Convert administrateServer to PermissionBackend
Leave a poorly named backdoor in CapabilityControl for the existing ProjectControl, RefControl, ChangeControl and GroupControl to test administrator permission. Update test expecting a failure when administateServer is not granted. Change-Id: I0f523dbf26506ea53c38ffb02aeef74f3cf18ba6
This commit is contained in:
Shawn Pearce
@@ -30,6 +30,9 @@ import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.AddSshKey.Input;
|
||||
import com.google.gerrit.server.mail.send.AddKeySender;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.ssh.SshKeyCache;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -50,6 +53,7 @@ public class AddSshKey implements RestModifyView<AccountResource, Input> {
|
||||
}
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final VersionedAuthorizedKeys.Accessor authorizedKeys;
|
||||
private final SshKeyCache sshKeyCache;
|
||||
private final AddKeySender.Factory addKeyFactory;
|
||||
@@ -57,10 +61,12 @@ public class AddSshKey implements RestModifyView<AccountResource, Input> {
|
||||
@Inject
|
||||
AddSshKey(
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
VersionedAuthorizedKeys.Accessor authorizedKeys,
|
||||
SshKeyCache sshKeyCache,
|
||||
AddKeySender.Factory addKeyFactory) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.authorizedKeys = authorizedKeys;
|
||||
this.sshKeyCache = sshKeyCache;
|
||||
this.addKeyFactory = addKeyFactory;
|
||||
@@ -68,9 +74,10 @@ public class AddSshKey implements RestModifyView<AccountResource, Input> {
|
||||
|
||||
@Override
|
||||
public Response<SshKeyInfo> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, BadRequestException, OrmException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("not allowed to add SSH keys");
|
||||
throws AuthException, BadRequestException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
return apply(rsrc.getUser(), input);
|
||||
}
|
||||
|
||||
@@ -30,7 +30,10 @@ import com.google.gerrit.server.permissions.GlobalOrPluginPermission;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.permissions.PluginPermission;
|
||||
import com.google.gerrit.server.project.ChangeControl;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.gerrit.server.project.ProjectControl;
|
||||
import com.google.gerrit.server.project.RefControl;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.assistedinject.Assisted;
|
||||
import java.util.ArrayList;
|
||||
@@ -65,8 +68,23 @@ public class CapabilityControl {
|
||||
return user;
|
||||
}
|
||||
|
||||
/** @return true if the user can administer this server. */
|
||||
public boolean canAdministrateServer() {
|
||||
/**
|
||||
* <b>Do not use.</b> Determine if the user can administer this server.
|
||||
*
|
||||
* <p>This method is visible only for the benefit of the following transitional classes:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link ProjectControl}
|
||||
* <li>{@link RefControl}
|
||||
* <li>{@link ChangeControl}
|
||||
* <li>{@link GroupControl}
|
||||
* </ul>
|
||||
*
|
||||
* Other callers should not use this method, as it is slated to go away.
|
||||
*
|
||||
* @return true if the user can administer this server.
