diff --git a/src/main/resources/update/gitbucket-core_4.7.xml b/src/main/resources/update/gitbucket-core_4.7.xml index a128800..4eb2f03 100644 --- a/src/main/resources/update/gitbucket-core_4.7.xml +++ b/src/main/resources/update/gitbucket-core_4.7.xml @@ -1,7 +1,7 @@ - + diff --git a/src/main/scala/gitbucket/core/controller/ApiController.scala b/src/main/scala/gitbucket/core/controller/ApiController.scala index eddd941..e5229c3 100644 --- a/src/main/scala/gitbucket/core/controller/ApiController.scala +++ b/src/main/scala/gitbucket/core/controller/ApiController.scala @@ -524,7 +524,7 @@ }) private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean = - hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName + hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName } diff --git a/src/main/scala/gitbucket/core/controller/IssuesController.scala b/src/main/scala/gitbucket/core/controller/IssuesController.scala index 90aca13..f0afabb 100644 --- a/src/main/scala/gitbucket/core/controller/IssuesController.scala +++ b/src/main/scala/gitbucket/core/controller/IssuesController.scala @@ -84,7 +84,7 @@ getAssignableUserNames(owner, name), getMilestones(owner, name), getLabels(owner, name), - hasWritePermission(owner, name, context.loginAccount), + isManageable(repository), repository) } } else Unauthorized() @@ -386,7 +386,7 @@ * Tests whether an logged-in user can manage issues. */ private def isManageable(repository: RepositoryInfo)(implicit context: Context): Boolean = { - hasWritePermission(repository.owner, repository.name, context.loginAccount) + hasDeveloperRole(repository.owner, repository.name, context.loginAccount) } /** @@ -394,8 +394,9 @@ */ private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = { repository.repository.options.issuesOption match { - case "PUBLIC" => hasReadPermission(repository.owner, repository.name, context.loginAccount) - case "PRIVATE" => hasWritePermission(repository.owner, repository.name, context.loginAccount) + case "ALL" => !repository.repository.isPrivate && context.loginAccount.isDefined + case "PUBLIC" => hasGuestRole(repository.owner, repository.name, context.loginAccount) + case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount) case "DISABLE" => false } } @@ -404,7 +405,7 @@ * Tests whether an issue or a comment is editable by a logged-in user. */ private def isEditableContent(owner: String, repository: String, author: String)(implicit context: Context): Boolean = { - hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName + hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName } } diff --git a/src/main/scala/gitbucket/core/controller/LabelsController.scala b/src/main/scala/gitbucket/core/controller/LabelsController.scala index ab658eb..08c0aaa 100644 --- a/src/main/scala/gitbucket/core/controller/LabelsController.scala +++ b/src/main/scala/gitbucket/core/controller/LabelsController.scala @@ -29,7 +29,7 @@ getLabels(repository.owner, repository.name), countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty), repository, - hasWritePermission(repository.owner, repository.name, context.loginAccount)) + hasDeveloperRole(repository.owner, repository.name, context.loginAccount)) }) ajaxGet("/:owner/:repository/issues/labels/new")(writableUsersOnly { repository => @@ -43,7 +43,7 @@ // TODO futility countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty), repository, - hasWritePermission(repository.owner, repository.name, context.loginAccount)) + hasDeveloperRole(repository.owner, repository.name, context.loginAccount)) }) ajaxGet("/:owner/:repository/issues/labels/:labelId/edit")(writableUsersOnly { repository => @@ -59,7 +59,7 @@ // TODO futility countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty), repository, - hasWritePermission(repository.owner, repository.name, context.loginAccount)) + hasDeveloperRole(repository.owner, repository.name, context.loginAccount)) }) ajaxPost("/:owner/:repository/issues/labels/:labelId/delete")(writableUsersOnly { repository => diff --git a/src/main/scala/gitbucket/core/controller/MilestonesController.scala b/src/main/scala/gitbucket/core/controller/MilestonesController.scala index f75ea60..de81c73 100644 --- a/src/main/scala/gitbucket/core/controller/MilestonesController.scala +++ b/src/main/scala/gitbucket/core/controller/MilestonesController.scala @@ -27,7 +27,7 @@ params.getOrElse("state", "open"), getMilestonesWithIssueCount(repository.owner, repository.name), repository, - hasWritePermission(repository.owner, repository.name, context.loginAccount)) + hasDeveloperRole(repository.owner, repository.name, context.loginAccount)) }) get("/:owner/:repository/issues/milestones/new")(writableUsersOnly { diff --git a/src/main/scala/gitbucket/core/controller/PullRequestsController.scala b/src/main/scala/gitbucket/core/controller/PullRequestsController.scala index 548da42..16cef18 100644 --- a/src/main/scala/gitbucket/core/controller/PullRequestsController.scala +++ b/src/main/scala/gitbucket/core/controller/PullRequestsController.scala @@ -115,7 +115,7 @@ val hasConflict = LockUtil.lock(s"${owner}/${name}"){ checkConflict(owner, name, pullreq.branch, issueId) } - val hasMergePermission = hasWritePermission(owner, name, context.loginAccount) + val hasMergePermission = hasDeveloperRole(owner, name, context.loginAccount) val branchProtection = getProtectedBranchInfo(owner, name, pullreq.branch) val mergeStatus = PullRequestService.MergeStatus( hasConflict = hasConflict, @@ -125,7 +125,7 @@ needStatusCheck = context.loginAccount.map{ u => branchProtection.needStatusCheck(u.userName) }.getOrElse(true), - hasUpdatePermission = hasWritePermission(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount) && + hasUpdatePermission = hasDeveloperRole(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount) && context.loginAccount.map{ u => !getProtectedBranchInfo(pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.requestBranch).needStatusCheck(u.userName) }.getOrElse(false), @@ -163,7 +163,7 @@ (issue, pullreq) <- getPullRequest(baseRepository.owner, baseRepository.name, issueId) owner = pullreq.requestUserName name = pullreq.requestRepositoryName - if hasWritePermission(owner, name, context.loginAccount) + if hasDeveloperRole(owner, name, context.loginAccount) } yield { val branchProtection = getProtectedBranchInfo(owner, name, pullreq.requestBranch) if(branchProtection.needStatusCheck(loginAccount.userName)){ @@ -374,7 +374,7 @@ forkedRepository, originRepository, forkedRepository, - hasWritePermission(originRepository.owner, originRepository.name, context.loginAccount), + hasDeveloperRole(originRepository.owner, originRepository.name, context.loginAccount), getAssignableUserNames(originRepository.owner, originRepository.name), getMilestones(originRepository.owner, originRepository.name), getLabels(originRepository.owner, originRepository.name) @@ -389,7 +389,7 @@ }) getOrElse NotFound() }) - ajaxGet("/:owner/:repository/compare/*...*/mergecheck")(writableUsersOnly { forkedRepository => + ajaxGet("/:owner/:repository/compare/*...*/mergecheck")(readableUsersOnly { forkedRepository => val Seq(origin, forked) = multiParams("splat") val (originOwner, tmpOriginBranch) = parseCompareIdentifie(origin, forkedRepository.owner) val (forkedOwner, tmpForkedBranch) = parseCompareIdentifie(forked, forkedRepository.owner) @@ -544,7 +544,7 @@ * Tests whether an logged-in user can manage pull requests. */ private def isManageable(repository: RepositoryInfo)(implicit context: Context): Boolean = { - hasWritePermission(repository.owner, repository.name, context.loginAccount) + hasDeveloperRole(repository.owner, repository.name, context.loginAccount) } /** @@ -552,8 +552,9 @@ */ private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = { repository.repository.options.issuesOption match { - case "PUBLIC" => hasReadPermission(repository.owner, repository.name, context.loginAccount) - case "PRIVATE" => hasWritePermission(repository.owner, repository.name, context.loginAccount) + case "ALL" => !repository.repository.isPrivate && context.loginAccount.isDefined + case "PUBLIC" => hasGuestRole(repository.owner, repository.name, context.loginAccount) + case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount) case "DISABLE" => false } } diff --git a/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala b/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala index f9ea3d0..be35a20 100644 --- a/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala +++ b/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala @@ -179,8 +179,8 @@ val collaborators = params("collaborators") removeCollaborators(repository.owner, repository.name) collaborators.split(",").withFilter(_.nonEmpty).map { collaborator => - val userName :: permission :: Nil = collaborator.split(":").toList - addCollaborator(repository.owner, repository.name, userName, permission) + val userName :: role :: Nil = collaborator.split(":").toList + addCollaborator(repository.owner, repository.name, userName, role) } redirect(s"/${repository.owner}/${repository.name}/settings/collaborators") }) @@ -416,7 +416,7 @@ */ private def featureOption: Constraint = new Constraint(){ override def validate(name: String, value: String, params: Map[String, String], messages: Messages): Option[String] = - if(Seq("DISABLE", "PRIVATE", "PUBLIC").contains(value)) None else Some("Option is invalid.") + if(Seq("DISABLE", "PRIVATE", "PUBLIC", "ALL").contains(value)) None else Some("Option is invalid.") } diff --git a/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala b/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala index ad8b091..92f9bbf 100644 --- a/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala +++ b/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala @@ -110,7 +110,7 @@ enableLineBreaks = params("enableLineBreaks").toBoolean, enableTaskList = params("enableTaskList").toBoolean, enableAnchor = false, - hasWritePermission = hasWritePermission(repository.owner, repository.name, context.loginAccount) + hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount) ) }) @@ -151,7 +151,7 @@ html.commits(if(path.isEmpty) Nil else path.split("/").toList, branchName, repository, logs.splitWith{ (commit1, commit2) => view.helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime) - }, page, hasNext, hasWritePermission(repository.owner, repository.name, context.loginAccount)) + }, page, hasNext, hasDeveloperRole(repository.owner, repository.name, context.loginAccount)) case Left(_) => NotFound() } } @@ -275,7 +275,7 @@ html.blob(id, repository, path.split("/").toList, JGitUtil.getContentInfo(git, path, objectId), new JGitUtil.CommitInfo(JGitUtil.getLastModifiedCommit(git, revCommit, path)), - hasWritePermission(repository.owner, repository.name, context.loginAccount), + hasDeveloperRole(repository.owner, repository.name, context.loginAccount), request.paths(2) == "blame") } } getOrElse NotFound() @@ -329,7 +329,7 @@ JGitUtil.getBranchesOfCommit(git, revCommit.getName), JGitUtil.getTagsOfCommit(git, revCommit.getName), getCommitComments(repository.owner, repository.name, id, false), - repository, diffs, oldCommitId, hasWritePermission(repository.owner, repository.name, context.loginAccount)) + repository, diffs, oldCommitId, hasDeveloperRole(repository.owner, repository.name, context.loginAccount)) } } } @@ -358,7 +358,7 @@ html.commentform( commitId = id, fileName, oldLineNumber, newLineNumber, issueId, - hasWritePermission = hasWritePermission(repository.owner, repository.name, context.loginAccount), + hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository = repository ) }) @@ -374,7 +374,7 @@ callPullRequestReviewCommentWebHook("create", comment, repository, issueId, context.baseUrl, context.loginAccount.get) case None => recordCommentCommitActivity(repository.owner, repository.name, context.loginAccount.get.userName, id, form.content) } - helper.html.commitcomment(comment, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository) + helper.html.commitcomment(comment, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository) }) ajaxGet("/:owner/:repository/commit_comments/_data/:id")(readableUsersOnly { repository => @@ -393,7 +393,7 @@ enableRefsLink = true, enableAnchor = true, enableLineBreaks = true, - hasWritePermission = isEditable(x.userName, x.repositoryName, x.commentedUserName) + hasWritePermission = true ) )) } @@ -437,7 +437,7 @@ .map(br => (br, getPullRequestByRequestCommit(repository.owner, repository.name, repository.repository.defaultBranch, br.name, br.commitId), protectedBranches.contains(br.name))) .reverse - html.branches(branches, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository) + html.branches(branches, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository) }) /** @@ -547,7 +547,7 @@ */ private def fileList(repository: RepositoryService.RepositoryInfo, revstr: String = "", path: String = ".") = { if(repository.commitCount == 0){ - html.guide(repository, hasWritePermission(repository.owner, repository.name, context.loginAccount)) + html.guide(repository, hasDeveloperRole(repository.owner, repository.name, context.loginAccount)) } else { using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git => // get specified commit @@ -569,7 +569,7 @@ html.files(revision, repository, if(path == ".") Nil else path.split("/").toList, // current path new JGitUtil.CommitInfo(lastModifiedCommit), // last