From d0d438f480e29a5ebaf64449a5c3e7f4ebb13690 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 11 May 2011 22:33:16 -0400
Subject: [PATCH] Clarified access restrictions.

---
 src/com/gitblit/GitBlit.java                 |    6 +++---
 src/com/gitblit/GitBlitServlet.java          |    7 +++----
 src/com/gitblit/wicket/models/UserModel.java |   24 ++----------------------
 src/com/gitblit/Constants.java               |   12 ++++++------
 4 files changed, 14 insertions(+), 35 deletions(-)

diff --git a/src/com/gitblit/Constants.java b/src/com/gitblit/Constants.java
index 3ca917d..7d1758d 100644
--- a/src/com/gitblit/Constants.java
+++ b/src/com/gitblit/Constants.java
@@ -13,9 +13,9 @@
 	public static enum AccessRestrictionType {
 		NONE, PUSH, CLONE, VIEW;
 
-		public static AccessRestrictionType fromString(String name) {
+		public static AccessRestrictionType fromName(String name) {
 			for (AccessRestrictionType type : values()) {
-				if (type.toString().equalsIgnoreCase(name)) {
+				if (type.name().equalsIgnoreCase(name)) {
 					return type;
 				}
 			}
@@ -29,13 +29,13 @@
 		public String toString() {
 			switch (this) {
 			case NONE:
-				return "none";
+				return "Anonymous View, Clone, & Push";
 			case PUSH:
-				return "push";
+				return "Anonymous View & Clone, Authenticated Push";
 			case CLONE:
-				return "clone";
+				return "Anonymous View, Authenticated Clone & Push";
 			case VIEW:
-				return "view";
+				return "Authenticated View, Clone, & Push";
 			}
 			return "none";
 		}
diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java
index d0daa53..40cb388 100644
--- a/src/com/gitblit/GitBlit.java
+++ b/src/com/gitblit/GitBlit.java
@@ -140,7 +140,7 @@
 	public RepositoryModel getRepositoryModel(UserModel user, String repositoryName) {
 		RepositoryModel model = getRepositoryModel(repositoryName);
 		if (model.accessRestriction.atLeast(AccessRestrictionType.VIEW)) {
-			if (user != null && user.canView(model)) {
+			if (user != null && user.canAccessRepository(model.name)) {
 				return model;
 			}
 			return null;
@@ -161,7 +161,7 @@
 			model.owner = config.getString("gitblit", null, "owner");
 			model.useTickets = config.getBoolean("gitblit", "useTickets", false);
 			model.useDocs = config.getBoolean("gitblit", "useDocs", false);
-			model.accessRestriction = AccessRestrictionType.fromString(config.getString("gitblit", null, "accessRestriction"));
+			model.accessRestriction = AccessRestrictionType.fromName(config.getString("gitblit", null, "accessRestriction"));
 			model.showRemoteBranches = config.getBoolean("gitblit", "showRemoteBranches", false);
 		}
 		r.close();
@@ -195,7 +195,7 @@
 		config.setString("gitblit", null, "owner", repository.owner);
 		config.setBoolean("gitblit", null, "useTickets", repository.useTickets);
 		config.setBoolean("gitblit", null, "useDocs", repository.useDocs);
-		config.setString("gitblit", null, "accessRestriction", repository.accessRestriction.toString());
+		config.setString("gitblit", null, "accessRestriction", repository.accessRestriction.name());
 		config.setBoolean("gitblit", null, "showRemoteBranches", repository.showRemoteBranches);
 		try {
 			config.save();
diff --git a/src/com/gitblit/GitBlitServlet.java b/src/com/gitblit/GitBlitServlet.java
index cb23e47..ffdc1b0 100644
--- a/src/com/gitblit/GitBlitServlet.java
+++ b/src/com/gitblit/GitBlitServlet.java
@@ -49,9 +49,8 @@
 					boolean authorizedUser = req.isUserInRole(repository);
 					if (function.startsWith("git-receive-pack") || (query.indexOf("service=git-receive-pack") > -1)) {
 						// Push request
-						boolean pushRestricted = model.accessRestriction.atLeast(AccessRestrictionType.PUSH);
-						if (!pushRestricted || (pushRestricted && authorizedUser)) {
-							// push-unrestricted or push-authorized
+						if (authorizedUser) {
+							// clone-restricted or push-authorized
 							super.service(req, rsp);
 							return;
 						} else {
@@ -64,7 +63,7 @@
 						// Clone request
 						boolean cloneRestricted = model.accessRestriction.atLeast(AccessRestrictionType.CLONE);
 						if (!cloneRestricted || (cloneRestricted && authorizedUser)) {
-							// clone-unrestricted or clone-authorized
+							// push-restricted or clone-authorized
 							super.service(req, rsp);
 							return;
 						} else {
diff --git a/src/com/gitblit/wicket/models/UserModel.java b/src/com/gitblit/wicket/models/UserModel.java
index c65d356..34c32e7 100644
--- a/src/com/gitblit/wicket/models/UserModel.java
+++ b/src/com/gitblit/wicket/models/UserModel.java
@@ -4,8 +4,6 @@
 import java.util.ArrayList;
 import java.util.List;
 
-import com.gitblit.Constants.AccessRestrictionType;
-
 public class UserModel implements Serializable {
 
 	private static final long serialVersionUID = 1L;
@@ -39,27 +37,9 @@
 	public boolean canAdmin() {
 		return canAdmin;
 	}
-	
-	public boolean canClone(RepositoryModel repository) {
-		return canAccess(repository, AccessRestrictionType.CLONE);
-	}
 
-	public boolean canPush(RepositoryModel repository) {
-		return canAccess(repository, AccessRestrictionType.PUSH);
-	}
-	
-	public boolean canView(RepositoryModel repository) {
-		return canAccess(repository, AccessRestrictionType.VIEW);
-	}
-	
-	private boolean canAccess(RepositoryModel repository, AccessRestrictionType minimum) {
-		if (repository.accessRestriction.atLeast(minimum)) {
-			// repository is restricted, must check roles
-			return canAdmin || repositories.contains(repository.name);
-		} else {
-			// repository is not restricted
-			return true;
-		}
+	public boolean canAccessRepository(String repositoryName) {
+		return canAdmin || repositories.contains(repositoryName);
 	}
 
 	public void setCookie(String cookie) {

--
Gitblit v1.9.1