Add authentication to the repository setting page.

src/main/scala/app/ControllerBase.scala

@@ -5,6 +5,7 @@ import org.scalatra._
 import org.scalatra.json._
 import org.json4s._
 import jp.sf.amateras.scalatra.forms._
+import service.AccountService
 
 /**
  * Provides generic features for ScalatraServlet implementations.
@@ -13,6 +14,9 @@ abstract class ControllerBase extends ScalatraFilter with ClientSideValidationFo
 
   implicit val jsonFormats = DefaultFormats
 
+  /**
+   * Returns the context object for the request.
+   */
   implicit def context: Context = Context(servletContext.getContextPath, LoginAccount)
   
   private def LoginAccount: Option[Account] = {
@@ -22,6 +26,35 @@ abstract class ControllerBase extends ScalatraFilter with ClientSideValidationFo
     }
   }
 
+  /**
+   * Allows only the repository owner and administrators.
+   */
+  protected def ownerOnly(action: => Any) = {
+    {
+      context.loginAccount match {
+        case Some(x) if(x.userType == AccountService.Administrator) => action
+        case Some(x) if(request.getRequestURI.split("/")(1) == x.userName) => action
+        case _ => redirect("/signin")
+      }
+    }
+  }
+
+  /**
+   * Allows only the repository owner and administrators.
+   */
+  protected def ownerOnly[T](action: T => Any) = {
+    (form: T) => {
+      context.loginAccount match {
+        case Some(x) if(x.userType == AccountService.Administrator) => action(form)
+        case Some(x) if(request.getRequestURI.split("/")(1) == x.userName) => action(form)
+        case _ => redirect("/signin")
+      }
+    }
+  }
+
+  /**
+   * Allows only signed in users.
+   */
   protected def usersOnly(action: => Any) = {
     {
       context.loginAccount match {
@@ -31,6 +64,9 @@ abstract class ControllerBase extends ScalatraFilter with ClientSideValidationFo
     }
   }
 
+  /**
+   * Allows only signed in users.
+   */
   protected def usersOnly[T](action: T => Any) = {
     (form: T) => {
       context.loginAccount match {

src/main/scala/app/SettingsController.scala

@@ -14,32 +14,32 @@ trait SettingsControllerBase extends ControllerBase { self: RepositoryService wi
     "userName" -> trim(label("Username", text(required, collaborator)))
   )(CollaboratorForm.apply)
 
-  get("/:owner/:repository/settings") {
+  get("/:owner/:repository/settings")(ownerOnly {
     val owner      = params("owner")
     val repository = params("repository")
     redirect("/%s/%s/settings/options".format(owner, repository))
-  }
+  })
   
-  get("/:owner/:repository/settings/options") {
+  get("/:owner/:repository/settings/options")(ownerOnly {
     val owner      = params("owner")
     val repository = params("repository")
     
     settings.html.options(getRepository(owner, repository, servletContext).get)
-  }
+  })
   
-  get("/:owner/:repository/settings/collaborators") {
+  get("/:owner/:repository/settings/collaborators")(ownerOnly {
     val owner      = params("owner")
     val repository = params("repository")
     
     settings.html.collaborators(getCollaborators(owner, repository), getRepository(owner, repository, servletContext).get)
-  }
+  })
 
-  post("/:owner/:repository/settings/collaborators/_add", form) { form =>
+  post("/:owner/:repository/settings/collaborators/_add", form)(ownerOnly { form =>
     val owner      = params("owner")
     val repository = params("repository")
     addCollaborator(owner, repository, form.userName)
     redirect("/%s/%s/settings/collaborators".format(owner, repository))
-  }
+  })
 
   def collaborator: Constraint = new Constraint(){
     def validate(name: String, value: String): Option[String] = {