diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/ReceivePack.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/ReceivePack.java index 35c52bdfe..4d63ee68e 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/ReceivePack.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/ReceivePack.java @@ -126,6 +126,9 @@ public class ReceivePack { /** Identity to record action as within the reflog. */ private PersonIdent refLogIdent; + /** Filter used while advertising the refs to the client. */ + private RefFilter refFilter; + /** Hook to validate the update commands before execution. */ private PreReceiveHook preReceive; @@ -184,6 +187,7 @@ public class ReceivePack { allowDeletes = cfg.allowDeletes; allowNonFastForwards = cfg.allowNonFastForwards; allowOfsDelta = cfg.allowOfsDelta; + refFilter = RefFilter.DEFAULT; preReceive = PreReceiveHook.NULL; postReceive = PostReceiveHook.NULL; } @@ -335,6 +339,26 @@ public class ReceivePack { refLogIdent = pi; } + /** @return the filter used while advertising the refs to the client */ + public RefFilter getRefFilter() { + return refFilter; + } + + /** + * Set the filter used while advertising the refs to the client. + *

+ * Only refs allowed by this filter will be shown to the client. + * Clients may still attempt to create or update a reference hidden + * by the configured {@link RefFilter}. These attempts should be + * rejected by a matching {@link PreReceiveHook}. + * + * @param refFilter + * the filter; may be null to show all refs. + */ + public void setRefFilter(final RefFilter refFilter) { + this.refFilter = refFilter != null ? refFilter : RefFilter.DEFAULT; + } + /** @return get the hook invoked before updates occur. */ public PreReceiveHook getPreReceiveHook() { return preReceive; @@ -521,7 +545,7 @@ public class ReceivePack { if (biDirectionalPipe) sendAdvertisedRefs(new PacketLineOutRefAdvertiser(pckOut)); else - refs = db.getAllRefs(); + refs = refFilter.filter(db.getAllRefs()); recvCommands(); if (!commands.isEmpty()) { enableCapabilities(); @@ -589,7 +613,7 @@ public class ReceivePack { adv.advertiseCapability(CAPABILITY_REPORT_STATUS); if (allowOfsDelta) adv.advertiseCapability(CAPABILITY_OFS_DELTA); - refs = db.getAllRefs(); + refs = refFilter.filter(db.getAllRefs()); final Ref head = refs.remove(Constants.HEAD); adv.send(refs); if (head != null && !head.isSymbolic()) diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/RefFilter.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/RefFilter.java new file mode 100644 index 000000000..e46195fc1 --- /dev/null +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/RefFilter.java @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2010, Google Inc. + * and other copyright owners as documented in the project's IP log. + * + * This program and the accompanying materials are made available + * under the terms of the Eclipse Distribution License v1.0 which + * accompanies this distribution, is reproduced below, and is + * available at http://www.eclipse.org/org/documents/edl-v10.php + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * - Neither the name of the Eclipse Foundation, Inc. nor the + * names of its contributors may be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +package org.eclipse.jgit.transport; + +import java.util.Map; + +import org.eclipse.jgit.lib.Ref; + +/** + * Filters the list of refs that are advertised to the client. + *

+ * The filter is called by {@link ReceivePack} and {@link UploadPack} to ensure + * that the refs are filtered before they are advertised to the client. + *

+ * This can be used by applications to control visibility of certain refs based + * on a custom set of rules. + */ +public interface RefFilter { + /** The default filter, allows all refs to be shown. */ + public static final RefFilter DEFAULT = new RefFilter() { + public Map filter (final Map refs) { + return refs; + } + }; + + /** + * Filters a {@code Map} of refs before it is advertised to the client. + * + * @param refs + * the refs which this method need to consider. + * @return + * the filtered map of refs. + */ + public Map filter(Map refs); +} diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java index 57bb2adbf..b76b22b77 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java @@ -131,6 +131,9 @@ public class UploadPack { /** The refs we advertised as existing at the start of the connection. */ private Map refs; + /** Filter used while advertising the refs to the client. */ + private RefFilter refFilter; + /** Capabilities requested by the client. */ private final Set options = new HashSet(); @@ -183,9 +186,10 @@ public class UploadPack { SAVE.add(ADVERTISED); SAVE.add(WANT); SAVE.add(PEER_HAS); + refFilter = RefFilter.DEFAULT; } - /** @return the repository this receive completes into. */ + /** @return the repository this upload is reading from. */ public final Repository getRepository() { return db; } @@ -233,6 +237,26 @@ public class UploadPack { biDirectionalPipe = twoWay; } + /** @return the filter used while advertising the refs to the client */ + public RefFilter getRefFilter() { + return refFilter; + } + + /** + * Set the filter used while advertising the refs to the client. + *

+ * Only refs allowed by this filter will be sent to the client. This can + * be used by a server to restrict the list of references the client can + * obtain through clone or fetch, effectively limiting the access to only + * certain refs. + * + * @param refFilter + * the filter; may be null to show all refs. + */ + public void setRefFilter(final RefFilter refFilter) { + this.refFilter = refFilter != null ? refFilter : RefFilter.DEFAULT; + } + /** * Execute the upload task on the socket. * @@ -285,7 +309,7 @@ public class UploadPack { if (biDirectionalPipe) sendAdvertisedRefs(new PacketLineOutRefAdvertiser(pckOut)); else { - refs = db.getAllRefs(); + refs = refFilter.filter(db.getAllRefs()); for (Ref r : refs.values()) { try { walk.parseAny(r.getObjectId()).add(ADVERTISED); @@ -329,7 +353,7 @@ public class UploadPack { adv.advertiseCapability(OPTION_THIN_PACK); adv.advertiseCapability(OPTION_NO_PROGRESS); adv.setDerefTags(true); - refs = db.getAllRefs(); + refs = refFilter.filter(db.getAllRefs()); adv.send(refs); adv.end(); }