Add authentication to the repository setting page.

src/main/scala/app/ControllerBase.scala

@@ -5,14 +5,18 @@ import org.scalatra._
 import org.scalatra.json._
 import org.json4s._
 import jp.sf.amateras.scalatra.forms._
+import service.AccountService
 
 /**
  * Provides generic features for ScalatraServlet implementations.
  */
 abstract class ControllerBase extends ScalatraFilter with ClientSideValidationFormSupport with JacksonJsonSupport {
-  
+
   implicit val jsonFormats = DefaultFormats
-  
+
+  /**
+   * Returns the context object for the request.
+   */
   implicit def context: Context = Context(servletContext.getContextPath, LoginAccount)
   
   private def LoginAccount: Option[Account] = {
@@ -22,6 +26,35 @@ abstract class ControllerBase extends ScalatraFilter with ClientSideValidationFo
     }
   }
 
+  /**
+   * Allows only the repository owner and administrators.
+   */
+  protected def ownerOnly(action: => Any) = {
+    {
+      context.loginAccount match {
+        case Some(x) if(x.userType == AccountService.Administrator) => action
+        case Some(x) if(request.getRequestURI.split("/")(1) == x.userName) => action
+        case _ => redirect("/signin")
+      }
+    }
+  }
+
+  /**
+   * Allows only the repository owner and administrators.
+   */
+  protected def ownerOnly[T](action: T => Any) = {
+    (form: T) => {
+      context.loginAccount match {
+        case Some(x) if(x.userType == AccountService.Administrator) => action(form)
+        case Some(x) if(request.getRequestURI.split("/")(1) == x.userName) => action(form)
+        case _ => redirect("/signin")
+      }
+    }
+  }
+
+  /**
+   * Allows only signed in users.
+   */
   protected def usersOnly(action: => Any) = {
     {
       context.loginAccount match {
@@ -31,6 +64,9 @@ abstract class ControllerBase extends ScalatraFilter with ClientSideValidationFo
     }
   }
 
+  /**
+   * Allows only signed in users.
+   */
   protected def usersOnly[T](action: T => Any) = {
     (form: T) => {
       context.loginAccount match {