|
||||
*/
|
||||
public boolean isAdmin_DoNotUse() {
|
||||
if (canAdministrateServer == null) {
|
||||
if (user.getRealUser() != user) {
|
||||
canAdministrateServer = false;
|
||||
@@ -91,7 +109,7 @@ public class CapabilityControl {
|
||||
|
||||
/** @return true if the user can view all accounts. */
|
||||
public boolean canViewAllAccounts() {
|
||||
return canPerform(GlobalCapability.VIEW_ALL_ACCOUNTS) || canAdministrateServer();
|
||||
return canPerform(GlobalCapability.VIEW_ALL_ACCOUNTS) || isAdmin_DoNotUse();
|
||||
}
|
||||
|
||||
/** @return true if the user can access the database (with gsql). */
|
||||
@@ -220,7 +238,7 @@ public class CapabilityControl {
|
||||
if (perm instanceof GlobalPermission) {
|
||||
return can((GlobalPermission) perm);
|
||||
} else if (perm instanceof PluginPermission) {
|
||||
return canPerform(perm.permissionName()) || canAdministrateServer();
|
||||
return canPerform(perm.permissionName()) || isAdmin_DoNotUse();
|
||||
}
|
||||
throw new PermissionBackendException(perm + " unsupported");
|
||||
}
|
||||
@@ -228,7 +246,7 @@ public class CapabilityControl {
|
||||
private boolean can(GlobalPermission perm) throws PermissionBackendException {
|
||||
switch (perm) {
|
||||
case ADMINISTRATE_SERVER:
|
||||
return canAdministrateServer();
|
||||
return isAdmin_DoNotUse();
|
||||
case EMAIL_REVIEWERS:
|
||||
return canEmailReviewers();
|
||||
case VIEW_ALL_ACCOUNTS:
|
||||
@@ -241,7 +259,7 @@ public class CapabilityControl {
|
||||
case VIEW_QUEUE:
|
||||
return canPerform(perm.permissionName())
|
||||
|| canPerform(GlobalCapability.MAINTAIN_SERVER)
|
||||
|| canAdministrateServer();
|
||||
|| isAdmin_DoNotUse();
|
||||
|
||||
case CREATE_ACCOUNT:
|
||||
case CREATE_GROUP:
|
||||
@@ -251,7 +269,7 @@ public class CapabilityControl {
|
||||
case STREAM_EVENTS:
|
||||
case VIEW_CONNECTIONS:
|
||||
case VIEW_PLUGINS:
|
||||
return canPerform(perm.permissionName()) || canAdministrateServer();
|
||||
return canPerform(perm.permissionName()) || isAdmin_DoNotUse();
|
||||
|
||||
case ACCESS_DATABASE:
|
||||
case RUN_AS:
|
||||
|
||||
@@ -19,6 +19,9 @@ import com.google.gerrit.extensions.restapi.Response;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.account.DeleteSshKey.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.ssh.SshKeyCache;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -33,15 +36,18 @@ public class DeleteSshKey implements RestModifyView<AccountResource.SshKey, Inpu
|
||||
public static class Input {}
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final VersionedAuthorizedKeys.Accessor authorizedKeys;
|
||||
private final SshKeyCache sshKeyCache;
|
||||
|
||||
@Inject
|
||||
DeleteSshKey(
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
VersionedAuthorizedKeys.Accessor authorizedKeys,
|
||||
SshKeyCache sshKeyCache) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.authorizedKeys = authorizedKeys;
|
||||
this.sshKeyCache = sshKeyCache;
|
||||
}
|
||||
@@ -49,9 +55,9 @@ public class DeleteSshKey implements RestModifyView<AccountResource.SshKey, Inpu
|
||||
@Override
|
||||
public Response<?> apply(AccountResource.SshKey rsrc, Input input)
|
||||
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
|
||||
ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("not allowed to delete SSH keys");
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
authorizedKeys.deleteKey(rsrc.getUser().getAccountId(), rsrc.getSshKey().getKey().get());
|
||||
|
||||
@@ -25,6 +25,9 @@ import com.google.gerrit.reviewdb.client.Account;
|
||||
import com.google.gerrit.reviewdb.client.Project;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.WatchConfig.ProjectWatchKey;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -37,13 +40,18 @@ import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||
public class DeleteWatchedProjects
|
||||
implements RestModifyView<AccountResource, List<ProjectWatchInfo>> {
|
||||
private final Provider<IdentifiedUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountCache accountCache;
|
||||
private final WatchConfig.Accessor watchConfig;
|
||||
|
||||
@Inject
|
||||
DeleteWatchedProjects(
|
||||
Provider<IdentifiedUser> self, AccountCache accountCache, WatchConfig.Accessor watchConfig) {
|
||||
Provider<IdentifiedUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
AccountCache accountCache,
|
||||
WatchConfig.Accessor watchConfig) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.accountCache = accountCache;
|
||||
this.watchConfig = watchConfig;
|
||||
}
|
||||
@@ -51,9 +59,9 @@ public class DeleteWatchedProjects
|
||||
@Override
|
||||
public Response<?> apply(AccountResource rsrc, List<ProjectWatchInfo> input)
|
||||
throws AuthException, UnprocessableEntityException, OrmException, IOException,
|
||||
ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("It is not allowed to edit project watches of other users");
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
if (input == null) {
|
||||
return Response.none();
|
||||
|
||||
@@ -17,12 +17,16 @@ package com.google.gerrit.server.account;