modified commit - files, readme, hasWritePermission(repository.owner, repository.name, context.loginAccount), + files, readme, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), getPullRequestFromBranch(repository.owner, repository.name, revstr, repository.repository.defaultBranch), flash.get("info"), flash.get("error")) } @@ -691,7 +691,7 @@ } private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean = - hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName + hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName override protected def renderUncaughtException(e: Throwable)(implicit request: HttpServletRequest, response: HttpServletResponse): Unit = { e.printStackTrace() diff --git a/src/main/scala/gitbucket/core/controller/WikiController.scala b/src/main/scala/gitbucket/core/controller/WikiController.scala index 64d0b27..f46b4be 100644 --- a/src/main/scala/gitbucket/core/controller/WikiController.scala +++ b/src/main/scala/gitbucket/core/controller/WikiController.scala @@ -242,9 +242,9 @@ private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = { repository.repository.options.wikiOption match { -// case "ALL" => repository.repository.isPrivate == false || hasReadPermission(repository.owner, repository.name, context.loginAccount) - case "PUBLIC" => hasReadPermission(repository.owner, repository.name, context.loginAccount) - case "PRIVATE" => hasWritePermission(repository.owner, repository.name, context.loginAccount) + case "ALL" => !repository.repository.isPrivate && context.loginAccount.isDefined + case "PUBLIC" => hasGuestRole(repository.owner, repository.name, context.loginAccount) + case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount) case "DISABLE" => false } } diff --git a/src/main/scala/gitbucket/core/model/Collaborator.scala b/src/main/scala/gitbucket/core/model/Collaborator.scala index 5036e3a..c810613 100644 --- a/src/main/scala/gitbucket/core/model/Collaborator.scala +++ b/src/main/scala/gitbucket/core/model/Collaborator.scala @@ -7,8 +7,8 @@ class Collaborators(tag: Tag) extends Table[Collaborator](tag, "COLLABORATOR") with BasicTemplate { val collaboratorName = column[String]("COLLABORATOR_NAME") - val permission = column[String]("PERMISSION") - def * = (userName, repositoryName, collaboratorName, permission) <> (Collaborator.tupled, Collaborator.unapply) + val role = column[String]("ROLE") + def * = (userName, repositoryName, collaboratorName, role) <> (Collaborator.tupled, Collaborator.unapply) def byPrimaryKey(owner: String, repository: String, collaborator: String) = byRepository(owner, repository) && (collaboratorName === collaborator.bind) @@ -19,15 +19,15 @@ userName: String, repositoryName: String, collaboratorName: String, - permission: String + role: String ) -sealed abstract class Permission(val name: String) +sealed abstract class Role(val name: String) -object Permission { - object ADMIN extends Permission("ADMIN") - object WRITE extends Permission("WRITE") - object READ extends Permission("READ") +object Role { + object ADMIN extends Role("ADMIN") + object DEVELOPER extends Role("DEVELOPER") + object GUEST extends Role("GUEST") // val values: Vector[Permission] = Vector(ADMIN, WRITE, READ) // diff --git a/src/main/scala/gitbucket/core/service/IssuesService.scala b/src/main/scala/gitbucket/core/service/IssuesService.scala index e604e0b..c050e79 100644 --- a/src/main/scala/gitbucket/core/service/IssuesService.scala +++ b/src/main/scala/gitbucket/core/service/IssuesService.scala @@ -434,7 +434,7 @@ } def getAssignableUserNames(owner: String, repository: String)(implicit s: Session): List[String] = { - (getCollaboratorUserNames(owner, repository, Seq(Permission.ADMIN, Permission.WRITE)) ::: + (getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)) ::: (if (getAccountByUserName(owner).get.isGroupAccount) getGroupMembers(owner).map(_.userName) else List(owner))).distinct.sorted } diff --git a/src/main/scala/gitbucket/core/service/RepositoryService.scala b/src/main/scala/gitbucket/core/service/RepositoryService.scala index 26fa159..11d6ba6 100644 --- a/src/main/scala/gitbucket/core/service/RepositoryService.scala +++ b/src/main/scala/gitbucket/core/service/RepositoryService.scala @@ -1,7 +1,7 @@ package gitbucket.core.service import gitbucket.core.controller.Context -import gitbucket.core.model.{Collaborator, Repository, RepositoryOptions, Account, Permission} +import gitbucket.core.model.