Convert ListTasks and TaskCollection to PermissionBackend

For a ProjectTask, try to check ACCESS permission on the target project before the broader VIEW_QUEUE permission. Change-Id: I27a7d97244eb3d757918650db31d354ce0b143f6
2017-02-22 22:17:13 -08:00 · 2017-02-22 22:17:13 -08:00 · 0527c60251
commit 0527c60251
parent 571f99c02a
2 changed files with 27 additions and 25 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/config/ListTasks.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/ListTasks.java
@ -26,8 +26,7 @@ import com.google.gerrit.server.git.WorkQueue.Task;
 import com.google.gerrit.server.permissions.GlobalPermission;
 import com.google.gerrit.server.permissions.PermissionBackend;
 import com.google.gerrit.server.permissions.PermissionBackendException;
-import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectState;
+import com.google.gerrit.server.permissions.ProjectPermission;
 import com.google.gerrit.server.util.IdGenerator;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
@ -45,18 +44,13 @@ import java.util.concurrent.TimeUnit;
 public class ListTasks implements RestReadView<ConfigResource> {
  private final PermissionBackend permissionBackend;
  private final WorkQueue workQueue;
-  private final ProjectCache projectCache;
  private final Provider<CurrentUser> self;

  @Inject
  public ListTasks(
-      PermissionBackend permissionBackend,
-      WorkQueue workQueue,
-      ProjectCache projectCache,
-      Provider<CurrentUser> self) {
+      PermissionBackend permissionBackend, WorkQueue workQueue, Provider<CurrentUser> self) {
    this.permissionBackend = permissionBackend;
    this.workQueue = workQueue;
-    this.projectCache = projectCache;
    this.self = self;
  }

@ -82,8 +76,15 @@ public class ListTasks implements RestReadView<ConfigResource> {
      if (task.projectName != null) {
        Boolean visible = visibilityCache.get(task.projectName);
        if (visible == null) {
-          ProjectState e = projectCache.get(new Project.NameKey(task.projectName));
-          visible = e != null ? e.controlFor(user).isVisible() : false;
+          try {
+            permissionBackend
+                .user(user)
+                .project(new Project.NameKey(task.projectName))
+                .check(ProjectPermission.ACCESS);
+            visible = true;
+          } catch (AuthException e) {
+            visible = false;
+          }
          visibilityCache.put(task.projectName, visible);
        }
        if (visible) {
--- a/gerrit-server/src/main/java/com/google/gerrit/server/config/TasksCollection.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/TasksCollection.java
@ -27,8 +27,7 @@ import com.google.gerrit.server.git.WorkQueue.Task;
 import com.google.gerrit.server.permissions.GlobalPermission;
 import com.google.gerrit.server.permissions.PermissionBackend;
 import com.google.gerrit.server.permissions.PermissionBackendException;
-import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectState;
+import com.google.gerrit.server.permissions.ProjectPermission;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
@ -40,7 +39,6 @@ public class TasksCollection implements ChildCollection<ConfigResource, TaskReso
  private final WorkQueue workQueue;
  private final Provider<CurrentUser> self;
  private final PermissionBackend permissionBackend;
-  private final ProjectCache projectCache;

  @Inject
  TasksCollection(
@ -48,14 +46,12 @@ public class TasksCollection implements ChildCollection<ConfigResource, TaskReso
      ListTasks list,
      WorkQueue workQueue,
      Provider<CurrentUser> self,
-      PermissionBackend permissionBackend,
-      ProjectCache projectCache) {
+      PermissionBackend permissionBackend) {
    this.views = views;
    this.list = list;
    this.workQueue = workQueue;
    this.self = self;
    this.permissionBackend = permissionBackend;
-    this.projectCache = projectCache;
  }

  @Override
@ -79,22 +75,27 @@ public class TasksCollection implements ChildCollection<ConfigResource, TaskReso
    }

    Task<?> task = workQueue.getTask(taskId);
+    if (task instanceof ProjectTask) {
+      try {
+        permissionBackend
+            .user(user)
+            .project(((ProjectTask<?>) task).getProjectNameKey())
+            .check(ProjectPermission.ACCESS);
+        return new TaskResource(task);
+      } catch (AuthException e) {
+        // Fall through and try view queue permission.
+      }
+    }
+
    if (task != null) {
      try {
        permissionBackend.user(user).check(GlobalPermission.VIEW_QUEUE);
        return new TaskResource(task);
      } catch (AuthException e) {
-        // Fall through and try filtering.
-      }
-
-      if (task instanceof ProjectTask) {
-        ProjectTask<?> projectTask = ((ProjectTask<?>) task);
-        ProjectState e = projectCache.get(projectTask.getProjectNameKey());
-        if (e != null && e.controlFor(user).isVisible()) {
-          return new TaskResource(task);
-        }
+        // Fall through and return not found.
      }
    }
+
    throw new ResourceNotFoundException(id);
  }