From b701ed7c4e138c4aaa3acb029f6e35fdf01388e4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 01 Nov 2012 17:32:13 -0400
Subject: [PATCH] Ignore permission definitions for admins, it just confuses things

---
 src/com/gitblit/ConfigUserService.java |   53 +++++++++++++++-----------
 src/com/gitblit/models/TeamModel.java  |    4 ++
 src/com/gitblit/models/UserModel.java  |   17 +++++---
 src/com/gitblit/FileUserService.java   |    5 ++
 4 files changed, 49 insertions(+), 30 deletions(-)

diff --git a/src/com/gitblit/ConfigUserService.java b/src/com/gitblit/ConfigUserService.java
index 015cef7..9ad805b 100644
--- a/src/com/gitblit/ConfigUserService.java
+++ b/src/com/gitblit/ConfigUserService.java
@@ -841,7 +841,7 @@
 			config.setStringList(USER, model.username, ROLE, roles);
 
 			// discrete repository permissions
-			if (model.permissions != null) {
+			if (model.permissions != null && !model.canAdmin) {
 				List<String> permissions = new ArrayList<String>();
 				for (Map.Entry<String, AccessPermission> entry : model.permissions.entrySet()) {
 					if (entry.getValue().exceeds(AccessPermission.NONE)) {
@@ -872,23 +872,26 @@
 			}
 			config.setStringList(TEAM, model.name, ROLE, roles);
 			
-			if (model.permissions == null) {
-				// null check on "final" repositories because JSON-sourced TeamModel
-				// can have a null repositories object
-				if (!ArrayUtils.isEmpty(model.repositories)) {
-					config.setStringList(TEAM, model.name, REPOSITORY, new ArrayList<String>(
-							model.repositories));
-				}
-			} else {
-				// discrete repository permissions
-				List<String> permissions = new ArrayList<String>();
-				for (Map.Entry<String, AccessPermission> entry : model.permissions.entrySet()) {
-					if (entry.getValue().exceeds(AccessPermission.NONE)) {
-						// code:repository (e.g. RW+:~james/myrepo.git
-						permissions.add(entry.getValue().asRole(entry.getKey()));
+			if (!model.canAdmin) {
+				// write team permission for non-admin teams
+				if (model.permissions == null) {
+					// null check on "final" repositories because JSON-sourced TeamModel
+					// can have a null repositories object
+					if (!ArrayUtils.isEmpty(model.repositories)) {
+						config.setStringList(TEAM, model.name, REPOSITORY, new ArrayList<String>(
+								model.repositories));
 					}
+				} else {
+					// discrete repository permissions
+					List<String> permissions = new ArrayList<String>();
+					for (Map.Entry<String, AccessPermission> entry : model.permissions.entrySet()) {
+						if (entry.getValue().exceeds(AccessPermission.NONE)) {
+							// code:repository (e.g. RW+:~james/myrepo.git
+							permissions.add(entry.getValue().asRole(entry.getKey()));
+						}
+					}
+					config.setStringList(TEAM, model.name, REPOSITORY, permissions);
 				}
-				config.setStringList(TEAM, model.name, REPOSITORY, permissions);
 			}
 
 			// null check on "final" users because JSON-sourced TeamModel
@@ -975,10 +978,13 @@
 					user.excludeFromFederation = roles.contains(Constants.NOT_FEDERATED_ROLE);
 
 					// repository memberships
-					Set<String> repositories = new HashSet<String>(Arrays.asList(config
-							.getStringList(USER, username, REPOSITORY)));
-					for (String repository : repositories) {
-						user.addRepositoryPermission(repository);
+					if (!user.canAdmin) {
+						// non-admin, read permissions
+						Set<String> repositories = new HashSet<String>(Arrays.asList(config
+								.getStringList(USER, username, REPOSITORY)));
+						for (String repository : repositories) {
+							user.addRepositoryPermission(repository);
+						}
 					}
 
 					// update cache
@@ -998,8 +1004,11 @@
 					team.canFork = roles.contains(Constants.FORK_ROLE);
 					team.canCreate = roles.contains(Constants.CREATE_ROLE);
 					
-					team.addRepositoryPermissions(Arrays.asList(config.getStringList(TEAM, teamname,
-							REPOSITORY)));
+					if (!team.canAdmin) {
+						// non-admin team, read permissions
+						team.addRepositoryPermissions(Arrays.asList(config.getStringList(TEAM, teamname,
+								REPOSITORY)));
+					}
 					team.addUsers(Arrays.asList(config.getStringList(TEAM, teamname, USER)));
 					team.addMailingLists(Arrays.asList(config.getStringList(TEAM, teamname,
 							MAILINGLIST)));
diff --git a/src/com/gitblit/FileUserService.java b/src/com/gitblit/FileUserService.java
index 39c9a5d..056df82 100644
--- a/src/com/gitblit/FileUserService.java
+++ b/src/com/gitblit/FileUserService.java
@@ -796,7 +796,10 @@
 							repositories.add(role);
 						}
 					}
-					team.addRepositoryPermissions(repositories);
+					if (!team.canAdmin) {
+						// only read permissions for non-admin teams
+						team.addRepositoryPermissions(repositories);
+					}
 					team.addUsers(users);
 					team.addMailingLists(mailingLists);
 					team.preReceiveScripts.addAll(preReceive);
diff --git a/src/com/gitblit/models/TeamModel.java b/src/com/gitblit/models/TeamModel.java
index 2560e5c..9587ca7 100644
--- a/src/com/gitblit/models/TeamModel.java
+++ b/src/com/gitblit/models/TeamModel.java
@@ -98,6 +98,10 @@
 	 */
 	public List<RegistrantAccessPermission> getRepositoryPermissions() {
 		List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
+		if (canAdmin) {
+			// team has REWIND access to all repositories
+			return list;
+		}
 		for (Map.Entry<String, AccessPermission> entry : permissions.entrySet()) {
 			String registrant = entry.getKey();
 			String source = null;
diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java
index 0c9b9cc..23322c2 100644
--- a/src/com/gitblit/models/UserModel.java
+++ b/src/com/gitblit/models/UserModel.java
@@ -138,23 +138,26 @@
 	 */
 	public List<RegistrantAccessPermission> getRepositoryPermissions() {
 		List<RegistrantAccessPermission> list = new ArrayList<RegistrantAccessPermission>();
+		if (canAdmin()) {
+			// user has REWIND access to all repositories
+			return list;
+		}
 		for (Map.Entry<String, AccessPermission> entry : permissions.entrySet()) {
 			String registrant = entry.getKey();
+			AccessPermission ap = entry.getValue();
 			String source = null;
-			boolean editable = true;
+			boolean mutable = true;
 			PermissionType pType = PermissionType.EXPLICIT;
-			if (canAdmin()) {
-				pType = PermissionType.ADMINISTRATOR;
-				editable = false;
-			} else if (isMyPersonalRepository(registrant)) {
+			if (isMyPersonalRepository(registrant)) {
 				pType = PermissionType.OWNER;
-				editable = false;
+				ap = AccessPermission.REWIND;
+				mutable = false;
 			} else if (StringUtils.findInvalidCharacter(registrant) != null) {
 				// a regex will have at least 1 invalid character
 				pType = PermissionType.REGEX;
 				source = registrant;
 			}
-			list.add(new RegistrantAccessPermission(registrant, entry.getValue(), pType, RegistrantType.REPOSITORY, source, editable));
+			list.add(new RegistrantAccessPermission(registrant, ap, pType, RegistrantType.REPOSITORY, source, mutable));
 		}
 		Collections.sort(list);
 		return list;

--
Gitblit v1.9.1