/* | |
* Copyright 2012 gitblit.com. | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software | |
* distributed under the License is distributed on an "AS IS" BASIS, | |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
* See the License for the specific language governing permissions and | |
* limitations under the License. | |
*/ | |
package com.gitblit.servlet; | |
import com.google.inject.Inject; | |
import com.google.inject.Singleton; | |
import org.eclipse.jgit.lib.Repository; | |
import com.gitblit.Constants.AccessRestrictionType; | |
import com.gitblit.manager.IAuthenticationManager; | |
import com.gitblit.manager.IRepositoryManager; | |
import com.gitblit.manager.IRuntimeManager; | |
import com.gitblit.models.RepositoryModel; | |
import com.gitblit.models.UserModel; | |
/** | |
* The RawFilter is an AccessRestrictionFilter which ensures http branch | |
* requests for a view-restricted repository are authenticated and authorized. | |
* | |
* @author James Moger | |
* | |
*/ | |
@Singleton | |
public class RawFilter extends AccessRestrictionFilter { | |
@Inject | |
public RawFilter( | |
IRuntimeManager runtimeManager, | |
IAuthenticationManager authenticationManager, | |
IRepositoryManager repositoryManager) { | |
super(runtimeManager, authenticationManager, repositoryManager); | |
} | |
/** | |
* Extract the repository name from the url. | |
* | |
* @param url | |
* @return repository name | |
*/ | |
@Override | |
protected String extractRepositoryName(String url) { | |
// get the repository name from the url by finding a known url suffix | |
String repository = ""; | |
Repository r = null; | |
int offset = 0; | |
while (r == null) { | |
int slash = url.indexOf('/', offset); | |
if (slash == -1) { | |
repository = url; | |
} else { | |
repository = url.substring(0, slash); | |
} | |
r = repositoryManager.getRepository(repository, false); | |
if (r == null) { | |
// try again | |
offset = slash + 1; | |
} else { | |
// close the repo | |
r.close(); | |
} | |
if (repository.equals(url)) { | |
// either only repository in url or no repository found | |
break; | |
} | |
} | |
return repository; | |
} | |
/** | |
* Analyze the url and returns the action of the request. | |
* | |
* @param cloneUrl | |
* @return action of the request | |
*/ | |
@Override | |
protected String getUrlRequestAction(String suffix) { | |
return "VIEW"; | |
} | |
/** | |
* Determine if a non-existing repository can be created using this filter. | |
* | |
* @return true if the filter allows repository creation | |
*/ | |
@Override | |
protected boolean isCreationAllowed() { | |
return false; | |
} | |
/** | |
* Determine if the action may be executed on the repository. | |
* | |
* @param repository | |
* @param action | |
* @return true if the action may be performed | |
*/ | |
@Override | |
protected boolean isActionAllowed(RepositoryModel repository, String action) { | |
return true; | |
} | |
/** | |
* Determine if the repository requires authentication. | |
* | |
* @param repository | |
* @param action | |
* @return true if authentication required | |
*/ | |
@Override | |
protected boolean requiresAuthentication(RepositoryModel repository, String action) { | |
return repository.accessRestriction.atLeast(AccessRestrictionType.VIEW); | |
} | |
/** | |
* Determine if the user can access the repository and perform the specified | |
* action. | |
* | |
* @param repository | |
* @param user | |
* @param action | |
* @return true if user may execute the action on the repository | |
*/ | |
@Override | |
protected boolean canAccess(RepositoryModel repository, UserModel user, String action) { | |
return user.canView(repository); | |
} | |
} |