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.gerrit.extensions.registration.DynamicMap;
|
||||
import com.google.gerrit.extensions.restapi.AcceptsCreate;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.ChildCollection;
|
||||
import com.google.gerrit.extensions.restapi.IdString;
|
||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||
import com.google.gerrit.extensions.restapi.RestView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.account.AccountResource.Email;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -34,6 +38,7 @@ public class Emails
|
||||
private final DynamicMap<RestView<AccountResource.Email>> views;
|
||||
private final GetEmails list;
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final CreateEmail.Factory createEmailFactory;
|
||||
|
||||
@Inject
|
||||
@@ -41,10 +46,12 @@ public class Emails
|
||||
DynamicMap<RestView<AccountResource.Email>> views,
|
||||
GetEmails list,
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
CreateEmail.Factory createEmailFactory) {
|
||||
this.views = views;
|
||||
this.list = list;
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.createEmailFactory = createEmailFactory;
|
||||
}
|
||||
|
||||
@@ -55,21 +62,21 @@ public class Emails
|
||||
|
||||
@Override
|
||||
public AccountResource.Email parse(AccountResource rsrc, IdString id)
|
||||
throws ResourceNotFoundException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new ResourceNotFoundException();
|
||||
throws ResourceNotFoundException, PermissionBackendException, AuthException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
if ("preferred".equals(id.get())) {
|
||||
String email = rsrc.getUser().getAccount().getPreferredEmail();
|
||||
if (Strings.isNullOrEmpty(email)) {
|
||||
throw new ResourceNotFoundException();
|
||||
throw new ResourceNotFoundException(id);
|
||||
}
|
||||
return new AccountResource.Email(rsrc.getUser(), email);
|
||||
} else if (rsrc.getUser().hasEmailAddress(id.get())) {
|
||||
return new AccountResource.Email(rsrc.getUser(), id.get());
|
||||
} else {
|
||||
throw new ResourceNotFoundException();
|
||||
throw new ResourceNotFoundException(id);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -25,6 +25,9 @@ import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.AllUsersName;
|
||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||
import com.google.gerrit.server.git.UserConfigSections;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -42,23 +45,26 @@ public class GetDiffPreferences implements RestReadView<AccountResource> {
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<AllUsersName> allUsersName;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final GitRepositoryManager gitMgr;
|
||||
|
||||
@Inject
|
||||
GetDiffPreferences(
|
||||
Provider<CurrentUser> self,
|
||||
Provider<AllUsersName> allUsersName,
|
||||
PermissionBackend permissionBackend,
|
||||
GitRepositoryManager gitMgr) {
|
||||
this.self = self;
|
||||
this.allUsersName = allUsersName;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.gitMgr = gitMgr;
|
||||
}
|
||||
|
||||
@Override
|
||||
public DiffPreferencesInfo apply(AccountResource rsrc)
|
||||
throws AuthException, ConfigInvalidException, IOException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("restricted to administrator");
|
||||
throws AuthException, ConfigInvalidException, IOException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
Account.Id id = rsrc.getUser().getAccountId();
|
||||
|
||||
@@ -23,6 +23,9 @@ import com.google.gerrit.reviewdb.client.Account;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.WatchConfig.NotifyType;
|
||||
import com.google.gerrit.server.account.WatchConfig.ProjectWatchKey;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -38,22 +41,28 @@ import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||
|
||||
@Singleton
|
||||
public class GetWatchedProjects implements RestReadView<AccountResource> {
|
||||
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<IdentifiedUser> self;
|
||||
private final WatchConfig.Accessor watchConfig;
|
||||
|
||||
@Inject
|
||||
public GetWatchedProjects(Provider<IdentifiedUser> self, WatchConfig.Accessor watchConfig) {
|
||||
public GetWatchedProjects(
|
||||
PermissionBackend permissionBackend,
|
||||
Provider<IdentifiedUser> self,
|
||||
WatchConfig.Accessor watchConfig) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.self = self;
|
||||
this.watchConfig = watchConfig;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ProjectWatchInfo> apply(AccountResource rsrc)
|
||||
throws OrmException, AuthException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("It is not allowed to list project watches of other users");
|
||||
throws OrmException, AuthException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
Account.Id accountId = rsrc.getUser().getAccountId();
|
||||
List<ProjectWatchInfo> projectWatchInfos = new ArrayList<>();
|
||||
for (Map.Entry<ProjectWatchKey, Set<NotifyType>> e :
|
||||
|
||||
@@ -127,7 +127,7 @@ public class GroupControl {
|
||||
return user.isInternalUser()
|
||||
|| groupBackend.isVisibleToAll(group.getGroupUUID())
