Limit assignee suggestions to users that can see the change

Bug: Issue 5181
Change-Id: Ib64248a285e8feca1fd8f18e825f302d09d252ed
Signed-off-by: Edwin Kempin <ekempin@google.com>

gerrit-gwtui/src/main/java/com/google/gerrit/client/account/AccountApi.java

@@ -27,6 +27,7 @@ import com.google.gwt.core.client.JavaScriptObject;
 import com.google.gwt.core.client.JsArray;
 import com.google.gwt.core.client.JsArrayString;
 import com.google.gwt.user.client.rpc.AsyncCallback;
+import com.google.gwtorm.client.KeyUtil;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -49,7 +50,7 @@ public class AccountApi {
   public static void suggest(String query, int limit, AsyncCallback<JsArray<AccountInfo>> cb) {
     new RestApi("/accounts/")
         .addParameterTrue("suggest")
-        .addParameter("q", query)
+        .addParameterRaw("q", KeyUtil.encode(query))
         .addParameter("n", limit)
         .background()
         .get(cb);

gerrit-gwtui/src/main/java/com/google/gerrit/client/change/Assignee.java

@@ -102,6 +102,7 @@ public class Assignee extends Composite {
     this.changeId = info.legacyId();
     this.project = info.projectNameKey();
     this.canEdit = info.hasActions() && info.actions().containsKey("assignee");
+    assigneeSuggestOracle.setChange(info);
     setAssignee(info.assignee());
     editAssigneeIcon.setVisible(canEdit);
     if (!canEdit) {

gerrit-gwtui/src/main/java/com/google/gerrit/client/change/AssigneeSuggestOracle.java

@@ -16,6 +16,7 @@ package com.google.gerrit.client.change;
 
 import com.google.gerrit.client.account.AccountApi;
 import com.google.gerrit.client.info.AccountInfo;
+import com.google.gerrit.client.info.ChangeInfo;
 import com.google.gerrit.client.rpc.GerritCallback;
 import com.google.gerrit.client.rpc.Natives;
 import com.google.gerrit.client.ui.AccountSuggestOracle.AccountSuggestion;
@@ -27,10 +28,17 @@ import java.util.List;
 
 /** REST API based suggestion Oracle for assignee */
 public class AssigneeSuggestOracle extends SuggestAfterTypingNCharsOracle {
+
+  private ChangeInfo change;
+
+  public void setChange(ChangeInfo change) {
+    this.change = change;
+  }
+
   @Override
   protected void _onRequestSuggestions(Request req, Callback cb) {
     AccountApi.suggest(
-        req.getQuery(),
+        getQuery(req),
         req.getLimit(),
         new GerritCallback<JsArray<AccountInfo>>() {
           @Override
@@ -49,4 +57,13 @@ public class AssigneeSuggestOracle extends SuggestAfterTypingNCharsOracle {
           }
         });
   }
+
+  private String getQuery(Request req) {
+    StringBuilder query = new StringBuilder();
+    query.append(req.getQuery());
+    if (change != null) {
+      query.append(" cansee:").append(change._number());
+    }
+    return query.toString();
+  }
 }

java/com/google/gerrit/server/query/account/AccountQueryBuilder.java

@@ -198,6 +198,14 @@ public class AccountQueryBuilder extends QueryBuilder<AccountState> {
   protected Predicate<AccountState> defaultField(String query) {
     Predicate<AccountState> defaultPredicate =
         AccountPredicates.defaultPredicate(args.schema(), checkedCanSeeSecondaryEmails(), query);
+    if (query.startsWith("cansee:")) {
+      try {
+        return cansee(query.substring(7));
+      } catch (OrmException | QueryParseException | PermissionBackendException e) {
+        // Ignore, fall back to default query
+      }
+    }
+
     if ("self".equalsIgnoreCase(query) || "me".equalsIgnoreCase(query)) {
       try {
         return Predicate.or(defaultPredicate, AccountPredicates.id(self()));