From a502d96a860456ec5e8c96761db70f7cabb74751 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 30 Apr 2016 04:19:14 -0400
Subject: [PATCH] Merge pull request #1073 from gitblit/1062-DocEditorUpdates

---
 src/main/java/com/gitblit/wicket/pages/EditUserPage.java |   82 ++++++++++++++++++++++++++++++----------
 1 files changed, 61 insertions(+), 21 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
index b2d3d3b..220bee3 100644
--- a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
@@ -27,7 +27,6 @@
 import org.apache.wicket.markup.html.form.Button;
 import org.apache.wicket.markup.html.form.CheckBox;
 import org.apache.wicket.markup.html.form.Form;
-import org.apache.wicket.markup.html.form.PasswordTextField;
 import org.apache.wicket.markup.html.form.TextField;
 import org.apache.wicket.model.CompoundPropertyModel;
 import org.apache.wicket.model.Model;
@@ -35,12 +34,14 @@
 import org.apache.wicket.model.util.ListModel;
 
 import com.gitblit.Constants.RegistrantType;
+import com.gitblit.Constants.Role;
 import com.gitblit.GitBlitException;
 import com.gitblit.Keys;
 import com.gitblit.models.RegistrantAccessPermission;
 import com.gitblit.models.TeamModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.utils.StringUtils;
+import com.gitblit.wicket.NonTrimmedPasswordTextField;
 import com.gitblit.wicket.RequiresAdminRole;
 import com.gitblit.wicket.StringChoiceRenderer;
 import com.gitblit.wicket.WicketUtils;
@@ -54,10 +55,6 @@
 	public EditUserPage() {
 		// create constructor
 		super();
-		if (!app().users().supportsAddUser()) {
-			error(MessageFormat.format(getString("gb.userServiceDoesNotPermitAddUser"),
-					app().settings().getString(Keys.realm.userService, "${baseFolder}/users.conf")), true);
-		}
 		isCreate = true;
 		setupPage(new UserModel(""));
 		setStatelessHint(false);
@@ -138,7 +135,7 @@
 				}
 				boolean rename = !StringUtils.isEmpty(oldName)
 						&& !oldName.equalsIgnoreCase(username);
-				if (app().users().supportsCredentialChanges(userModel)) {
+				if (app().authentication().supportsCredentialChanges(userModel)) {
 					if (!userModel.password.equals(confirmPassword.getObject())) {
 						error(getString("gb.passwordsDoNotMatch"));
 						return;
@@ -157,6 +154,9 @@
 									minLength));
 							return;
 						}
+
+						// change the cookie
+						userModel.cookie = StringUtils.getSHA1(userModel.username + password);
 
 						// Optionally store the password MD5 digest.
 						String type = app().settings().getString(Keys.realm.passwordStorage, "md5");
@@ -178,7 +178,9 @@
 
 				// update user permissions
 				for (RegistrantAccessPermission repositoryPermission : permissions) {
-					userModel.setRepositoryPermission(repositoryPermission.registrant, repositoryPermission.permission);
+					if (repositoryPermission.mutable) {
+						userModel.setRepositoryPermission(repositoryPermission.registrant, repositoryPermission.permission);
+					}
 				}
 
 				Iterator<String> selectedTeams = teams.getSelectedChoices();
@@ -192,7 +194,11 @@
 				}
 
 				try {
-					app().gitblit().updateUserModel(oldName, userModel, isCreate);
+					if (isCreate) {
+						app().gitblit().addUser(userModel);
+					} else {
+						app().gitblit().reviseUser(oldName, userModel);
+					}
 				} catch (GitBlitException e) {
 					error(e.getMessage());
 					return;
@@ -213,33 +219,67 @@
 		// do not let the browser pre-populate these fields
 		form.add(new SimpleAttributeModifier("autocomplete", "off"));
 
-		// not all user services support manipulating username and password
-		boolean editCredentials = app().users().supportsCredentialChanges(userModel);
+		// not all user providers support manipulating username and password
+		boolean editCredentials = app().authentication().supportsCredentialChanges(userModel);
 
