Example 81 with TeamModel
use of com.gitblit.models.TeamModel in project gitblit by gitblit.
the class ConfigUserService method getTeamNamesForRepositoryRole.
/**
* Returns the list of all users who are allowed to bypass the access
* restriction placed on the specified repository.
*
* @param role
* the repository name
* @return list of all usernames that can bypass the access restriction
*/
@Override
public synchronized List<String> getTeamNamesForRepositoryRole(String role) {
List<String> list = new ArrayList<String>();
try {
read();
for (Map.Entry<String, TeamModel> entry : teams.entrySet()) {
TeamModel model = entry.getValue();
if (model.hasRepositoryPermission(role)) {
list.add(model.name);
}
}
} catch (Throwable t) {
logger.error(MessageFormat.format("Failed to get teamnames for role {0}!", role), t);
}
Collections.sort(list);
return list;
}
Also used :
TeamModel(com.gitblit.models.TeamModel)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Example 82 with TeamModel
use of com.gitblit.models.TeamModel in project gitblit by gitblit.
the class ConfigUserService method getTeamModel.
/**
* Retrieve the team object for the specified team name.
*
* @param teamname
* @return a team object or null
* @since 0.8.0
*/
@Override
public synchronized TeamModel getTeamModel(String teamname) {
read();
TeamModel model = teams.get(teamname.toLowerCase());
if (model != null) {
// clone the model, otherwise all changes to this object are
// live and unpersisted
model = DeepCopier.copy(model);
}
return model;
}
Also used :
TeamModel(com.gitblit.models.TeamModel)
Example 83 with TeamModel
use of com.gitblit.models.TeamModel in project gitblit by gitblit.
the class ConfigUserService method renameRepositoryRole.
/**
* Renames a repository role.
*
* @param oldRole
* @param newRole
* @return true if successful
*/
@Override
public synchronized boolean renameRepositoryRole(String oldRole, String newRole) {
try {
read();
// identify users which require role rename
for (UserModel model : users.values()) {
if (model.hasRepositoryPermission(oldRole)) {
AccessPermission permission = model.removeRepositoryPermission(oldRole);
model.setRepositoryPermission(newRole, permission);
}
}
// identify teams which require role rename
for (TeamModel model : teams.values()) {
if (model.hasRepositoryPermission(oldRole)) {
AccessPermission permission = model.removeRepositoryPermission(oldRole);
model.setRepositoryPermission(newRole, permission);
}
}
// persist changes
write();
return true;
} catch (Throwable t) {
logger.error(MessageFormat.format("Failed to rename role {0} to {1}!", oldRole, newRole), t);
}
return false;
}
Also used :
UserModel(com.gitblit.models.UserModel)
TeamModel(com.gitblit.models.TeamModel)
AccessPermission(com.gitblit.Constants.AccessPermission)
Example 84 with TeamModel
use of com.gitblit.models.TeamModel in project gitblit by gitblit.
the class RpcServlet method processRequest.
/**
* Processes an rpc request.
*
* @param request
* @param response
* @throws javax.servlet.ServletException
* @throws java.io.IOException
*/
@Override
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
RpcRequest reqType = RpcRequest.fromName(request.getParameter("req"));
String objectName = request.getParameter("name");
logger.info(MessageFormat.format("Rpc {0} request from {1}", reqType, request.getRemoteAddr()));
UserModel user = (UserModel) request.getUserPrincipal();
boolean allowManagement = user != null && user.canAdmin() && settings.getBoolean(Keys.web.enableRpcManagement, false);
boolean allowAdmin = user != null && user.canAdmin() && settings.getBoolean(Keys.web.enableRpcAdministration, false);
Object result = null;
if (RpcRequest.GET_PROTOCOL.equals(reqType)) {
// Return the protocol version
result = PROTOCOL_VERSION;
} else if (RpcRequest.LIST_REPOSITORIES.equals(reqType)) {
// Determine the Gitblit clone url
String gitblitUrl = settings.getString(Keys.web.canonicalUrl, null);
if (StringUtils.isEmpty(gitblitUrl)) {
gitblitUrl = HttpUtils.getGitblitURL(request);
}
StringBuilder sb = new StringBuilder();
sb.append(gitblitUrl);
sb.append(Constants.R_PATH);
sb.append("{0}");
String cloneUrl = sb.toString();
// list repositories
List<RepositoryModel> list = gitblit.getRepositoryModels(user);
Map<String, RepositoryModel> repositories = new HashMap<String, RepositoryModel>();
for (RepositoryModel model : list) {
String url = MessageFormat.format(cloneUrl, model.name);
