From b0c67c0db4b21da069e1c038542afc1764c816b0 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 26 Feb 2015 11:16:54 -0500
Subject: [PATCH] Merge branch 'ticket/242' into develop

---
 src/main/java/com/gitblit/wicket/pages/PatchPage.java |   21 +++++++++++++++++----
 1 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/PatchPage.java b/src/main/java/com/gitblit/wicket/pages/PatchPage.java
index ece4136..bd904e1 100644
--- a/src/main/java/com/gitblit/wicket/pages/PatchPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/PatchPage.java
@@ -20,6 +20,8 @@
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.revwalk.RevCommit;
 
+import com.gitblit.models.RepositoryModel;
+import com.gitblit.models.UserModel;
 import com.gitblit.utils.DiffUtils;
 import com.gitblit.utils.JGitUtils;
 import com.gitblit.utils.StringUtils;
@@ -31,13 +33,12 @@
 @CacheControl(LastModified.BOOT)
 public class PatchPage extends SessionPage {
 
-	public PatchPage(PageParameters params) {
+	public PatchPage(final PageParameters params) {
 		super(params);
 
 		if (!params.containsKey("r")) {
-			GitBlitWebSession.get().cacheErrorMessage(getString("gb.repositoryNotSpecified"));
+			error(getString("gb.repositoryNotSpecified"));
 			redirectToInterceptPage(new RepositoriesPage());
-			return;
 		}
 
 		final String repositoryName = WicketUtils.getRepositoryName(params);
@@ -45,9 +46,20 @@
 		final String objectId = WicketUtils.getObject(params);
 		final String blobPath = WicketUtils.getPath(params);
 
+		GitBlitWebSession session = GitBlitWebSession.get();
+		UserModel user = session.getUser();
+
+		RepositoryModel model = app().repositories().getRepositoryModel(user, repositoryName);
+		if (model == null) {
+			// user does not have permission
+			error(getString("gb.canNotLoadRepository") + " " + repositoryName);
+			redirectToInterceptPage(new RepositoriesPage());
+			return;
+		}
+
 		Repository r = app().repositories().getRepository(repositoryName);
 		if (r == null) {
-			GitBlitWebSession.get().cacheErrorMessage(getString("gb.canNotLoadRepository") + " " + repositoryName);
+			error(getString("gb.canNotLoadRepository") + " " + repositoryName);
 			redirectToInterceptPage(new RepositoriesPage());
 			return;
 		}
@@ -67,4 +79,5 @@
 		add(new Label("patchText", patch));
 		r.close();
 	}
+
 }

--
Gitblit v1.9.1