archived repositories are not writable

scm-core/src/main/java/sonia/scm/repository/PermissionUtil.java

@@ -37,6 +37,10 @@ package sonia.scm.repository;
 
 import com.google.inject.Provider;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import sonia.scm.config.ScmConfiguration;
 import sonia.scm.security.ScmSecurityException;
 import sonia.scm.user.User;
 import sonia.scm.util.AssertUtil;
@@ -54,6 +58,14 @@ import java.util.List;
 public class PermissionUtil
 {
 
+  /**
+   * the logger for PermissionUtil
+   */
+  private static final Logger logger =
+    LoggerFactory.getLogger(PermissionUtil.class);
+
+  //~--- methods --------------------------------------------------------------
+
   /**
    * Method description
    *
@@ -151,6 +163,40 @@ public class PermissionUtil
     return result;
   }
 
+  /**
+   * Returns true if the repository is writable.
+   *
+   *
+   * @param configuration SCM-Manager main configuration
+   * @param repository repository to check
+   * @param securityContext current user security context
+   *
+   * @return true if the repository is writable
+   * @since 1.14
+   */
+  public static boolean isWritable(ScmConfiguration configuration,
+                                    Repository repository,
+                                    WebSecurityContext securityContext)
+  {
+    boolean permitted = false;
+
+    if (configuration.isEnableRepositoryArchive() && repository.isArchived())
+    {
+      if (logger.isWarnEnabled())
+      {
+        logger.warn("{} is archived and is not writeable",
+                    repository.getName());
+      }
+    }
+    else
+    {
+      permitted = PermissionUtil.hasPermission(repository, securityContext,
+              PermissionType.WRITE);
+    }
+
+    return permitted;
+  }
+
   /**
    * Method description
    *

scm-core/src/main/java/sonia/scm/web/filter/PermissionFilter.java

@@ -41,6 +41,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import sonia.scm.SCMContext;
+import sonia.scm.config.ScmConfiguration;
 import sonia.scm.repository.PermissionType;
 import sonia.scm.repository.PermissionUtil;
 import sonia.scm.repository.Repository;
@@ -76,10 +77,14 @@ public abstract class PermissionFilter extends HttpFilter
    * Constructs ...
    *
    *
+   *
+   * @param configuration
    * @param securityContextProvider
    */
-  public PermissionFilter(Provider<WebSecurityContext> securityContextProvider)
+  public PermissionFilter(ScmConfiguration configuration,
+                          Provider<WebSecurityContext> securityContextProvider)
   {
+    this.configuration = configuration;
     this.securityContextProvider = securityContextProvider;
   }
 
@@ -139,10 +144,7 @@ public abstract class PermissionFilter extends HttpFilter
         {
           boolean writeRequest = isWriteRequest(request);
 
-          if (PermissionUtil.hasPermission(repository, securityContext,
-                                           writeRequest
-                                           ? PermissionType.WRITE
-                                           : PermissionType.READ))
+          if (hasPermission(repository, securityContext, writeRequest))
           {
             chain.doFilter(request, response);
           }
@@ -213,8 +215,43 @@ public abstract class PermissionFilter extends HttpFilter
     }
   }
 
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param repository
+   * @param securityContext
+   * @param writeRequest
+   *
+   * @return
+   */
+  private boolean hasPermission(Repository repository,
+                                WebSecurityContext securityContext,
+                                boolean writeRequest)
+  {
+    boolean permitted = false;
+
+    if (writeRequest)
+    {
+      permitted = PermissionUtil.isWritable(configuration, repository,
+              securityContext);
+    }
+    else
+    {
+      permitted = PermissionUtil.hasPermission(repository, securityContext,
+              PermissionType.READ);
+    }
+
+    return permitted;
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
   protected Provider<WebSecurityContext> securityContextProvider;
+
+  /** Field description */
+  private ScmConfiguration configuration;
 }

scm-core/src/main/java/sonia/scm/web/filter/ProviderPermissionFilter.java

@@ -44,6 +44,7 @@ import sonia.scm.web.security.WebSecurityContext;
 //~--- JDK imports ------------------------------------------------------------
 
 import javax.servlet.http.HttpServletRequest;
+import sonia.scm.config.ScmConfiguration;
 
 /**
  *
@@ -61,10 +62,11 @@ public abstract class ProviderPermissionFilter extends PermissionFilter
    * @param repositoryProvider
    */
   public ProviderPermissionFilter(
+          ScmConfiguration configuration,
           Provider<WebSecurityContext> securityContextProvider,
           RepositoryProvider repositoryProvider)
   {
-    super(securityContextProvider);
+    super(configuration, securityContextProvider);
     this.repositoryProvider = repositoryProvider;
   }
 

scm-core/src/main/java/sonia/scm/web/filter/RegexPermissionFilter.java

@@ -37,6 +37,7 @@ package sonia.scm.web.filter;
 
 import com.google.inject.Provider;
 
+import sonia.scm.config.ScmConfiguration;
 import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryManager;
 import sonia.scm.web.security.WebSecurityContext;
@@ -65,14 +66,17 @@ public abstract class RegexPermissionFilter extends PermissionFilter
    * Constructs ...
    *
    *
+   *
+   * @param configuration
    * @param securityContextProvider
    * @param repositoryManager
    */
   public RegexPermissionFilter(
+          ScmConfiguration configuration,
           Provider<WebSecurityContext> securityContextProvider,
           RepositoryManager repositoryManager)
   {
-    super(securityContextProvider);
+    super(configuration, securityContextProvider);
     this.repositoryManager = repositoryManager;
   }