repositories.put(url, model);
}
result = repositories;
} else if (RpcRequest.LIST_BRANCHES.equals(reqType)) {
// list all local branches in all repositories accessible to user
Map<String, List<String>> localBranches = new HashMap<String, List<String>>();
List<RepositoryModel> models = gitblit.getRepositoryModels(user);
for (RepositoryModel model : models) {
if (!model.hasCommits) {
// skip empty repository
continue;
}
if (model.isCollectingGarbage) {
// skip garbage collecting repository
logger.warn(MessageFormat.format("Temporarily excluding {0} from RPC, busy collecting garbage", model.name));
continue;
}
if (!StringUtils.isEmpty(objectName) && !objectName.equals(model.name)) {
// skip repository if a name was submitted and it doesn't match
continue;
}
// get local branches
Repository repository = gitblit.getRepository(model.name);
List<RefModel> refs = JGitUtils.getLocalBranches(repository, false, -1);
if (model.showRemoteBranches) {
// add remote branches if repository displays them
refs.addAll(JGitUtils.getRemoteBranches(repository, false, -1));
}
if (refs.size() > 0) {
List<String> branches = new ArrayList<String>();
for (RefModel ref : refs) {
branches.add(ref.getName());
}
localBranches.put(model.name, branches);
}
repository.close();
}
result = localBranches;
} else if (RpcRequest.GET_USER.equals(reqType)) {
if (StringUtils.isEmpty(objectName)) {
if (UserModel.ANONYMOUS.equals(user)) {
response.sendError(forbiddenCode);
} else {
// return the current user, reset credentials
UserModel requestedUser = DeepCopier.copy(user);
result = requestedUser;
}
} else {
if (user.canAdmin() || objectName.equals(user.username)) {
// return the specified user
UserModel requestedUser = gitblit.getUserModel(objectName);
if (requestedUser == null) {
response.setStatus(failureCode);
} else {
result = requestedUser;
}
} else {
response.sendError(forbiddenCode);
}
}
} else if (RpcRequest.LIST_USERS.equals(reqType)) {
// list users
List<String> names = gitblit.getAllUsernames();
List<UserModel> users = new ArrayList<UserModel>();
for (String name : names) {
users.add(gitblit.getUserModel(name));
}
result = users;
} else if (RpcRequest.LIST_TEAMS.equals(reqType)) {
// list teams
List<String> names = gitblit.getAllTeamNames();
List<TeamModel> teams = new ArrayList<TeamModel>();
for (String name : names) {
teams.add(gitblit.getTeamModel(name));
}
result = teams;
} else if (RpcRequest.CREATE_REPOSITORY.equals(reqType)) {
// create repository
RepositoryModel model = deserialize(request, response, RepositoryModel.class);
try {
gitblit.updateRepositoryModel(model.name, model, true);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.FORK_REPOSITORY.equals(reqType)) {
// fork repository
RepositoryModel origin = gitblit.getRepositoryModel(objectName);
if (origin == null) {
// failed to find repository, error is logged by the repository
// manager
response.setStatus(failureCode);
} else {
if (user == null || !user.canFork(origin)) {
logger.error("User {} is not permitted to fork '{}'!", user == null ? "anonymous" : user.username, objectName);
response.setStatus(failureCode);
} else {
try {
// fork the origin
RepositoryModel fork = gitblit.fork(origin, user);
if (fork == null) {
logger.error("Failed to fork repository '{}'!", objectName);
response.setStatus(failureCode);
} else {
logger.info("User {} has forked '{}'!", user.username, objectName);
}
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
}
}
} else if (RpcRequest.EDIT_REPOSITORY.equals(reqType)) {
// edit repository
RepositoryModel model = deserialize(request, response, RepositoryModel.class);
// name specifies original repository name in event of rename
String repoName = objectName;
if (repoName == null) {
repoName = model.name;
}
try {
gitblit.updateRepositoryModel(repoName, model, false);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.DELETE_REPOSITORY.equals(reqType)) {
// delete repository
RepositoryModel model = deserialize(request, response, RepositoryModel.class);
gitblit.deleteRepositoryModel(model);
} else if (RpcRequest.CREATE_USER.equals(reqType)) {
// create user
UserModel model = deserialize(request, response, UserModel.class);
try {
gitblit.addUser(model);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.EDIT_USER.equals(reqType)) {
// edit user
UserModel model = deserialize(request, response, UserModel.class);
// name parameter specifies original user name in event of rename
