opendev/gerrit
Code Issues Proposed changes

Remove REST_API check from RestApiServlet

Browse Source 
This broke querying for /changes/ or /projects/.

Change-Id: I5dbbcdd653b966a478c8eb64748cf0cdd89e6652
This commit is contained in:
Shawn O. Pearce
2012-11-15 09:45:00 -08:00
parent 02355b009b
commit 04f041d2e6
1 changed files with 0 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
gerrit-httpd/src/main/java/com/google/gerrit/httpd/RestApiServlet.java
View File

@@ -20,8 +20,6 @@ import static javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
import com.google.common.base.Objects; import com.google.common.base.Objects;
import com.google.common.base.Strings; import com.google.common.base.Strings;
import com.google.gerrit.extensions.annotations.RequiresCapability; import com.google.gerrit.extensions.annotations.RequiresCapability;
import com.google.gerrit.server.AccessPath;
import com.google.gerrit.server.AnonymousUser;
import com.google.gerrit.server.CurrentUser; import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser; import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.CapabilityControl; import com.google.gerrit.server.account.CapabilityControl;
@@ -92,11 +90,8 @@ public abstract class RestApiServlet extends HttpServlet {
res.setHeader("Content-Disposition", "attachment"); res.setHeader("Content-Disposition", "attachment");
try { try {
checkUserSession(req);
checkRequiresCapability(); checkRequiresCapability();
super.service(req, res); super.service(req, res);
} catch (InvalidAuthException err) {
sendError(res, SC_FORBIDDEN, err.getMessage());
} catch (RequireCapabilityException err) { } catch (RequireCapabilityException err) {
sendError(res, SC_FORBIDDEN, err.getMessage()); sendError(res, SC_FORBIDDEN, err.getMessage());
} catch (Error err) { } catch (Error err) {
@@ -106,18 +101,6 @@ public abstract class RestApiServlet extends HttpServlet {
} }
} }
private void checkUserSession(HttpServletRequest req)
throws InvalidAuthException {
CurrentUser user = currentUser.get();
if (user instanceof AnonymousUser) {
if (!"GET".equals(req.getMethod())) {
throw new InvalidAuthException("Authentication required");
}
} else if (user.getAccessPath() != AccessPath.REST_API) {
throw new InvalidAuthException("Invalid authentication method");
}
}
private void checkRequiresCapability() throws RequireCapabilityException { private void checkRequiresCapability() throws RequireCapabilityException {
RequiresCapability rc = getClass().getAnnotation(RequiresCapability.class); RequiresCapability rc = getClass().getAnnotation(RequiresCapability.class);
if (rc != null) { if (rc != null) {
@@ -246,11 +229,4 @@ public abstract class RestApiServlet extends HttpServlet {
super(msg); super(msg);
} }
} }
@SuppressWarnings("serial") // Never serialized or thrown out of this class.
private static class InvalidAuthException extends Exception {
public InvalidAuthException(String msg) {
super(msg);
}
}
} }