gitbucket · takezoe · Nov 12, 2018 · Nov 12, 2018
@@ -64,7 +64,7 @@ class Plugin extends gitbucket.core.plugin.Plugin {
     (context: Context) => Some(Link("snippets", "Snippets", "gist"))
   )
   override val profileTabs = Seq(
-    (account: Account, context: Context) => if(account.isGroupAccount) None else Some(Link("snippets", "Snippets", s"gist/${account.userName}/_profile"))
+    (account: Account, context: Context) => Some(Link("snippets", "Snippets", s"gist/${account.userName}/_profile"))
   )
   override val assetsMappings = Seq("/gist" -> "/gitbucket/gist/assets")
 

@@ -92,16 +92,17 @@ trait GistControllerBase extends ControllerBase {
         val files: Seq[(String, JGitUtil.ContentInfo)] = JGitUtil.getFileList(git, "master", ".").map { file =>
           (if(isGistFile(file.name)) "" else file.name) -> JGitUtil.getContentInfo(git, file.name, file.id)
         }
-        html.edit(getGist(userName, repoName), files)
+        html.edit(getGist(userName, repoName), files, None)
       }
     }
   })
 
   post("/gist/_new")(usersOnly {
-    if(context.loginAccount.isDefined){
-      val loginAccount = context.loginAccount.get
-      val files = getFileParameters()
+    val loginAccount = context.loginAccount.get
+    val userName     = params.getOrElse("userName", loginAccount.userName)
 
+    if(isEditable(userName, loginUserGroups)) {
+      val files = getFileParameters()
       if(files.isEmpty){
         redirect(s"/gist")
 
@@ -110,14 +111,14 @@ trait GistControllerBase extends ControllerBase {
         val description = params("description")
 
         // Create new repository
-        val repoName = StringUtil.md5(loginAccount.userName + " " + datetime(new java.util.Date()))
-        val gitdir   = new File(GistRepoDir, loginAccount.userName + "/" + repoName)
+        val repoName = StringUtil.md5(userName + " " + datetime(new java.util.Date()))
+        val gitdir   = new File(GistRepoDir, userName + "/" + repoName)
         gitdir.mkdirs()
         JGitUtil.initRepository(gitdir)
 
         // Insert record
         registerGist(
-          loginAccount.userName,
+          userName,
           repoName,
           getTitle(files.head._1, repoName),
           description,
@@ -129,9 +130,9 @@ trait GistControllerBase extends ControllerBase {
           commitFiles(git, loginAccount, "Initial commit", files)
         }
 
-        redirect(s"/gist/${loginAccount.userName}/${repoName}")
+        redirect(s"/gist/${userName}/${repoName}")
       }
-    }
+    } else Unauthorized()
   })
 
   post("/gist/:userName/:repoName/edit")(editorOnly {
@@ -166,14 +167,14 @@ trait GistControllerBase extends ControllerBase {
       refUpdate.update()
     }
 
-    redirect(s"/gist/${loginAccount.userName}/${repoName}")
+    redirect(s"/gist/${userName}/${repoName}")
   })
 
   get("/gist/:userName/:repoName/delete")(editorOnly {
     val userName = params("userName")
     val repoName = params("repoName")
 
-    if(isEditable(userName)){
+    if(isEditable(userName, loginUserGroups)){
       deleteGist(userName, repoName)
 
       val gitdir = new File(GistRepoDir, userName + "/" + repoName)
@@ -205,7 +206,7 @@ trait GistControllerBase extends ControllerBase {
             gist,
             getForkedCount(originUserName, originRepoName),
             GistRepositoryURL(gist, baseUrl, context.settings),
-            isEditable(userName),
+            isEditable(userName, loginUserGroups),
             commits
           )
         }
@@ -268,12 +269,18 @@ trait GistControllerBase extends ControllerBase {
       getUserGists(userName, context.loginAccount.map(_.userName), 0, Limit),
       countUserGists(userName, context.loginAccount.map(_.userName))
     )
+
+    val createSnippet = context.loginAccount.exists { loginAccount =>
+      loginAccount.userName == userName || getGroupsByUserName(loginAccount.userName).contains(userName)
+    }
+
     getAccountByUserName(userName).map { account =>
       html.profile(
-        account,
-        if(account.isGroupAccount) Nil else getGroupsByUserName(userName),
-        getAccountExtraMailAddresses(userName),
-        result._1
+        account            = account,
+        groupNames         = if(account.isGroupAccount) Nil else getGroupsByUserName(userName),
+        extraMailAddresses = getAccountExtraMailAddresses(userName),
+        gists              = result._1,
+        createSnippet      = createSnippet
       )
     } getOrElse NotFound
   }
@@ -283,7 +290,11 @@ trait GistControllerBase extends ControllerBase {
   }
 
