Allow users with ACCESS_DATABASE to get/delete external IDs of others

Change-Id: I677eeb6626e0f483109826fe3b6d5721e8508eae
Signed-off-by: Edwin Kempin <ekempin@google.com>

gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/account/ExternalIdIT.java

@@ -96,7 +96,6 @@ public class ExternalIdIT extends AbstractDaemonTest {
   @Test
   public void getExternalIds() throws Exception {
     Collection<ExternalId> expectedIds = accountCache.get(user.getId()).getExternalIds();
-
     List<AccountExternalIdInfo> expectedIdInfos = toExternalIdInfos(expectedIds);
 
     RestResponse response = userRestSession.get("/accounts/self/external.ids");
@@ -112,6 +111,34 @@ public class ExternalIdIT extends AbstractDaemonTest {
     assertThat(results).containsExactlyElementsIn(expectedIdInfos);
   }
 
+  @Test
+  public void getExternalIdsOfOtherUserNotAllowed() throws Exception {
+    setApiUser(user);
+    exception.expect(AuthException.class);
+    exception.expectMessage("not allowed to get external IDs");
+    gApi.accounts().id(admin.id.get()).getExternalIds();
+  }
+
+  @Test
+  public void getExternalIdsOfOtherUserWithAccessDatabase() throws Exception {
+    allowGlobalCapabilities(REGISTERED_USERS, GlobalCapability.ACCESS_DATABASE);
+
+    Collection<ExternalId> expectedIds = accountCache.get(admin.getId()).getExternalIds();
+    List<AccountExternalIdInfo> expectedIdInfos = toExternalIdInfos(expectedIds);
+
+    RestResponse response = userRestSession.get("/accounts/" + admin.id + "/external.ids");
+    response.assertOK();
+
+    List<AccountExternalIdInfo> results =
+        newGson()
+            .fromJson(
+                response.getReader(), new TypeToken<List<AccountExternalIdInfo>>() {}.getType());
+
+    Collections.sort(expectedIdInfos);
+    Collections.sort(results);
+    assertThat(results).containsExactlyElementsIn(expectedIdInfos);
+  }
+
   @Test
   public void deleteExternalIds() throws Exception {
     setApiUser(user);
@@ -138,6 +165,46 @@ public class ExternalIdIT extends AbstractDaemonTest {
     assertThat(results).containsExactlyElementsIn(expectedIds);
   }
 
+  @Test
+  public void deleteExternalIdsOfOtherUserNotAllowed() throws Exception {
+    List<AccountExternalIdInfo> extIds = gApi.accounts().self().getExternalIds();
+    setApiUser(user);
+    exception.expect(AuthException.class);
+    exception.expectMessage("not allowed to delete external IDs");
+    gApi.accounts()
+        .id(admin.id.get())
+        .deleteExternalIds(extIds.stream().map(e -> e.identity).collect(toList()));
+  }
+
+  @Test
+  public void deleteExternalIdsOfOtherUserWithAccessDatabase() throws Exception {
+    allowGlobalCapabilities(REGISTERED_USERS, GlobalCapability.ACCESS_DATABASE);
+
+    List<AccountExternalIdInfo> externalIds = gApi.accounts().self().getExternalIds();
+
+    List<String> toDelete = new ArrayList<>();
+    List<AccountExternalIdInfo> expectedIds = new ArrayList<>();
+    for (AccountExternalIdInfo id : externalIds) {
+      if (id.canDelete != null && id.canDelete) {
+        toDelete.add(id.identity);
+        continue;
+      }
+      expectedIds.add(id);
+    }
+
+    assertThat(toDelete).hasSize(1);
+
+    setApiUser(user);
+    RestResponse response =
+        userRestSession.post("/accounts/" + admin.id + "/external.ids:delete", toDelete);
+    response.assertNoContent();
+    List<AccountExternalIdInfo> results = gApi.accounts().id(admin.id.get()).getExternalIds();
+    // The external ID in WebSession will not be set for tests, resulting that
+    // "mailto:user@example.com" can be deleted while "username:user" can't.
+    assertThat(results).hasSize(1);
+    assertThat(results).containsExactlyElementsIn(expectedIds);
+  }
+
   @Test
   public void deleteExternalIdOfPreferredEmail() throws Exception {
     String preferredEmail = gApi.accounts().self().get().email;

gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteExternalIds.java

@@ -52,7 +52,7 @@ public class DeleteExternalIds implements RestModifyView<AccountResource, List<S
   @Override
   public Response<?> apply(AccountResource resource, List<String> extIds)
       throws RestApiException, IOException, OrmException, ConfigInvalidException {
-    if (self.get() != resource.getUser()) {
+    if (self.get() != resource.getUser() && !self.get().getCapabilities().canAccessDatabase()) {
       throw new AuthException("not allowed to delete external IDs");
     }
 

gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java

@@ -51,7 +51,7 @@ public class GetExternalIds implements RestReadView<AccountResource> {
   @Override
   public List<AccountExternalIdInfo> apply(AccountResource resource)
       throws RestApiException, IOException, OrmException {
-    if (self.get() != resource.getUser()) {
+    if (self.get() != resource.getUser() && !self.get().getCapabilities().canAccessDatabase()) {
       throw new AuthException("not allowed to get external IDs");
     }