(refs #1499)Allow guest users to read private repositories via HTTP

2026-01-05 07:09:56 +01:00 · 2017-03-17 21:44:18 +09:00
parent f165e89a8d
commit faa8f8aade
1 changed files with 9 additions and 4 deletions
--- a/src/main/scala/gitbucket/core/servlet/GitAuthenticationFilter.scala
+++ b/src/main/scala/gitbucket/core/servlet/GitAuthenticationFilter.scala
@@ -18,9 +18,9 @@ class GitAuthenticationFilter extends Filter with RepositoryService with Account
  private val logger = LoggerFactory.getLogger(classOf[GitAuthenticationFilter])

  def init(config: FilterConfig) = {}
-  
+
  def destroy(): Unit = {}
-  
+
  def doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain): Unit = {
    val request  = req.asInstanceOf[HttpServletRequest]
    val response = res.asInstanceOf[HttpServletResponse]
@@ -85,11 +85,16 @@ class GitAuthenticationFilter extends Filter with RepositoryService with Account
                  auth <- Option(request.getHeader("Authorization"))
                  Array(username, password) = AuthUtil.decodeAuthHeader(auth).split(":", 2)
                  account <- authenticate(settings, username, password)
-                } yield if (isUpdating || repository.repository.isPrivate) {
+                } yield if (isUpdating) {
                  if (hasDeveloperRole(repository.owner, repository.name, Some(account))) {
                    request.setAttribute(Keys.Request.UserName, account.userName)
                    true
                  } else false
+                } else if(repository.repository.isPrivate){
+                  if (hasGuestRole(repository.owner, repository.name, Some(account))) {
+                    request.setAttribute(Keys.Request.UserName, account.userName)
+                    true
+                  } else false
                } else true
                passed.getOrElse(false)
              }
@@ -114,4 +119,4 @@ class GitAuthenticationFilter extends Filter with RepositoryService with Account

    action()
  }
-}
+}