-		// not all user services support manipulating display name
-		boolean editDisplayName = app().users().supportsDisplayNameChanges(userModel);
+		// not all user providers support manipulating display name
+		boolean editDisplayName = app().authentication().supportsDisplayNameChanges(userModel);
 
-		// not all user services support manipulating email address
-		boolean editEmailAddress = app().users().supportsEmailAddressChanges(userModel);
+		// not all user providers support manipulating email address
+		boolean editEmailAddress = app().authentication().supportsEmailAddressChanges(userModel);
 
-		// not all user services support manipulating team memberships
-		boolean editTeams = app().users().supportsTeamMembershipChanges(userModel);
+		// not all user providers support manipulating team memberships
+		boolean editTeams = app().authentication().supportsTeamMembershipChanges(userModel);
+
+		// not all user providers support manipulating the admin role
+		boolean changeAdminRole = app().authentication().supportsRoleChanges(userModel, Role.ADMIN);
+
+		// not all user providers support manipulating the create role
+		boolean changeCreateRole = app().authentication().supportsRoleChanges(userModel, Role.CREATE);
+
+		// not all user providers support manipulating the fork role
+		boolean changeForkRole = app().authentication().supportsRoleChanges(userModel, Role.FORK);
 
 		// field names reflective match UserModel fields
 		form.add(new TextField<String>("username").setEnabled(editCredentials));
-		PasswordTextField passwordField = new PasswordTextField("password");
+		NonTrimmedPasswordTextField passwordField = new NonTrimmedPasswordTextField("password");
 		passwordField.setResetPassword(false);
 		form.add(passwordField.setEnabled(editCredentials));
-		PasswordTextField confirmPasswordField = new PasswordTextField("confirmPassword",
+		NonTrimmedPasswordTextField confirmPasswordField = new NonTrimmedPasswordTextField("confirmPassword",
 				confirmPassword);
 		confirmPasswordField.setResetPassword(false);
 		form.add(confirmPasswordField.setEnabled(editCredentials));
 		form.add(new TextField<String>("displayName").setEnabled(editDisplayName));
 		form.add(new TextField<String>("emailAddress").setEnabled(editEmailAddress));
-		form.add(new CheckBox("canAdmin"));
-		form.add(new CheckBox("canFork").setEnabled(app().settings().getBoolean(Keys.web.allowForking, true)));
-		form.add(new CheckBox("canCreate"));
+
+		if (userModel.canAdmin() && !userModel.canAdmin) {
+			// user inherits Admin permission
+			// display a disabled-yet-checked checkbox
+			form.add(new CheckBox("canAdmin", Model.of(true)).setEnabled(false));
+		} else {
+			form.add(new CheckBox("canAdmin").setEnabled(changeAdminRole));
+		}
+
+		if (userModel.canFork() && !userModel.canFork) {
+			// user inherits Fork permission
+			// display a disabled-yet-checked checkbox
+			form.add(new CheckBox("canFork", Model.of(true)).setEnabled(false));
+		} else {
+			final boolean forkingAllowed = app().settings().getBoolean(Keys.web.allowForking, true);
+			form.add(new CheckBox("canFork").setEnabled(forkingAllowed && changeForkRole));
+		}
+
+		if (userModel.canCreate() && !userModel.canCreate) {
+			// user inherits Create permission
+			// display a disabled-yet-checked checkbox
+			form.add(new CheckBox("canCreate", Model.of(true)).setEnabled(false));
+		} else {
+			form.add(new CheckBox("canCreate").setEnabled(changeCreateRole));
+		}
+
 		form.add(new CheckBox("excludeFromFederation"));
+		form.add(new CheckBox("disabled"));
+
 		form.add(new RegistrantPermissionsPanel("repositories",	RegistrantType.REPOSITORY, repos, permissions, getAccessPermissions()));
 		form.add(teams.setEnabled(editTeams));
 

--
Gitblit v1.9.1