   get("/gist/_new")(usersOnly {
-    html.edit(None, Seq(("", JGitUtil.ContentInfo("text", None, None, Some("UTF-8")))))
+    val userName = params.get("userName")
+
+    if(isEditable(userName.getOrElse(context.loginAccount.get.userName), loginUserGroups)){
+      html.edit(None, Seq(("", JGitUtil.ContentInfo("text", None, None, Some("UTF-8")))), userName)
+    } else Unauthorized()
   })
 
   get("/gist/_add"){
@@ -335,7 +346,7 @@ trait GistControllerBase extends ControllerBase {
         getForkedCount(userName, repoName),
         GistRepositoryURL(gist, baseUrl, context.settings),
         getForkedGists(userName, repoName),
-        isEditable(userName)
+        isEditable(userName, loginUserGroups)
       )
     } getOrElse NotFound
   }
@@ -503,7 +514,7 @@ trait GistControllerBase extends ControllerBase {
       revision,
       getGistFiles(userName, repoName, revision),
       getGistComments(userName, repoName),
-      isEditable(userName)
+      isEditable(userName, loginUserGroups)
     )
   }
 
@@ -526,4 +537,10 @@ trait GistControllerBase extends ControllerBase {
     }
   }
 
+  private def loginUserGroups: Seq[String] = {
+    context.loginAccount.map { account =>
+      getGroupsByUserName(account.userName)
+    }.getOrElse(Nil)
+  }
+
 }
@@ -1,21 +1,22 @@
 package gitbucket.gist.util
 
 import gitbucket.core.controller.ControllerBase
+import gitbucket.core.service.AccountService
 import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 
 /**
  * Allows only editor of the accessed snippet.
  */
-trait GistEditorAuthenticator { self: ControllerBase =>
+trait GistEditorAuthenticator { self: ControllerBase with AccountService =>
   protected def editorOnly(action: => Any) = { authenticate(action) }
   protected def editorOnly[T](action: T => Any) = (form: T) => { authenticate(action(form)) }
 
   private def authenticate(action: => Any) = {
     {
       defining(request.paths){ paths =>
         if(context.loginAccount.map { loginAccount =>
-          loginAccount.isAdmin || loginAccount.userName == paths(1)
+          loginAccount.isAdmin || loginAccount.userName == paths(1) || getGroupsByUserName(loginAccount.userName).contains(paths(1))
         }.getOrElse(false)){
           action
         } else {

@@ -12,9 +12,9 @@ import org.eclipse.jgit.lib.{FileMode, Constants, ObjectId}
 
 object GistUtils {
 
-  def isEditable(userName: String)(implicit context: Context): Boolean = {
+  def isEditable(userName: String, groupNames: Seq[String])(implicit context: Context): Boolean = {
     context.loginAccount.map { loginAccount =>
-      loginAccount.isAdmin || loginAccount.userName == userName
+      loginAccount.isAdmin || loginAccount.userName == userName || groupNames.contains(userName)
     }.getOrElse(false)
   }
 

@@ -1,5 +1,6 @@
 @(gist: Option[gitbucket.gist.model.Gist],
-  files: Seq[(String, gitbucket.core.util.JGitUtil.ContentInfo)])(implicit context: gitbucket.core.controller.Context)
+  files: Seq[(String, gitbucket.core.util.JGitUtil.ContentInfo)],
+  userName: Option[String])(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.gist.model.Mode
 @import gitbucket.core.view.helpers
 @gitbucket.core.html.main("Snippets"){
@@ -62,6 +63,9 @@ <h1 style="margin: 0px;">New snippet</h1>
               }
             </div>
           </div>
+          @userName.map { userName =>
+            <input type="hidden" id="userName" name="userName" value="@userName"/>
+          }
           <input type="hidden" id="count" name="count" value="@files.size"/>
         </form>
       </div>

@@ -1,7 +1,12 @@
 @(account: gitbucket.core.model.Account, groupNames: List[String], extraMailAddresses: List[String],
-  gists: Seq[gitbucket.gist.model.Gist])(implicit context: gitbucket.core.controller.Context)
+  gists: Seq[gitbucket.gist.model.Gist], createSnippet: Boolean)(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.gist.model.Mode
 @gitbucket.core.account.html.main(account, groupNames, "snippets", extraMailAddresses){
+  @if(createSnippet){
+    <div class="pull-right">
+      <a href="@context.path/gist/_new?userName=@account.userName" class="btn btn-success">Create snippet</a>
+    </div>
+  }
   @if(gists.isEmpty){
     No snippets
   } else {