{Collaborator, Repository, RepositoryOptions, Account, Role} import gitbucket.core.model.Profile._ import gitbucket.core.util.JGitUtil import profile.simple._ @@ -335,8 +335,8 @@ /** * Add collaborator (user or group) to the repository. */ - def addCollaborator(userName: String, repositoryName: String, collaboratorName: String, permission: String)(implicit s: Session): Unit = - Collaborators insert Collaborator(userName, repositoryName, collaboratorName, permission) + def addCollaborator(userName: String, repositoryName: String, collaboratorName: String, role: String)(implicit s: Session): Unit = + Collaborators insert Collaborator(userName, repositoryName, collaboratorName, role) /** * Remove all collaborators from the repository. @@ -359,38 +359,38 @@ * Returns the list of all collaborator name and permission which is sorted with ascending order. * If a group is added as a collaborator, this method returns users who are belong to that group. */ - def getCollaboratorUserNames(userName: String, repositoryName: String, filter: Seq[Permission] = Nil)(implicit s: Session): List[String] = { + def getCollaboratorUserNames(userName: String, repositoryName: String, filter: Seq[Role] = Nil)(implicit s: Session): List[String] = { val q1 = Collaborators .innerJoin(Accounts).on { case (t1, t2) => (t1.collaboratorName === t2.userName) && (t2.groupAccount === false.bind) } .filter { case (t1, t2) => t1.byRepository(userName, repositoryName) } - .map { case (t1, t2) => (t1.collaboratorName, t1.permission) } + .map { case (t1, t2) => (t1.collaboratorName, t1.role) } val q2 = Collaborators .innerJoin(Accounts).on { case (t1, t2) => (t1.collaboratorName === t2.userName) && (t2.groupAccount === true.bind) } .innerJoin(GroupMembers).on { case ((t1, t2), t3) => t2.userName === t3.groupName } .filter { case ((t1, t2), t3) => t1.byRepository(userName, repositoryName) } - .map { case ((t1, t2), t3) => (t3.userName, t1.permission) } + .map { case ((t1, t2), t3) => (t3.userName, t1.role) } q1.union(q2).list.filter { x => filter.isEmpty || filter.exists(_.name == x._2) }.map(_._1) } - def hasWritePermission(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = { + def hasDeveloperRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = { loginAccount match { case Some(a) if(a.isAdmin) => true case Some(a) if(a.userName == owner) => true case Some(a) if(getGroupMembers(owner).exists(_.userName == a.userName)) => true - case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Permission.ADMIN, Permission.WRITE)).contains(a.userName)) => true + case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)).contains(a.userName)) => true case _ => false } } - def hasReadPermission(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = { + def hasGuestRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = { loginAccount match { case Some(a) if(a.isAdmin) => true case Some(a) if(a.userName == owner) => true case Some(a) if(getGroupMembers(owner).exists(_.userName == a.userName)) => true - case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Permission.ADMIN, Permission.WRITE, Permission.READ)).contains(a.userName)) => true + case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER, Role.GUEST)).contains(a.userName)) => true case _ => false } } diff --git a/src/main/scala/gitbucket/core/servlet/GitAuthenticationFilter.scala b/src/main/scala/gitbucket/core/servlet/GitAuthenticationFilter.scala index c079eb8..d0b92bd 100644 --- a/src/main/scala/gitbucket/core/servlet/GitAuthenticationFilter.scala +++ b/src/main/scala/gitbucket/core/servlet/GitAuthenticationFilter.scala @@ -84,7 +84,7 @@ Array(username, password) = AuthUtil.decodeAuthHeader(auth).split(":", 2) account <- authenticate(settings, username, password) } yield if(isUpdating || repository.repository.isPrivate){ - if(hasWritePermission(repository.owner, repository.name, Some(account))){ + if(hasDeveloperRole(repository.owner, repository.name, Some(account))){ request.setAttribute(Keys.Request.UserName, account.userName) true } else false diff --git a/src/main/scala/gitbucket/core/ssh/GitCommand.scala b/src/main/scala/gitbucket/core/ssh/GitCommand.scala index f1ebb09..6e374b9 100644 --- a/src/main/scala/gitbucket/core/ssh/GitCommand.scala +++ b/src/main/scala/gitbucket/core/ssh/GitCommand.scala @@ -92,7 +92,7 @@ protected def isWritableUser(username: String, repositoryInfo: RepositoryService.RepositoryInfo) (implicit session: Session): Boolean = getAccountByUserName(username) match { - case Some(account) => hasWritePermission(repositoryInfo.owner, repositoryInfo.name, Some(account)) + case Some(account) => hasDeveloperRole(repositoryInfo.owner, repositoryInfo.name, Some(account)) case None => false } diff --git a/src/main/scala/gitbucket/core/util/Authenticator.scala b/src/main/scala/gitbucket/core/util/Authenticator.scala index b4cfef5..bbcb339 100644 --- a/src/main/scala/gitbucket/core/util/Authenticator.scala +++ b/src/main/scala/gitbucket/core/util/Authenticator.scala @@ -2,13 +2,11 @@ import gitbucket.core.controller.ControllerBase import gitbucket.core.service.