fix permission bug in scm-bzr-plugin

plugins/scm-bzr-plugin/src/main/java/sonia/scm/web/BzrCGIServlet.java

@@ -36,19 +36,24 @@ package sonia.scm.web;
 //~--- non-JDK imports --------------------------------------------------------
 
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
 import sonia.scm.io.RegexResourceProcessor;
 import sonia.scm.io.ResourceProcessor;
 import sonia.scm.repository.BzrConfig;
 import sonia.scm.repository.BzrRepositoryHandler;
+import sonia.scm.repository.PermissionType;
+import sonia.scm.repository.PermissionUtil;
 import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryManager;
+import sonia.scm.security.SecurityContext;
 import sonia.scm.util.AssertUtil;
 import sonia.scm.util.HttpUtil;
 import sonia.scm.util.IOUtil;
 import sonia.scm.web.cgi.AbstractCGIServlet;
 import sonia.scm.web.cgi.EnvList;
+import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
 
@@ -81,6 +86,10 @@ public class BzrCGIServlet extends AbstractCGIServlet
   /** Field description */
   public static final String ENV_REPOSITORY_PATH = "SCM_REPOSITORY_PATH";
 
+  /** Field description */
+  public static final String ENV_REPOSITORY_READONLY =
+    "SCM_REPOSITORY_READONLY";
+
   /** Field description */
   public static final String MIMETYPE_HTML = "text/html";
 
@@ -107,13 +116,17 @@ public class BzrCGIServlet extends AbstractCGIServlet
    * Constructs ...
    *
    *
+   *
+   * @param securityContextProvider
    * @param repositoryManager
    * @param handler
    */
   @Inject
-  public BzrCGIServlet(RepositoryManager repositoryManager,
+  public BzrCGIServlet(Provider<WebSecurityContext> securityContextProvider,
+                       RepositoryManager repositoryManager,
                        BzrRepositoryHandler handler)
   {
+    this.securityContextProvider = securityContextProvider;
     this.repositoryManager = repositoryManager;
     this.handler = handler;
   }
@@ -178,6 +191,17 @@ public class BzrCGIServlet extends AbstractCGIServlet
 
     list.set(ENV_PYTHON_PATH, pythonPath);
 
+    boolean writePermission = hasWritePermission(repository);
+
+    if (writePermission)
+    {
+      list.set(ENV_REPOSITORY_READONLY, "False");
+    }
+    else
+    {
+      list.set(ENV_REPOSITORY_READONLY, "True");
+    }
+
     return list;
   }
 
@@ -334,6 +358,22 @@ public class BzrCGIServlet extends AbstractCGIServlet
                                  repositoryname);
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param repository
+   *
+   * @return
+   */
+  private boolean hasWritePermission(Repository repository)
+  {
+    WebSecurityContext securityContext = securityContextProvider.get();
+
+    return PermissionUtil.hasPermission(repository, securityContext.getUser(),
+            PermissionType.WRITE);
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
@@ -344,4 +384,7 @@ public class BzrCGIServlet extends AbstractCGIServlet
 
   /** Field description */
   private RepositoryManager repositoryManager;
+
+  /** Field description */
+  private Provider<WebSecurityContext> securityContextProvider;
 }

plugins/scm-bzr-plugin/src/main/java/sonia/scm/web/BzrPermissionFilter.java

@@ -96,6 +96,6 @@ public class BzrPermissionFilter extends RegexPermissionFilter
   @Override
   protected boolean isWriteRequest(HttpServletRequest request)
   {
-    return !request.getMethod().equalsIgnoreCase("GET");
+    return false;
   }
 }

plugins/scm-bzr-plugin/src/main/resources/sonia/scm/bzrweb.py

@@ -10,6 +10,11 @@ if len(pythonPath) > 0:
 
 repositoryPath = os.environ['SCM_REPOSITORY_PATH']
 repositoryName = os.environ['REPO_NAME']
+readonlyString = os.environ['SCM_REPOSITORY_READONLY']
+readonly = True
+
+if readonlyString == 'False':
+  readonly = False
 
 def run_with_cgi(application):
 
@@ -76,7 +81,7 @@ def application(environ, start_response):
       root=repositoryPath,
       prefix="/"+repositoryName,
       path_var='PATH_INFO',
-      readonly=False,
+      readonly=readonly,
       enable_logging=True)
   return app(environ, start_response)