|
||||
|| user.getEffectiveGroups().contains(group.getGroupUUID())
|
||||
|| user.getCapabilities().canAdministrateServer()
|
||||
|| user.getCapabilities().isAdmin_DoNotUse()
|
||||
|| isOwner();
|
||||
}
|
||||
|
||||
@@ -139,7 +139,7 @@ public class GroupControl {
|
||||
AccountGroup.UUID ownerUUID = accountGroup.getOwnerGroupUUID();
|
||||
isOwner =
|
||||
getUser().getEffectiveGroups().contains(ownerUUID)
|
||||
|| getUser().getCapabilities().canAdministrateServer();
|
||||
|| getUser().getCapabilities().isAdmin_DoNotUse();
|
||||
}
|
||||
return isOwner;
|
||||
}
|
||||
|
||||
@@ -15,7 +15,6 @@
|
||||
package com.google.gerrit.server.account;
|
||||
|
||||
import com.google.gerrit.extensions.client.ProjectWatchInfo;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.BadRequestException;
|
||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
@@ -24,6 +23,9 @@ import com.google.gerrit.reviewdb.client.Account;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.WatchConfig.NotifyType;
|
||||
import com.google.gerrit.server.account.WatchConfig.ProjectWatchKey;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.project.ProjectsCollection;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -41,6 +43,7 @@ import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||
public class PostWatchedProjects
|
||||
implements RestModifyView<AccountResource, List<ProjectWatchInfo>> {
|
||||
private final Provider<IdentifiedUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final GetWatchedProjects getWatchedProjects;
|
||||
private final ProjectsCollection projectsCollection;
|
||||
private final AccountCache accountCache;
|
||||
@@ -49,11 +52,13 @@ public class PostWatchedProjects
|
||||
@Inject
|
||||
public PostWatchedProjects(
|
||||
Provider<IdentifiedUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
GetWatchedProjects getWatchedProjects,
|
||||
ProjectsCollection projectsCollection,
|
||||
AccountCache accountCache,
|
||||
WatchConfig.Accessor watchConfig) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.getWatchedProjects = getWatchedProjects;
|
||||
this.projectsCollection = projectsCollection;
|
||||
this.accountCache = accountCache;
|
||||
@@ -62,10 +67,12 @@ public class PostWatchedProjects
|
||||
|
||||
@Override
|
||||
public List<ProjectWatchInfo> apply(AccountResource rsrc, List<ProjectWatchInfo> input)
|
||||
throws OrmException, RestApiException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("not allowed to edit project watches");
|
||||
throws OrmException, RestApiException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
Account.Id accountId = rsrc.getUser().getAccountId();
|
||||
watchConfig.upsertProjectWatches(accountId, asMap(input));
|
||||
accountCache.evict(accountId);
|
||||
|
||||
@@ -29,6 +29,9 @@ import com.google.gerrit.server.account.PutHttpPassword.Input;
|
||||
import com.google.gerrit.server.account.externalids.ExternalId;
|
||||
import com.google.gerrit.server.account.externalids.ExternalIds;
|
||||
import com.google.gerrit.server.account.externalids.ExternalIdsUpdate;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -57,6 +60,7 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<ReviewDb> dbProvider;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountCache accountCache;
|
||||
private final ExternalIds externalIds;
|
||||
private final ExternalIdsUpdate.User externalIdsUpdate;
|
||||
@@ -65,11 +69,13 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
|
||||
PutHttpPassword(
|
||||
Provider<CurrentUser> self,
|
||||
Provider<ReviewDb> dbProvider,
|
||||
PermissionBackend permissionBackend,
|
||||
AccountCache accountCache,
|
||||
ExternalIds externalIds,
|
||||
ExternalIdsUpdate.User externalIdsUpdate) {
|
||||
this.self = self;
|
||||
this.dbProvider = dbProvider;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.accountCache = accountCache;
|
||||
this.externalIds = externalIds;
|
||||
this.externalIdsUpdate = externalIdsUpdate;
|
||||
@@ -78,7 +84,11 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
|
||||
@Override
|
||||
public Response<String> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, ResourceConflictException, OrmException,
|
||||
IOException, ConfigInvalidException {
|
||||
IOException, ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
if (input == null) {
|
||||
input = new Input();
|
||||
}
|
||||
@@ -86,22 +96,12 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
|
||||
|
||||
String newPassword;
|
||||
if (input.generate) {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("not allowed to generate HTTP password");
|
||||
}
|
||||
newPassword = generate();
|
||||
|
||||
} else if (input.httpPassword == null) {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("not allowed to clear HTTP password");
|
||||
}
|
||||
newPassword = null;
|
||||
} else {
|
||||
if (!self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException(
|
||||
"not allowed to set HTTP password directly, "
|
||||
+ "requires the Administrate Server permission");
|
||||
}
|
||||
// Only administrators can explicitly set the password.