{AccountService, RepositoryService} -import gitbucket.core.model.Permission +import gitbucket.core.model.Role import RepositoryService.RepositoryInfo import Implicits._ import ControlUtil._ -import scala.collection.Searching.search - /** * Allows only oneself and administrators. */ @@ -45,7 +43,7 @@ case Some(x) if(repository.owner == x.userName) => action(repository) // TODO Repository management is allowed for only group managers? case Some(x) if(getGroupMembers(repository.owner).exists { m => m.userName == x.userName && m.isManager == true }) => action(repository) - case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Permission.ADMIN)).contains(x.userName)) => action(repository) + case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Role.ADMIN)).contains(x.userName)) => action(repository) case _ => Unauthorized() } } getOrElse NotFound() @@ -156,7 +154,7 @@ case Some(x) if(x.isAdmin) => action(repository) case Some(x) if(paths(0) == x.userName) => action(repository) case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository) - case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Permission.ADMIN, Permission.WRITE)).contains(x.userName)) => action(repository) + case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Role.ADMIN, Role.DEVELOPER)).contains(x.userName)) => action(repository) case _ => Unauthorized() } } getOrElse NotFound() diff --git a/src/main/twirl/gitbucket/core/settings/collaborators.scala.html b/src/main/twirl/gitbucket/core/settings/collaborators.scala.html index 3aeb44d..70487da 100644 --- a/src/main/twirl/gitbucket/core/settings/collaborators.scala.html +++ b/src/main/twirl/gitbucket/core/settings/collaborators.scala.html @@ -2,7 +2,7 @@ isGroupRepository: Boolean, repository: gitbucket.core.service.RepositoryService.RepositoryInfo)(implicit context: gitbucket.core.controller.Context) @import gitbucket.core.view.helpers -@import gitbucket.core.model.Permission +@import gitbucket.core.model.Role @gitbucket.core.html.main("Settings", Some(repository)){ @gitbucket.core.html.menu("settings", repository){ @gitbucket.core.settings.html.menu("collaborators", repository){ @@ -77,7 +77,8 @@ $.post('@context.path/_user/existence', { 'userName': userName }, function(data, status){ if(data != ''){ - addListHTML(userName, '@Permission.ADMIN.name', '#' + id + '-list'); + addListHTML(userName, '@Role.ADMIN.name', '#' + id + '-list'); + $('#userName-' + id).val(''); } else { $('#error-' + id).text('User does not exist.'); } @@ -94,26 +95,26 @@ }); @collaborators.map { case (collaborator, isGroup) => - addListHTML('@collaborator.collaboratorName', '@collaborator.permission', @if(isGroup){'#group-list'}else{'#collaborator-list'}); + addListHTML('@collaborator.collaboratorName', '@collaborator.role', @if(isGroup){'#group-list'}else{'#collaborator-list'}); } - function addListHTML(userName, permission, id){ - var adminButton = $(''); - if(permission == '@Permission.ADMIN.name'){ + function addListHTML(userName, role, id){ + var adminButton = $(''); + if(role == '@Role.ADMIN.name'){ adminButton.addClass('active'); } - var writeButton = $(''); - if(permission == '@Permission.WRITE.name'){ + var writeButton = $(''); + if(role == '@Role.DEVELOPER.name'){ writeButton.addClass('active'); } - var readButton = $(''); - if(permission == '@Permission.READ.name'){ + var readButton = $(''); + if(role == '@Role.GUEST.name'){ readButton.addClass('active'); } $(id).append($('
  • ') .data('name', userName) - .append($('
    ') + .append($('
    ') .append(adminButton) .append(writeButton) .append(readButton)) diff --git a/src/main/twirl/gitbucket/core/settings/options.scala.html b/src/main/twirl/gitbucket/core/settings/options.scala.html index f978b58..835c14d 100644 --- a/src/main/twirl/gitbucket/core/settings/options.scala.html +++ b/src/main/twirl/gitbucket/core/settings/options.scala.html @@ -61,12 +61,17 @@
    +
    +
    +
    +
    +
    +