use PermissionFilter for mercurial repositories

plugins/scm-hg-plugin/src/main/java/sonia/scm/api/rest/resources/HgConfigResource.java

@@ -46,8 +46,6 @@ import sonia.scm.web.HgWebConfigWriter;
 
 import java.io.IOException;
 
-import javax.servlet.ServletContext;
-
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;

plugins/scm-hg-plugin/src/main/java/sonia/scm/repository/HgRepositoryHandler.java

@@ -310,6 +310,44 @@ public class HgRepositoryHandler extends AbstractRepositoryHandler<HgConfig>
     return repositories;
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param repositoryname
+   *
+   * @return
+   */
+  public Repository getByName(String repositoryname)
+  {
+    Repository repository = null;
+
+    for (Repository r : getAll())
+    {
+      if (r.getName().equals(repositoryname))
+      {
+        repository = r;
+
+        break;
+      }
+    }
+
+    return repository;
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param repository
+   *
+   * @return
+   */
+  public File getDirectory(Repository repository)
+  {
+    return new File(config.getRepositoryDirectory(), repository.getName());
+  }
+
   /**
    * Method description
    *
@@ -534,19 +572,6 @@ public class HgRepositoryHandler extends AbstractRepositoryHandler<HgConfig>
     return new File(config.getRepositoryDirectory(), id);
   }
 
-  /**
-   * Method description
-   *
-   *
-   * @param repository
-   *
-   * @return
-   */
-  private File getDirectory(Repository repository)
-  {
-    return new File(config.getRepositoryDirectory(), repository.getName());
-  }
-
   /**
    * Method description
    *

plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgCGIServlet.java

@@ -29,19 +29,28 @@
  *
  */
 
+
+
 package sonia.scm.web;
 
 //~--- non-JDK imports --------------------------------------------------------
 
+import com.google.inject.Inject;
 import com.google.inject.Singleton;
 
+import sonia.scm.repository.HgRepositoryHandler;
+import sonia.scm.repository.Repository;
 import sonia.scm.web.cgi.AbstractCGIServlet;
+import sonia.scm.web.cgi.EnvList;
 
 //~--- JDK imports ------------------------------------------------------------
 
 import java.io.File;
 import java.io.IOException;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 
@@ -53,9 +62,33 @@ import javax.servlet.http.HttpServletRequest;
 public class HgCGIServlet extends AbstractCGIServlet
 {
 
+  /** Field description */
+  public static final String ENV_REPOSITORY_NAME = "REPO_NAME";
+
+  /** Field description */
+  public static final String ENV_REPOSITORY_PATH = "SCM_REPOSITORY_PATH";
+
   /** Field description */
   private static final long serialVersionUID = -3492811300905099810L;
 
+  /** Field description */
+  public static final Pattern PATTERN_REPOSITORYNAME =
+    Pattern.compile("/[^/]+/([^/]+)(?:/.*)?");
+
+  //~--- constructors ---------------------------------------------------------
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param handler
+   */
+  @Inject
+  public HgCGIServlet(HgRepositoryHandler handler)
+  {
+    this.handler = handler;
+  }
+
   //~--- methods --------------------------------------------------------------
 
   /**
@@ -71,6 +104,39 @@ public class HgCGIServlet extends AbstractCGIServlet
     super.init();
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   * @param baseEnvironment
+   *
+   * @return
+   *
+   * @throws ServletException
+   */
+  @Override
+  protected EnvList createRequestEnvironment(HttpServletRequest request,
+          EnvList baseEnvironment)
+          throws ServletException
+  {
+    EnvList list = new EnvList(baseEnvironment);
+    Repository repository = getRepository(request);
+
+    if (repository == null)
+    {
+      throw new ServletException("repository not found");
+    }
+
+    String name = repository.getName();
+    File directory = handler.getDirectory(repository);
+
+    list.set(ENV_REPOSITORY_PATH, directory.getAbsolutePath());
+    list.set(ENV_REPOSITORY_NAME, name);
+
+    return list;
+  }
+
   //~--- get methods ----------------------------------------------------------
 
   /**
@@ -91,8 +157,51 @@ public class HgCGIServlet extends AbstractCGIServlet
     return command;
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   *
+   * @return
+   */
+  protected Repository getRepository(HttpServletRequest request)
+  {
+    Repository repository = null;
+    String uri = request.getRequestURI();
+
+    uri = uri.substring(request.getContextPath().length());
+
+    Matcher m = PATTERN_REPOSITORYNAME.matcher(uri);
+
+    if (m.matches())
+    {
+      String repositoryname = m.group(1);
+
+      repository = getRepository(repositoryname);
+    }
+
+    return repository;
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param repositoryname
+   *
+   * @return
+   */
+  private Repository getRepository(String repositoryname)
+  {
+    return handler.getByName(repositoryname);
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
   private File command;
+
+  /** Field description */
+  private HgRepositoryHandler handler;
 }

plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgPermissionFilter.java

@@ -0,0 +1,108 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 3. Neither the name of SCM-Manager; nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.web;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+
+import sonia.scm.repository.HgRepositoryHandler;
+import sonia.scm.repository.Repository;
+import sonia.scm.web.filter.PermissionFilter;
+import sonia.scm.web.security.SecurityContext;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+@Singleton
+public class HgPermissionFilter extends PermissionFilter
+{
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param securityContextProvider
+   * @param handler
+   */
+  @Inject
+  public HgPermissionFilter(Provider<SecurityContext> securityContextProvider,
+                            HgRepositoryHandler handler)
+  {
+    super(securityContextProvider);
+    this.handler = handler;
+  }
+
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param name
+   *
+   * @return
+   */
+  @Override
+  protected Repository getRepository(String name)
+  {
+    return handler.getByName(name);
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param request
+   *
+   * @return
+   */
+  @Override
+  protected boolean isWriteRequest(HttpServletRequest request)
+  {
+    return !request.getMethod().equalsIgnoreCase("GET");
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private HgRepositoryHandler handler;
+}

plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgServletModule.java

@@ -29,6 +29,8 @@
  *
  */
 
+
+
 package sonia.scm.web;
 
 //~--- non-JDK imports --------------------------------------------------------
@@ -44,6 +46,11 @@ import sonia.scm.web.filter.BasicAuthenticationFilter;
 public class HgServletModule extends ServletModule
 {
 
+  /** Field description */
+  public static final String MAPPING_HG = "/hg/*";
+
+  //~--- methods --------------------------------------------------------------
+
   /**
    * Method description
    *
@@ -51,7 +58,8 @@ public class HgServletModule extends ServletModule
   @Override
   protected void configureServlets()
   {
-    filter("/hg/*").through(BasicAuthenticationFilter.class);
-    serve("/hg/*").with(HgCGIServlet.class);
+    filter(MAPPING_HG).through(BasicAuthenticationFilter.class);
+    filter(MAPPING_HG).through(HgPermissionFilter.class);
+    serve(MAPPING_HG).with(HgCGIServlet.class);
   }
 }