Limit assignee suggestions to users that can see the change

Bug: Issue 5181 Change-Id: Ib64248a285e8feca1fd8f18e825f302d09d252ed Signed-off-by: Edwin Kempin <ekempin@google.com>
2016-12-30 09:49:52 +01:00
parent f4f0f8a222
commit 191aaa7e24
4 changed files with 29 additions and 2 deletions
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/AccountApi.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/AccountApi.java
@@ -27,6 +27,7 @@ import com.google.gwt.core.client.JavaScriptObject;
 import com.google.gwt.core.client.JsArray;
 import com.google.gwt.core.client.JsArrayString;
 import com.google.gwt.user.client.rpc.AsyncCallback;
 import com.google.gwtorm.client.KeyUtil;
 import java.util.HashSet;
 import java.util.Set;
@@ -49,7 +50,7 @@ public class AccountApi {
  public static void suggest(String query, int limit, AsyncCallback<JsArray<AccountInfo>> cb) {
    new RestApi("/accounts/")
        .addParameterTrue("suggest")
-        .addParameter("q", query)
+        .addParameterRaw("q", KeyUtil.encode(query))
        .addParameter("n", limit)
        .background()
        .get(cb);
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/change/Assignee.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/change/Assignee.java
@@ -102,6 +102,7 @@ public class Assignee extends Composite {
    this.changeId = info.legacyId();
    this.project = info.projectNameKey();
    this.canEdit = info.hasActions() && info.actions().containsKey("assignee");
    assigneeSuggestOracle.setChange(info);
    setAssignee(info.assignee());
    editAssigneeIcon.setVisible(canEdit);
    if (!canEdit) {
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/change/AssigneeSuggestOracle.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/change/AssigneeSuggestOracle.java
@@ -16,6 +16,7 @@ package com.google.gerrit.client.change;
 import com.google.gerrit.client.account.AccountApi;
 import com.google.gerrit.client.info.AccountInfo;
 import com.google.gerrit.client.info.ChangeInfo;
 import com.google.gerrit.client.rpc.GerritCallback;
 import com.google.gerrit.client.rpc.Natives;
 import com.google.gerrit.client.ui.AccountSuggestOracle.AccountSuggestion;
@@ -27,10 +28,17 @@ import java.util.List;
 /** REST API based suggestion Oracle for assignee */
 public class AssigneeSuggestOracle extends SuggestAfterTypingNCharsOracle {
  private ChangeInfo change;
  public void setChange(ChangeInfo change) {
    this.change = change;
  }
  @Override
  protected void _onRequestSuggestions(Request req, Callback cb) {
    AccountApi.suggest(
-        req.getQuery(),
+        getQuery(req),
        req.getLimit(),
        new GerritCallback<JsArray<AccountInfo>>() {
          @Override
@@ -49,4 +57,13 @@ public class AssigneeSuggestOracle extends SuggestAfterTypingNCharsOracle {
          }
        });
  }
  private String getQuery(Request req) {
    StringBuilder query = new StringBuilder();
    query.append(req.getQuery());
    if (change != null) {
      query.append(" cansee:").append(change._number());
    }
    return query.toString();
  }
 }
--- a/java/com/google/gerrit/server/query/account/AccountQueryBuilder.java
+++ b/java/com/google/gerrit/server/query/account/AccountQueryBuilder.java
@@ -198,6 +198,14 @@ public class AccountQueryBuilder extends QueryBuilder<AccountState> {
  protected Predicate<AccountState> defaultField(String query) {
    Predicate<AccountState> defaultPredicate =
        AccountPredicates.defaultPredicate(args.schema(), checkedCanSeeSecondaryEmails(), query);
    if (query.startsWith("cansee:")) {
      try {
        return cansee(query.substring(7));
      } catch (OrmException | QueryParseException | PermissionBackendException e) {
        // Ignore, fall back to default query
      }
    }
    if ("self".equalsIgnoreCase(query) || "me".equalsIgnoreCase(query)) {
      try {
        return Predicate.or(defaultPredicate, AccountPredicates.id(self()));