From a2ce62e1f360e9cdb2221cfa3b091c02bda857eb Mon Sep 17 00:00:00 2001
From: Laurens Vrijnsen <laurens.vrijnsen@sioux.eu>
Date: Fri, 22 Mar 2013 07:36:52 -0400
Subject: [PATCH] Added enforced HTTP Basic Authentication

---
 src/com/gitblit/FileUserService.java |   40 ++++++++++++++++++++++++++++++++++------
 1 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/src/com/gitblit/FileUserService.java b/src/com/gitblit/FileUserService.java
index c06266d..32c24cc 100644
--- a/src/com/gitblit/FileUserService.java
+++ b/src/com/gitblit/FileUserService.java
@@ -20,6 +20,7 @@
 import java.io.IOException;
 import java.text.MessageFormat;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -270,12 +271,12 @@
 	/**
 	 * Updates/writes all specified user objects.
 	 * 
-	 * @param model a list of user models
+	 * @param models a list of user models
 	 * @return true if update is successful
 	 * @since 1.2.0
 	 */
 	@Override
-	public boolean updateUserModels(List<UserModel> models) {
+	public boolean updateUserModels(Collection<UserModel> models) {
 		try {			
 			Properties allUsers = read();
 			for (UserModel model : models) {
@@ -329,8 +330,7 @@
 			UserModel oldUser = getUserModel(username);
 			List<String> roles;
 			if (model.permissions == null) {
-				// legacy, use repository list
-				roles = new ArrayList<String>(model.repositories);
+				roles = new ArrayList<String>();
 			} else {
 				// discrete repository permissions
 				roles = new ArrayList<String>();
@@ -780,10 +780,27 @@
 						} else if (role.charAt(0) == '%') {
 							postReceive.add(role.substring(1));
 						} else {
+							switch (role.charAt(0)) {
+							case '#':
+								// Permissions
+								if (role.equalsIgnoreCase(Constants.ADMIN_ROLE)) {
+									team.canAdmin = true;
+								} else if (role.equalsIgnoreCase(Constants.FORK_ROLE)) {
+									team.canFork = true;
+								} else if (role.equalsIgnoreCase(Constants.CREATE_ROLE)) {
+									team.canCreate = true;
+								}
+								break;
+							default:
+								repositories.add(role);
+							}
 							repositories.add(role);
 						}
 					}
-					team.addRepositoryPermissions(repositories);
+					if (!team.canAdmin) {
+						// only read permissions for non-admin teams
+						team.addRepositoryPermissions(repositories);
+					}
 					team.addUsers(users);
 					team.addMailingLists(mailingLists);
 					team.preReceiveScripts.addAll(preReceive);
@@ -981,7 +998,7 @@
 	 * @return true if update is successful
 	 * @since 1.2.0
 	 */
-	public boolean updateTeamModels(List<TeamModel> models) {
+	public boolean updateTeamModels(Collection<TeamModel> models) {
 		try {
 			Properties allUsers = read();
 			for (TeamModel model : models) {
@@ -1040,6 +1057,17 @@
 			}
 		}
 		
+		// Permissions
+		if (model.canAdmin) {
+			roles.add(Constants.ADMIN_ROLE);
+		}
+		if (model.canFork) {
+			roles.add(Constants.FORK_ROLE);
+		}
+		if (model.canCreate) {
+			roles.add(Constants.CREATE_ROLE);
+		}
+
 		for (String role : roles) {
 				sb.append(role);
 				sb.append(',');

--
Gitblit v1.9.1