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
newPassword = input.httpPassword;
|
||||
}
|
||||
return apply(rsrc.getUser(), newPassword);
|
||||
|
||||
@@ -25,6 +25,9 @@ import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.account.PutUsername.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -40,6 +43,7 @@ public class PutUsername implements RestModifyView<AccountResource, Input> {
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final ChangeUserName.Factory changeUserNameFactory;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Realm realm;
|
||||
private final Provider<ReviewDb> db;
|
||||
|
||||
@@ -47,10 +51,12 @@ public class PutUsername implements RestModifyView<AccountResource, Input> {
|
||||
PutUsername(
|
||||
Provider<CurrentUser> self,
|
||||
ChangeUserName.Factory changeUserNameFactory,
|
||||
PermissionBackend permissionBackend,
|
||||
Realm realm,
|
||||
Provider<ReviewDb> db) {
|
||||
this.self = self;
|
||||
this.changeUserNameFactory = changeUserNameFactory;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.realm = realm;
|
||||
this.db = db;
|
||||
}
|
||||
@@ -58,9 +64,10 @@ public class PutUsername implements RestModifyView<AccountResource, Input> {
|
||||
@Override
|
||||
public String apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, MethodNotAllowedException, UnprocessableEntityException,
|
||||
ResourceConflictException, OrmException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("not allowed to set username");
|
||||
ResourceConflictException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
if (!realm.allowsEdit(AccountFieldName.USER_NAME)) {
|
||||
|
||||
@@ -255,7 +255,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public DiffPreferencesInfo getDiffPreferences() throws RestApiException {
|
||||
try {
|
||||
return getDiffPreferences.apply(account);
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
} catch (IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot query diff preferences", e);
|
||||
}
|
||||
}
|
||||
@@ -291,7 +291,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public List<ProjectWatchInfo> getWatchedProjects() throws RestApiException {
|
||||
try {
|
||||
return getWatchedProjects.apply(account);
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot get watched projects", e);
|
||||
}
|
||||
}
|
||||
@@ -301,7 +301,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
throws RestApiException {
|
||||
try {
|
||||
return postWatchedProjects.apply(account, in);
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot update watched projects", e);
|
||||
}
|
||||
}
|
||||
@@ -310,7 +310,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public void deleteWatchedProjects(List<ProjectWatchInfo> in) throws RestApiException {
|
||||
try {
|
||||
deleteWatchedProjects.apply(account, in);
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot delete watched projects", e);
|
||||
}
|
||||
}
|
||||
@@ -421,7 +421,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
in.raw = RawInputUtil.create(key);
|
||||
try {
|
||||
return addSshKey.apply(account, in).value();
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot add SSH key", e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -300,7 +300,7 @@ public class ProjectApiImpl implements ProjectApi {
|
||||
public ProjectAccessInfo access(ProjectAccessInput p) throws RestApiException {
|
||||
try {
|
||||
return setAccess.apply(checkExists(), p);
|
||||
} catch (IOException e) {
|
||||
} catch (IOException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot put access rights", e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -105,6 +105,8 @@ import com.google.gerrit.server.mail.MailUtil.MailRecipients;
|
||||
import com.google.gerrit.server.notedb.ChangeNotes;
|
||||
import com.google.gerrit.server.notedb.NotesMigration;
|
||||
import com.google.gerrit.server.patch.PatchSetInfoFactory;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.project.ChangeControl;
|
||||
