From a66312f3d4bb9f1f6aad5ed66d2082057c99f519 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 12 Mar 2014 17:21:12 -0400
Subject: [PATCH] Tweak the receive pack push permission check to be a method
---
src/main/java/com/gitblit/git/GitblitReceivePack.java | 28 +++++++++++++++++++++++++++-
1 files changed, 27 insertions(+), 1 deletions(-)
diff --git a/src/main/java/com/gitblit/git/GitblitReceivePack.java b/src/main/java/com/gitblit/git/GitblitReceivePack.java
index e3e2fae..73da3d3 100644
--- a/src/main/java/com/gitblit/git/GitblitReceivePack.java
+++ b/src/main/java/com/gitblit/git/GitblitReceivePack.java
@@ -124,6 +124,32 @@
}
/**
+ * Returns true if the user is permitted to apply the receive commands to
+ * the repository.
+ *
+ * @param commands
+ * @return true if the user may push these commands
+ */
+ protected boolean canPush(Collection<ReceiveCommand> commands) {
+ // TODO Consider supporting branch permissions here (issue-36)
+ // Not sure if that should be Gerrit-style, refs/meta/config, or
+ // gitolite-style, permissions in users.conf
+ //
+ // How could commands be empty?
+ //
+ // Because a subclass, like PatchsetReceivePack, filters receive
+ // commands before this method is called. This makes it possible for
+ // this method to test an empty list. In this case, we assume that the
+ // subclass receive pack properly enforces push restrictions. for the
+ // ref.
+ //
+ // The empty test is not explicitly required, it's written here to
+ // clarify special-case behavior.
+
+ return commands.isEmpty() ? true : user.canPush(repository);
+ }
+
+ /**
* Instrumentation point where the incoming push event has been parsed,
* validated, objects created BUT refs have not been updated. You might
* use this to enforce a branch-write permissions model.
@@ -155,7 +181,7 @@
return;
}
- if (!user.canPush(repository)) {
+ if (!canPush(commands)) {
// user does not have push permissions
for (ReceiveCommand cmd : commands) {
sendRejection(cmd, "User \"{0}\" does not have push permissions for \"{1}\"!", user.username, repository.name);
--
Gitblit v1.9.1