From adef42eefc08541f0433147441c2f2d575ac134f Mon Sep 17 00:00:00 2001
From: Lukasz Jader <ljaderdev@gmail.com>
Date: Sat, 14 Jul 2012 08:01:52 -0400
Subject: [PATCH] Add polish variants of welcome.mkd, login.mkd and EmptyRepositoryPage

---
 src/com/gitblit/AccessRestrictionFilter.java |   22 ++++++++++++++++++++--
 1 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java
index a8d50b8..aeb6835 100644
--- a/src/com/gitblit/AccessRestrictionFilter.java
+++ b/src/com/gitblit/AccessRestrictionFilter.java
@@ -62,12 +62,22 @@
 	protected abstract String getUrlRequestAction(String url);
 
 	/**
+	 * Determine if the action may be executed on the repository.
+	 * 
+	 * @param repository
+	 * @param action
+	 * @return true if the action may be performed
+	 */
+	protected abstract boolean isActionAllowed(RepositoryModel repository, String action);
+
+	/**
 	 * Determine if the repository requires authentication.
 	 * 
 	 * @param repository
+	 * @param action
 	 * @return true if authentication required
 	 */
-	protected abstract boolean requiresAuthentication(RepositoryModel repository);
+	protected abstract boolean requiresAuthentication(RepositoryModel repository, String action);
 
 	/**
 	 * Determine if the user can access the repository and perform the specified
@@ -110,6 +120,14 @@
 			httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND);
 			return;
 		}
+		
+		// Confirm that the action may be executed on the repository
+		if (!isActionAllowed(model, urlRequestType)) {
+			logger.info(MessageFormat.format("ARF: action {0} on {1} forbidden ({2})",
+					urlRequestType, model, HttpServletResponse.SC_FORBIDDEN));
+			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+			return;
+		}
 
 		// Wrap the HttpServletRequest with the AccessRestrictionRequest which
 		// overrides the servlet container user principal methods.
@@ -127,7 +145,7 @@
 		}
 
 		// BASIC authentication challenge and response processing
-		if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model)) {
+		if (!StringUtils.isEmpty(urlRequestType) && requiresAuthentication(model, urlRequestType)) {
 			if (user == null) {
 				// challenge client to provide credentials. send 401.
 				if (GitBlit.isDebugMode()) {

--
Gitblit v1.9.1