import com.google.gerrit.server.project.NoSuchChangeException;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
@@ -292,6 +294,7 @@ public class ReceiveCommits {
|
||||
private final Provider<InternalChangeQuery> queryProvider;
|
||||
private final ChangeNotes.Factory notesFactory;
|
||||
private final AccountResolver accountResolver;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final CmdLineParser.Factory optionParserFactory;
|
||||
private final GitReferenceUpdated gitRefUpdated;
|
||||
private final PatchSetInfoFactory patchSetInfoFactory;
|
||||
@@ -357,6 +360,7 @@ public class ReceiveCommits {
|
||||
Provider<InternalChangeQuery> queryProvider,
|
||||
ChangeNotes.Factory notesFactory,
|
||||
AccountResolver accountResolver,
|
||||
PermissionBackend permissionBackend,
|
||||
CmdLineParser.Factory optionParserFactory,
|
||||
GitReferenceUpdated gitRefUpdated,
|
||||
PatchSetInfoFactory patchSetInfoFactory,
|
||||
@@ -396,6 +400,7 @@ public class ReceiveCommits {
|
||||
this.queryProvider = queryProvider;
|
||||
this.notesFactory = notesFactory;
|
||||
this.accountResolver = accountResolver;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.optionParserFactory = optionParserFactory;
|
||||
this.gitRefUpdated = gitRefUpdated;
|
||||
this.patchSetInfoFactory = patchSetInfoFactory;
|
||||
@@ -1042,10 +1047,13 @@ public class ReceiveCommits {
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
if (!oldParent.equals(newParent)
|
||||
&& !user.getCapabilities().canAdministrateServer()) {
|
||||
reject(cmd, "invalid project configuration: only Gerrit admin can set parent");
|
||||
continue;
|
||||
if (!oldParent.equals(newParent)) {
|
||||
try {
|
||||
permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
} catch (AuthException e) {
|
||||
reject(cmd, "invalid project configuration: only Gerrit admin can set parent");
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (projectCache.get(newParent) == null) {
|
||||
|
||||
@@ -19,6 +19,7 @@ import com.google.gerrit.extensions.api.projects.ProjectConfigEntryType;
|
||||
import com.google.gerrit.extensions.registration.DynamicMap;
|
||||
import com.google.gerrit.extensions.registration.DynamicMap.Entry;
|
||||
import com.google.gerrit.extensions.registration.DynamicSet;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.reviewdb.client.Branch;
|
||||
import com.google.gerrit.reviewdb.client.PatchSet;
|
||||
import com.google.gerrit.reviewdb.client.Project;
|
||||
@@ -29,6 +30,9 @@ import com.google.gerrit.server.config.PluginConfig;
|
||||
import com.google.gerrit.server.config.ProjectConfigEntry;
|
||||
import com.google.gerrit.server.git.CodeReviewCommit;
|
||||
import com.google.gerrit.server.git.ProjectConfig;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.gerrit.server.project.ProjectState;
|
||||
import com.google.inject.Inject;
|
||||
@@ -36,8 +40,12 @@ import java.io.IOException;
|
||||
import java.util.List;
|
||||
import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||
import org.eclipse.jgit.lib.Repository;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class MergeValidators {
|
||||
private static final Logger log = LoggerFactory.getLogger(MergeValidators.class);
|
||||
|
||||
private final DynamicSet<MergeValidationListener> mergeValidationListeners;
|
||||
private final ProjectConfigValidator.Factory projectConfigValidatorFactory;
|
||||
|
||||
@@ -93,6 +101,7 @@ public class MergeValidators {
|
||||
|
||||
private final AllProjectsName allProjectsName;
|
||||
private final ProjectCache projectCache;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final DynamicMap<ProjectConfigEntry> pluginConfigEntries;
|
||||
|
||||
public interface Factory {
|
||||
@@ -103,9 +112,11 @@ public class MergeValidators {
|
||||
public ProjectConfigValidator(
|
||||
AllProjectsName allProjectsName,
|
||||
ProjectCache projectCache,
|
||||
PermissionBackend permissionBackend,
|
||||
DynamicMap<ProjectConfigEntry> pluginConfigEntries) {
|
||||
this.allProjectsName = allProjectsName;