String username = objectName;
if (username == null) {
username = model.username;
}
try {
gitblit.reviseUser(username, model);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.DELETE_USER.equals(reqType)) {
// delete user
UserModel model = deserialize(request, response, UserModel.class);
if (!gitblit.deleteUser(model.username)) {
response.setStatus(failureCode);
}
} else if (RpcRequest.CREATE_TEAM.equals(reqType)) {
// create team
TeamModel model = deserialize(request, response, TeamModel.class);
try {
gitblit.addTeam(model);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.EDIT_TEAM.equals(reqType)) {
// edit team
TeamModel model = deserialize(request, response, TeamModel.class);
// name parameter specifies original team name in event of rename
String teamname = objectName;
if (teamname == null) {
teamname = model.name;
}
try {
gitblit.reviseTeam(teamname, model);
} catch (GitBlitException e) {
response.setStatus(failureCode);
}
} else if (RpcRequest.DELETE_TEAM.equals(reqType)) {
// delete team
TeamModel model = deserialize(request, response, TeamModel.class);
if (!gitblit.deleteTeam(model.name)) {
response.setStatus(failureCode);
}
} else if (RpcRequest.LIST_REPOSITORY_MEMBERS.equals(reqType)) {
// get repository members
RepositoryModel model = gitblit.getRepositoryModel(objectName);
result = gitblit.getRepositoryUsers(model);
} else if (RpcRequest.SET_REPOSITORY_MEMBERS.equals(reqType)) {
// rejected since 1.2.0
response.setStatus(failureCode);
} else if (RpcRequest.LIST_REPOSITORY_MEMBER_PERMISSIONS.equals(reqType)) {
// get repository member permissions
RepositoryModel model = gitblit.getRepositoryModel(objectName);
result = gitblit.getUserAccessPermissions(model);
} else if (RpcRequest.SET_REPOSITORY_MEMBER_PERMISSIONS.equals(reqType)) {
// set the repository permissions for the specified users
RepositoryModel model = gitblit.getRepositoryModel(objectName);
Collection<RegistrantAccessPermission> permissions = deserialize(request, response, RpcUtils.REGISTRANT_PERMISSIONS_TYPE);
result = gitblit.setUserAccessPermissions(model, permissions);
} else if (RpcRequest.LIST_REPOSITORY_TEAMS.equals(reqType)) {
// get repository teams
RepositoryModel model = gitblit.getRepositoryModel(objectName);
result = gitblit.getRepositoryTeams(model);
} else if (RpcRequest.SET_REPOSITORY_TEAMS.equals(reqType)) {
// rejected since 1.2.0
response.setStatus(failureCode);
} else if (RpcRequest.LIST_REPOSITORY_TEAM_PERMISSIONS.equals(reqType)) {
// get repository team permissions
RepositoryModel model = gitblit.getRepositoryModel(objectName);
result = gitblit.getTeamAccessPermissions(model);
} else if (RpcRequest.SET_REPOSITORY_TEAM_PERMISSIONS.equals(reqType)) {
// set the repository permissions for the specified teams
RepositoryModel model = gitblit.getRepositoryModel(objectName);
Collection<RegistrantAccessPermission> permissions = deserialize(request, response, RpcUtils.REGISTRANT_PERMISSIONS_TYPE);
result = gitblit.setTeamAccessPermissions(model, permissions);
} else if (RpcRequest.LIST_FEDERATION_REGISTRATIONS.equals(reqType)) {
// return the list of federation registrations
if (allowAdmin) {
result = gitblit.getFederationRegistrations();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_FEDERATION_RESULTS.equals(reqType)) {
// return the list of federation result registrations
if (allowAdmin && gitblit.canFederate()) {
result = gitblit.getFederationResultRegistrations();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_FEDERATION_PROPOSALS.equals(reqType)) {
// return the list of federation proposals
if (allowAdmin && gitblit.canFederate()) {
result = gitblit.getPendingFederationProposals();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_FEDERATION_SETS.equals(reqType)) {
// return the list of federation sets
if (allowAdmin && gitblit.canFederate()) {
String gitblitUrl = settings.getString(Keys.web.canonicalUrl, null);
if (StringUtils.isEmpty(gitblitUrl)) {
gitblitUrl = HttpUtils.getGitblitURL(request);
}
result = gitblit.getFederationSets(gitblitUrl);
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_SETTINGS.equals(reqType)) {
// return the server's settings
ServerSettings serverSettings = gitblit.getSettingsModel();
if (allowAdmin) {
// return all settings
result = serverSettings;
} else {
// anonymous users get a few settings to allow browser launching
List<String> keys = new ArrayList<String>();
