Start enforcing user restrictions for individual projects
Start enforcing user restrictions for individual projects

--- a/include/controller/ControllerBase.class.php
+++ b/include/controller/ControllerBase.class.php
@@ -128,6 +128,11 @@
 			$project = $this->projectList->GetProject($this->params['project']);
 			if (!$project) {
 				throw new GitPHP_InvalidProjectParameterException($this->params['project']);
+			}
+			if ($this->userList && ($this->userList->GetCount() > 0)) {
+				if (!$project->UserCanAccess((!empty($_SESSION['gitphpuser']) ? $_SESSION['gitphpuser'] : null))) {
+					throw new GitPHP_ProtectedProjectException($this->params['project']);
+				}
 			}
 			$this->project = $project->GetProject();
 		}

--- a/include/controller/Controller_Message.class.php
+++ b/include/controller/Controller_Message.class.php
@@ -38,7 +38,13 @@
 		if (!empty($this->params['project']) && $this->projectList) {
 			$project = $this->projectList->GetProject($this->params['project']);
 			if ($project) {
-				$this->project = $project->GetProject();
+				if ($this->userList && ($this->userList->GetCount() > 0)) {
+					if ($project->UserCanAccess((!empty($_SESSION['gitphpuser']) ? $_SESSION['gitphpuser'] : null))) {
+						$this->project = $project->GetProject();
+					}
+				} else {
+					$this->project = $project->GetProject();
+				}
 			}
 		}
 
@@ -256,6 +262,13 @@
 			return sprintf('File %1$s not found', $exception->File);
 		}
 
+		if ($exception instanceof GitPHP_ProtectedProjectException) {
+			if ($this->resource)
+				return sprintf($this->resource->translate('You are not authorized to access project %1$s'), $exception->Project);
+
+			return sprintf('You are not authorized to access project %1$s', $exception->Project);
+		}
+
 		return $exception->getMessage();
 	}
 

--- a/include/controller/Controller_Snapshot.class.php
+++ b/include/controller/Controller_Snapshot.class.php
@@ -48,6 +48,11 @@
 			$project = $this->projectList->GetProject($this->params['project']);
 			if (!$project) {
 				throw new GitPHP_InvalidProjectParameterException($this->params['project']);
+			}
+			if ($this->userList && ($this->userList->GetCount() > 0)) {
+				if (!$project->UserCanAccess((!empty($_SESSION['gitphpuser']) ? $_SESSION['gitphpuser'] : null))) {
+					throw new GitPHP_ProtectedProjectException($this->params['project']);
+				}
 			}
 			$this->project = $project->GetProject();
 		}

--- /dev/null
+++ b/include/exception/ProtectedProjectException.class.php
@@ -1,1 +1,34 @@
+<?php
+/**
+ * Custom exception when a user tries to access a project they don't have access to
+ *
+ * @author Christopher Han <xiphux@gmail.com>
+ * @copyright Copyright (c) 2012 Christopher Han
+ * @package GitPHP
+ * @subpackage Exception
+ */
+class GitPHP_ProtectedProjectException extends GitPHP_MessageException
+{
+	/**
+	 * Specified project
+	 *
+	 * @var string
+	 */
+	public $Project;
 
+	/**
+	 * Constructor
+	 *
+	 * @param string $project project
+	 * @param string $message message
+	 * @param int $code code
+	 */
+	public function __construct($project, $message = '', $code = 0)
+	{
+		$this->Project = $project;
+		if (empty($message))
+			$message = sprintf('You are not authorized to access project %1$s', $project);
+		parent::__construct($message, true, 401, $code); 
+	}
+}
+

comments