luceneExecutor.close();
+ gcExecutor.close();
}
/**
+ * Returns true if Gitblit is actively collecting garbage in this repository.
+ *
+ * @param repositoryName
+ * @return true if actively collecting garbage
+ */
+ public boolean isCollectingGarbage(String repositoryName) {
+ return gcExecutor.isCollectingGarbage(repositoryName);
+ }
+
+ /**
* Creates a personal fork of the specified repository. The clone is view
* restricted by default and the owner of the source repository is given
* access to the clone.
--
Gitblit v1.9.1