|
||||
this.projectCache = projectCache;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.pluginConfigEntries = pluginConfigEntries;
|
||||
}
|
||||
|
||||
@@ -132,8 +143,13 @@ public class MergeValidators {
|
||||
}
|
||||
} else {
|
||||
if (!oldParent.equals(newParent)) {
|
||||
if (!caller.getCapabilities().canAdministrateServer()) {
|
||||
try {
|
||||
permissionBackend.user(caller).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
} catch (AuthException e) {
|
||||
throw new MergeValidationException(SET_BY_ADMIN);
|
||||
} catch (PermissionBackendException e) {
|
||||
log.warn("Cannot check ADMINISTRATE_SERVER", e);
|
||||
throw new MergeValidationException("validation unavailable");
|
||||
}
|
||||
|
||||
if (projectCache.get(newParent) == null) {
|
||||
|
||||
@@ -356,7 +356,6 @@ public class ListGroups implements RestReadView<TopLevelResource> {
|
||||
|
||||
private List<AccountGroup> filterGroups(Collection<AccountGroup> groups) {
|
||||
List<AccountGroup> filteredGroups = new ArrayList<>(groups.size());
|
||||
boolean isAdmin = identifiedUser.get().getCapabilities().canAdministrateServer();
|
||||
for (AccountGroup group : groups) {
|
||||
if (!Strings.isNullOrEmpty(matchSubstring)) {
|
||||
if (!group
|
||||
@@ -372,13 +371,11 @@ public class ListGroups implements RestReadView<TopLevelResource> {
|
||||
if (!groupsToInspect.isEmpty() && !groupsToInspect.contains(group.getGroupUUID())) {
|
||||
continue;
|
||||
}
|
||||
if (!isAdmin) {
|
||||
GroupControl c = groupControlFactory.controlFor(group);
|
||||
if (!c.isVisible()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
GroupControl c = groupControlFactory.controlFor(group);
|
||||
if (c.isVisible()) {
|
||||
filteredGroups.add(group);
|
||||
}
|
||||
filteredGroups.add(group);
|
||||
}
|
||||
Collections.sort(filteredGroups, new GroupComparator());
|
||||
return filteredGroups;
|
||||
|
||||
@@ -17,9 +17,13 @@ package com.google.gerrit.server.mail.send;
|
||||
import com.google.common.base.Joiner;
|
||||
import com.google.gerrit.common.errors.EmailException;
|
||||
import com.google.gerrit.extensions.api.changes.RecipientType;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.reviewdb.client.AccountSshKey;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.mail.Address;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.assistedinject.Assisted;
|
||||
import com.google.inject.assistedinject.AssistedInject;
|
||||
import java.util.List;
|
||||
@@ -31,6 +35,7 @@ public class AddKeySender extends OutgoingEmail {
|
||||
AddKeySender create(IdentifiedUser user, List<String> gpgKey);
|
||||
}
|
||||
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final IdentifiedUser callingUser;
|
||||
private final IdentifiedUser user;
|
||||
private final AccountSshKey sshKey;
|
||||
@@ -39,10 +44,12 @@ public class AddKeySender extends OutgoingEmail {
|
||||
@AssistedInject
|
||||
public AddKeySender(
|
||||
EmailArguments ea,
|
||||
PermissionBackend permissionBackend,
|
||||
IdentifiedUser callingUser,
|
||||
@Assisted IdentifiedUser user,
|
||||
@Assisted AccountSshKey sshKey) {
|
||||
super(ea, "addkey");
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.callingUser = callingUser;
|
||||
this.user = user;
|
||||
this.sshKey = sshKey;
|
||||
@@ -52,10 +59,12 @@ public class AddKeySender extends OutgoingEmail {
|
||||
@AssistedInject
|
||||
public AddKeySender(
|
||||
EmailArguments ea,
|
||||
PermissionBackend permissionBackend,
|
||||
IdentifiedUser callingUser,
|
||||
@Assisted IdentifiedUser user,
|
||||
@Assisted List<String> gpgKeys) {
|
||||
super(ea, "addkey");
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.callingUser = callingUser;
|
||||
this.user = user;
|
||||
this.sshKey = null;
|
||||
@@ -71,12 +80,25 @@ public class AddKeySender extends OutgoingEmail {
|
||||
|
||||
@Override
|
||||
protected boolean shouldSendMessage() {
|
||||
/*
|
||||
* Don't send an email if no keys are added, or an admin is adding a key to
|
||||
* a user.
