From d4b95298902c8cea1411fc696ed80028b6091aa7 Mon Sep 17 00:00:00 2001
From: Rafael Cavazin <rafaelcavazin@gmail.com>
Date: Thu, 06 Dec 2012 11:25:01 -0500
Subject: [PATCH] Update from upstream/master
---
src/com/gitblit/GitFilter.java | 138 +++++++++++++++++++++++++++++++++++----------
1 files changed, 106 insertions(+), 32 deletions(-)
diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java
index aa67346..2b769d4 100644
--- a/src/com/gitblit/GitFilter.java
+++ b/src/com/gitblit/GitFilter.java
@@ -18,6 +18,7 @@
import java.text.MessageFormat;
import com.gitblit.Constants.AccessRestrictionType;
+import com.gitblit.Constants.AuthorizationControl;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.UserModel;
import com.gitblit.utils.StringUtils;
@@ -93,6 +94,16 @@
}
/**
+ * Determine if a non-existing repository can be created using this filter.
+ *
+ * @return true if the server allows repository creation on-push
+ */
+ @Override
+ protected boolean isCreationAllowed() {
+ return GitBlit.getBoolean(Keys.git.allowCreateOnPush, true);
+ }
+
+ /**
* Determine if the repository can receive pushes.
*
* @param repository
@@ -101,14 +112,21 @@
*/
@Override
protected boolean isActionAllowed(RepositoryModel repository, String action) {
- if (action.equals(gitReceivePack)) {
- // Push request
- if (!repository.isBare) {
- logger.warn("Gitblit does not allow pushes to repositories with a working copy");
- return false;
+ if (!StringUtils.isEmpty(action)) {
+ if (action.equals(gitReceivePack)) {
+ // Push request
+ if (!repository.isBare) {
+ logger.warn("Gitblit does not allow pushes to repositories with a working copy");
+ return false;
+ }
}
}
return true;
+ }
+
+ @Override
+ protected boolean requiresClientCertificate() {
+ return GitBlit.getBoolean(Keys.git.requiresClientCertificate, false);
}
/**
@@ -145,35 +163,91 @@
// Git Servlet disabled
return false;
}
- boolean readOnly = repository.isFrozen;
- if (readOnly || repository.accessRestriction.atLeast(AccessRestrictionType.PUSH)) {
- boolean authorizedUser = user.canAccessRepository(repository);
- if (action.equals(gitReceivePack)) {
- // Push request
- if (!readOnly && authorizedUser) {
- // clone-restricted or push-authorized
- return true;
- } else {
- // user is unauthorized to push to this repository
- logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",
- user.username, repository));
- return false;
- }
- } else if (action.equals(gitUploadPack)) {
- // Clone request
- boolean cloneRestricted = repository.accessRestriction
- .atLeast(AccessRestrictionType.CLONE);
- if (!cloneRestricted || (cloneRestricted && authorizedUser)) {
- // push-restricted or clone-authorized
- return true;
- } else {
- // user is unauthorized to clone this repository
- logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}",
- user.username, repository));
- return false;
- }
+ if (action.equals(gitReceivePack)) {
+ // Push request
+ if (user.canPush(repository)) {
+ return true;
+ } else {
+ // user is unauthorized to push to this repository
+ logger.warn(MessageFormat.format("user {0} is not authorized to push to {1}",
+ user.username, repository));
+ return false;
+ }
+ } else if (action.equals(gitUploadPack)) {
+ // Clone request
+ if (user.canClone(repository)) {
+ return true;
+ } else {
+ // user is unauthorized to clone this repository
+ logger.warn(MessageFormat.format("user {0} is not authorized to clone {1}",
+ user.username, repository));
+ return false;
}
}
return true;
}
+
+ /**
+ * An authenticated user with the CREATE role can create a repository on
+ * push.
+ *
+ * @param user
+ * @param repository
+ * @param action
+ * @return the repository model, if it is created, null otherwise
+ */
+ @Override
+ protected RepositoryModel createRepository(UserModel user, String repository, String action) {
+ boolean isPush = !StringUtils.isEmpty(action) && gitReceivePack.equals(action);
+ if (isPush) {
+ if (user.canCreate(repository)) {
+ // user is pushing to a new repository
+ // validate name
+ if (repository.startsWith("../")) {
+ logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository));
+ return null;
+ }
+ if (repository.contains("/../")) {
+ logger.error(MessageFormat.format("Illegal relative path in repository name! {0}", repository));
+ return null;
+ }
+
+ // confirm valid characters in repository name
+ Character c = StringUtils.findInvalidCharacter(repository);
+ if (c != null) {
+ logger.error(MessageFormat.format("Invalid character '{0}' in repository name {1}!", c, repository));
+ return null;
+ }
+
+ // create repository
+ RepositoryModel model = new RepositoryModel();
+ model.name = repository;
+ model.owner = user.username;
+ model.projectPath = StringUtils.getFirstPathElement(repository);
+ if (model.isUsersPersonalRepository(user.username)) {
+ // personal repository, default to private for user
+ model.authorizationControl = AuthorizationControl.NAMED;
+ model.accessRestriction = AccessRestrictionType.VIEW;
+ } else {
+ // common repository, user default server settings
+ model.authorizationControl = AuthorizationControl.fromName(GitBlit.getString(Keys.git.defaultAuthorizationControl, ""));
+ model.accessRestriction = AccessRestrictionType.fromName(GitBlit.getString(Keys.git.defaultAccessRestriction, ""));
+ }
+
+ // create the repository
+ try {
+ GitBlit.self().updateRepositoryModel(model.name, model, true);
+ logger.info(MessageFormat.format("{0} created {1} ON-PUSH", user.username, model.name));
+ return GitBlit.self().getRepositoryModel(model.name);
+ } catch (GitBlitException e) {
+ logger.error(MessageFormat.format("{0} failed to create repository {1} ON-PUSH!", user.username, model.name), e);
+ }
+ } else {
+ logger.warn(MessageFormat.format("{0} is not permitted to create repository {1} ON-PUSH!", user.username, repository));
+ }
+ }
+
+ // repository could not be created or action was not a push
+ return null;
+ }
}
--
Gitblit v1.9.1