keys.add(Keys.web.siteName);
keys.add(Keys.web.mountParameters);
keys.add(Keys.web.syndicationEntries);
if (allowManagement) {
// keys necessary for repository and/or user management
keys.add(Keys.realm.minPasswordLength);
keys.add(Keys.realm.passwordStorage);
keys.add(Keys.federation.sets);
}
// build the settings
ServerSettings managementSettings = new ServerSettings();
for (String key : keys) {
managementSettings.add(serverSettings.get(key));
}
if (allowManagement) {
managementSettings.pushScripts = serverSettings.pushScripts;
}
result = managementSettings;
}
} else if (RpcRequest.EDIT_SETTINGS.equals(reqType)) {
// update settings on the server
if (allowAdmin) {
Map<String, String> map = deserialize(request, response, RpcUtils.SETTINGS_TYPE);
gitblit.updateSettings(map);
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.LIST_STATUS.equals(reqType)) {
// return the server's status information
if (allowAdmin) {
result = gitblit.getStatus();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.CLEAR_REPOSITORY_CACHE.equals(reqType)) {
// clear the repository list cache
if (allowManagement) {
gitblit.resetRepositoryListCache();
} else {
response.sendError(notAllowedCode);
}
} else if (RpcRequest.REINDEX_TICKETS.equals(reqType)) {
if (allowManagement) {
if (StringUtils.isEmpty(objectName)) {
// reindex all tickets
gitblit.getTicketService().reindex();
} else {
// reindex tickets in a specific repository
RepositoryModel model = gitblit.getRepositoryModel(objectName);
gitblit.getTicketService().reindex(model);
}
} else {
response.sendError(notAllowedCode);
}
}
// send the result of the request
serialize(response, result);
}
Also used :
RefModel(com.gitblit.models.RefModel)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
GitBlitException(com.gitblit.GitBlitException)
RepositoryModel(com.gitblit.models.RepositoryModel)
UserModel(com.gitblit.models.UserModel)
Repository(org.eclipse.jgit.lib.Repository)
TeamModel(com.gitblit.models.TeamModel)
ServerSettings(com.gitblit.models.ServerSettings)
RpcRequest(com.gitblit.Constants.RpcRequest)
Collection(java.util.Collection)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 85 with TeamModel
use of com.gitblit.models.TeamModel in project gitblit by gitblit.
the class PermissionsTest method testTeamMember_VIEW_REWIND.
/**
* VIEW_REWIND = VIEW access restriction, REWIND access permission
*/
@Test
public void testTeamMember_VIEW_REWIND() throws Exception {
RepositoryModel repository = new RepositoryModel("myrepo.git", null, null, new Date());
repository.authorizationControl = AuthorizationControl.NAMED;
repository.accessRestriction = AccessRestrictionType.VIEW;
TeamModel team = new TeamModel("test");
team.setRepositoryPermission(repository.name, AccessPermission.REWIND);
UserModel user = new UserModel("test");
user.teams.add(team);
assertTrue("team member CAN NOT view!", user.canView(repository));
assertTrue("team member CAN NOT clone!", user.canClone(repository));
assertTrue("team member CAN NOT push!", user.canPush(repository));
assertTrue("team member CAN NOT create ref!", user.canCreateRef(repository));
assertTrue("team member CAN NOT delete ref!", user.canDeleteRef(repository));
assertTrue("team member CAN NOT rewind ref!", user.canRewindRef(repository));
assertEquals("team member has wrong permission!", AccessPermission.REWIND, user.getRepositoryPermission(repository).permission);
}
Also used :
UserModel(com.gitblit.models.UserModel)
TeamModel(com.gitblit.models.TeamModel)
RepositoryModel(com.gitblit.models.RepositoryModel)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
TeamModel (com.gitblit.models.TeamModel)109
RepositoryModel (com.gitblit.models.RepositoryModel)68
Test (org.junit.Test)67
Date (java.util.Date)62
UserModel (com.gitblit.models.UserModel)58
ArrayList (java.util.ArrayList)18
HashSet (java.util.HashSet)8
RegistrantAccessPermission (com.gitblit.models.RegistrantAccessPermission)6
HashMap (java.util.HashMap)6
Map (java.util.Map)5
GitBlitException (com.gitblit.GitBlitException)4
SearchResult (com.unboundid.ldap.sdk.SearchResult)4
SearchResultEntry (com.unboundid.ldap.sdk.SearchResultEntry)4
File (java.io.File)4
IOException (java.io.IOException)4
AccessPermission (com.gitblit.Constants.AccessPermission)3
List (java.util.List)3
Repository (org.eclipse.jgit.lib.Repository)3
StoredConfig (org.eclipse.jgit.lib.StoredConfig)3
IUserService (com.gitblit.IUserService)2
