Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2026-01-08 00:22:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

(refs #474)Fix authorization for cloning repository

Browse Source 
Allows cloning a repository for users who can read access to that repository.
This commit is contained in:
Naoki Takezoe
2017-03-03 11:48:08 +09:00
parent 37d2a38517
commit bc69a67b05
1 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/main/scala/gitbucket/core/ssh/GitCommand.scala
View File

@@ -95,6 +95,24 @@ abstract class DefaultGitCommand(val owner: String, val repoName: String) extend
}
}
protected def isReadableUser(authType: AuthType, repositoryInfo: RepositoryService.RepositoryInfo)
(implicit session: Session): Boolean = {
authType match {
case AuthType.UserAuthType(username) => {
getAccountByUserName(username) match {
case Some(account) => hasGuestRole(owner, repoName, Some(account))
case None => false
}
}
case AuthType.DeployKeyType(key) => {
getDeployKeys(owner, repoName).filter(sshKey => SshUtil.str2PublicKey(sshKey.publicKey).exists(_ == key)) match {
case List(_) => true
case _ => false
}
}
}
}
protected def isWritableUser(authType: AuthType, repositoryInfo: RepositoryService.RepositoryInfo)
(implicit session: Session): Boolean = {
authType match {
@@ -106,7 +124,7 @@ abstract class DefaultGitCommand(val owner: String, val repoName: String) extend
}
case AuthType.DeployKeyType(key) => {
getDeployKeys(owner, repoName).filter(sshKey => SshUtil.str2PublicKey(sshKey.publicKey).exists(_ == key)) match {
case List(_) => true
case List(x) if x.allowWrite => true
case _ => false
}
}
@@ -122,7 +140,7 @@ class DefaultGitUploadPack(owner: String, repoName: String) extends DefaultGitCo
override protected def runTask(authType: AuthType): Unit = {
val execute = Database() withSession { implicit session =>
getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", "")).map { repositoryInfo =>
!repositoryInfo.repository.isPrivate || isWritableUser(authType, repositoryInfo)
!repositoryInfo.repository.isPrivate || isReadableUser(authType, repositoryInfo)
}.getOrElse(false)
}