From ce07c4f4ca47eebb53815aaa361a24ea46dc3757 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 07 May 2014 10:27:14 -0400
Subject: [PATCH] Ensure the repository model ref list is refreshed on ref creation or deletion
---
src/main/java/com/gitblit/GitBlit.java | 85 ++++++++++++++++++++++++++++++++++++++++++
1 files changed, 85 insertions(+), 0 deletions(-)
diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java
index 26ab3f3..3db5f08 100644
--- a/src/main/java/com/gitblit/GitBlit.java
+++ b/src/main/java/com/gitblit/GitBlit.java
@@ -17,12 +17,17 @@
import java.text.MessageFormat;
import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import com.gitblit.Constants.AccessPermission;
+import com.gitblit.Constants.Transport;
import com.gitblit.manager.GitblitManager;
import com.gitblit.manager.IAuthenticationManager;
import com.gitblit.manager.IFederationManager;
@@ -116,6 +121,32 @@
return new Object [] { new GitBlitModule()};
}
+ protected boolean acceptPush(Transport byTransport) {
+ if (byTransport == null) {
+ logger.info("Unknown transport, push rejected!");
+ return false;
+ }
+
+ Set<Transport> transports = new HashSet<Transport>();
+ for (String value : getSettings().getStrings(Keys.git.acceptedPushTransports)) {
+ Transport transport = Transport.fromString(value);
+ if (transport == null) {
+ logger.info(String.format("Ignoring unknown registered transport %s", value));
+ continue;
+ }
+
+ transports.add(transport);
+ }
+
+ if (transports.isEmpty()) {
+ // no transports are explicitly specified, all are acceptable
+ return true;
+ }
+
+ // verify that the transport is permitted
+ return transports.contains(byTransport);
+ }
+
/**
* Returns a list of repository URLs and the user access permission.
*
@@ -137,6 +168,12 @@
if (settings.getBoolean(Keys.git.enableGitServlet, true)) {
AccessPermission permission = user.getRepositoryPermission(repository).permission;
if (permission.exceeds(AccessPermission.NONE)) {
+ Transport transport = Transport.fromString(request.getScheme());
+ if (permission.atLeast(AccessPermission.PUSH) && !acceptPush(transport)) {
+ // downgrade the repo permission for this transport
+ // because it is not an acceptable PUSH transport
+ permission = AccessPermission.CLONE;
+ }
list.add(new RepositoryUrl(getRepositoryUrl(request, username, repository), permission));
}
}
@@ -146,6 +183,12 @@
if (!StringUtils.isEmpty(sshDaemonUrl)) {
AccessPermission permission = user.getRepositoryPermission(repository).permission;
if (permission.exceeds(AccessPermission.NONE)) {
+ if (permission.atLeast(AccessPermission.PUSH) && !acceptPush(Transport.SSH)) {
+ // downgrade the repo permission for this transport
+ // because it is not an acceptable PUSH transport
+ permission = AccessPermission.CLONE;
+ }
+
list.add(new RepositoryUrl(sshDaemonUrl, permission));
}
}
@@ -155,6 +198,11 @@
if (!StringUtils.isEmpty(gitDaemonUrl)) {
AccessPermission permission = servicesManager.getGitDaemonAccessPermission(user, repository);
if (permission.exceeds(AccessPermission.NONE)) {
+ if (permission.atLeast(AccessPermission.PUSH) && !acceptPush(Transport.GIT)) {
+ // downgrade the repo permission for this transport
+ // because it is not an acceptable PUSH transport
+ permission = AccessPermission.CLONE;
+ }
list.add(new RepositoryUrl(gitDaemonUrl, permission));
}
}
@@ -173,6 +221,34 @@
list.add(new RepositoryUrl(MessageFormat.format(url, repository.name), null));
}
}
+
+ // sort transports by highest permission and then by transport security
+ Collections.sort(list, new Comparator<RepositoryUrl>() {
+
+ @Override
+ public int compare(RepositoryUrl o1, RepositoryUrl o2) {
+ if (!o1.isExternal() && o2.isExternal()) {
+ // prefer Gitblit over external
+ return -1;
+ } else if (o1.isExternal() && !o2.isExternal()) {
+ // prefer Gitblit over external
+ return 1;
+ } else if (o1.isExternal() && o2.isExternal()) {
+ // sort by Transport ordinal
+ return o1.transport.compareTo(o2.transport);
+ } else if (o1.permission.exceeds(o2.permission)) {
+ // prefer highest permission
+ return -1;
+ } else if (o2.permission.exceeds(o1.permission)) {
+ // prefer highest permission
+ return 1;
+ }
+
+ // prefer more secure transports
+ return o1.transport.compareTo(o2.transport);
+ }
+ });
+
return list;
}
@@ -276,6 +352,7 @@
// core managers
IRuntimeManager.class,
+ IPluginManager.class,
INotificationManager.class,
IUserManager.class,
IAuthenticationManager.class,
@@ -301,6 +378,10 @@
@Provides @Singleton IRuntimeManager provideRuntimeManager() {
return runtimeManager;
+ }
+
+ @Provides @Singleton IPluginManager providePluginManager() {
+ return pluginManager;
}
@Provides @Singleton INotificationManager provideNotificationManager() {
@@ -334,6 +415,7 @@
@Provides @Singleton NullTicketService provideNullTicketService() {
return new NullTicketService(
runtimeManager,
+ pluginManager,
notificationManager,
userManager,
repositoryManager);
@@ -342,6 +424,7 @@
@Provides @Singleton FileTicketService provideFileTicketService() {
return new FileTicketService(
runtimeManager,
+ pluginManager,
notificationManager,
userManager,
repositoryManager);
@@ -350,6 +433,7 @@
@Provides @Singleton BranchTicketService provideBranchTicketService() {
return new BranchTicketService(
runtimeManager,
+ pluginManager,
notificationManager,
userManager,
repositoryManager);
@@ -358,6 +442,7 @@
@Provides @Singleton RedisTicketService provideRedisTicketService() {
return new RedisTicketService(
runtimeManager,
+ pluginManager,
notificationManager,
userManager,
repositoryManager);
--
Gitblit v1.9.1