diff --git a/doc/authenticator.md b/doc/authenticator.md new file mode 100644 index 0000000..d1c51b2 --- /dev/null +++ b/doc/authenticator.md @@ -0,0 +1,58 @@ +Authentication in Controller +======== +GitBucket provides many [authenticators](https://github.com/gitbucket/gitbucket/blob/master/src/main/scala/gitbucket/core/util/Authenticator.scala) to access controlling in the controller. + +For example, in the case of `RepositoryViwerController`, +it references three authenticators, `ReadableUsersAuthenticator`, `ReferrerAuthenticator` and `CollaboratorsAuthenticator`: + +```scala +class RepositoryViewerController extends RepositoryViewerControllerBase + with RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService + with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService + with WebHookPullRequestService with WebHookPullRequestReviewCommentService + +trait RepositoryViewerControllerBase extends ControllerBase { + self: RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService + with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService + with WebHookPullRequestService with WebHookPullRequestReviewCommentService => + + ... +``` + +- `ReadableUsersAuthenticator` provides `readableUsersOnly` method +- `ReferrerAuthenticator` provides `referrersOnly` method +- `CollaboratorsAuthenticator` provides `collaboratorsOnly` method + +These methods are available in each actions as below: + +```scala +// Allows only the repository owner (or manager for group repository) and administrators. +get("/:owner/:repository/tree/*")(referrersOnly { repository => + ... +}) + +// Allows only collaborators and administrators. +get("/:owner/:repository/new/*")(collaboratorsOnly { repository => + ... +}) + +// Allows only signed in users which can access the repository. +post("/:owner/:repository/commit/:id/comment/new", commentForm)(readableUsersOnly { (form, repository) => + ... +}) +``` + +Currently, GitBucket provides below authenticators: + +|Trait | Method | Description | +|--------------------------|-----------------|--------------------------------------------------------------------------------------| +|OneselfAuthenticator |oneselfOnly |Allows only oneself and administrators. | +|OwnerAuthenticator |ownerOnly |Allows only the repository owner and administrators. | +|UsersAuthenticator |usersOnly |Allows only signed in users. | +|AdminAuthenticator |adminOnly |Allows only administrators. | +|CollaboratorsAuthenticator|collaboratorsOnly|Allows only collaborators and administrators. | +|ReferrerAuthenticator |referrersOnly |Allows only the repository owner (or manager for group repository) and administrators.| +|ReadableUsersAuthenticator|readableUsersOnly|Allows only signed in users which can access the repository. | +|GroupManagerAuthenticator |managersOnly |Allows only the group managers. | + +Of course, if you make a new plugin, you can define a your own authenticator according to requirement in your plugin. \ No newline at end of file diff --git a/doc/readme.md b/doc/readme.md index bf69b5c..d4e3c58 100644 --- a/doc/readme.md +++ b/doc/readme.md @@ -3,7 +3,7 @@ * [How to run from source tree](how_to_run.md) * [Directory Structure](directory.md) * [Mapping and Validation](validation.md) - * Authentication in Controller (not yet) + * [Authentication in Controller](authenticator.md) * [About Action in Issue Comment](comment_action.md) * [Activity Types](activity.md) * [Notification Email](notification.md)