From ec5a889c907af30afeba527def2d9f836eecbec4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 03 Nov 2011 08:50:47 -0400
Subject: [PATCH] Feeds and Manager must respect a server's web.mountParameters setting

---
 src/com/gitblit/RpcServlet.java |   23 ++++++++++++++++++-----
 1 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/com/gitblit/RpcServlet.java b/src/com/gitblit/RpcServlet.java
index 585770e..c7ff539 100644
--- a/src/com/gitblit/RpcServlet.java
+++ b/src/com/gitblit/RpcServlet.java
@@ -68,9 +68,13 @@
 		logger.info(MessageFormat.format("Rpc {0} request from {1}", reqType,
 				request.getRemoteAddr()));
 
-		boolean allowAdmin = GitBlit.getBoolean(Keys.web.enableRpcAdministration, false);
-
 		UserModel user = (UserModel) request.getUserPrincipal();
+
+		boolean allowManagement = user != null && user.canAdmin
+				&& GitBlit.getBoolean(Keys.web.enableRpcManagement, false);
+
+		boolean allowAdmin = user != null && user.canAdmin
+				&& GitBlit.getBoolean(Keys.web.enableRpcAdministration, false);
 
 		Object result = null;
 		if (RpcRequest.LIST_REPOSITORIES.equals(reqType)) {
@@ -224,9 +228,18 @@
 				// return all settings
 				result = settings;
 			} else {
-				// return management settings only
-				String[] keys = { Keys.realm.minPasswordLength, Keys.realm.passwordStorage,
-						Keys.federation.sets };
+				// anonymous users get a few settings to allow browser launching
+				List<String> keys = new ArrayList<String>();
+				keys.add(Keys.web.siteName);
+				keys.add(Keys.web.mountParameters);
+				
+				if (allowManagement) {
+					// keys necessary for repository and/or user management
+					keys.add(Keys.realm.minPasswordLength);
+					keys.add(Keys.realm.passwordStorage);
+					keys.add(Keys.federation.sets);
+				}
+				// build the settings
 				ServerSettings managementSettings = new ServerSettings();
 				for (String key : keys) {
 					managementSettings.add(settings.get(key));

--
Gitblit v1.9.1