|
||||
*/
|
||||
return (sshKey != null || gpgKeys.size() > 0)
|
||||
&& (user.equals(callingUser) || !callingUser.getCapabilities().canAdministrateServer());
|
||||
if (sshKey == null && (gpgKeys == null || gpgKeys.isEmpty())) {
|
||||
// Don't email if no keys were added.
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.equals(callingUser)) {
|
||||
// Send email if the user self-added a key; this notification is necessary to alert
|
||||
// the user if their account was compromised and a key was unexpectedly added.
|
||||
return true;
|
||||
}
|
||||
|
||||
try {
|
||||
// Don't email if an administrator added a key on behalf of the user.
|
||||
permissionBackend.user(callingUser).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
return false;
|
||||
} catch (AuthException | PermissionBackendException e) {
|
||||
// Send email if a non-administrator modified the keys, e.g. by MODIFY_ACCOUNT.
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -85,7 +85,7 @@ public abstract class PermissionBackend {
|
||||
public abstract WithUser user(CurrentUser user);
|
||||
|
||||
/** @return lightweight factory scoped to answer for the specified user. */
|
||||
public WithUser user(Provider<CurrentUser> user) {
|
||||
public <U extends CurrentUser> WithUser user(Provider<U> user) {
|
||||
return user(checkNotNull(user, "Provider<CurrentUser>").get());
|
||||
}
|
||||
|
||||
|
||||
@@ -251,7 +251,7 @@ public class ChangeControl {
|
||||
return (isOwner() // owner (aka creator) of the change can abandon
|
||||
|| getRefControl().isOwner() // branch owner can abandon
|
||||
|| getProjectControl().isOwner() // project owner can abandon
|
||||
|| getUser().getCapabilities().canAdministrateServer() // site administers are god
|
||||
|| getUser().getCapabilities().isAdmin_DoNotUse() // site administers are god
|
||||
|| getRefControl().canAbandon() // user can abandon a specific ref
|
||||
)
|
||||
&& !isPatchSetLocked(db);
|
||||
@@ -275,10 +275,13 @@ public class ChangeControl {
|
||||
|
||||
switch (status) {
|
||||
case DRAFT:
|
||||
return isOwner() || getRefControl().canDeleteDrafts() || isAdmin();
|
||||
return isOwner()
|
||||
|| getRefControl().canDeleteDrafts()
|
||||
|| getUser().getCapabilities().isAdmin_DoNotUse();
|
||||
case NEW:
|
||||
case ABANDONED:
|
||||
return (isAdmin() || (isOwner() && getRefControl().canDeleteOwnChanges()));
|
||||
return (isOwner() && getRefControl().canDeleteOwnChanges())
|
||||
|| getUser().getCapabilities().isAdmin_DoNotUse();
|
||||
case MERGED:
|
||||
default:
|
||||
return false;
|
||||
@@ -394,10 +397,6 @@ public class ChangeControl {
|
||||
return false;
|
||||
}
|
||||
|
||||
public boolean isAdmin() {
|
||||
return getUser().getCapabilities().canAdministrateServer();
|
||||
}
|
||||
|
||||
/** @return true if the user is allowed to remove this reviewer. */
|
||||
public boolean canRemoveReviewer(PatchSetApproval approval) {
|
||||
return canRemoveReviewer(approval.getAccountId(), approval.getValue());
|
||||
@@ -424,7 +423,7 @@ public class ChangeControl {
|
||||
if (getRefControl().canRemoveReviewer() // has removal permissions
|
||||
|| getRefControl().isOwner() // branch owner
|
||||
|| getProjectControl().isOwner() // project owner
|
||||
|| getUser().getCapabilities().canAdministrateServer()) {
|
||||
|| getUser().getCapabilities().isAdmin_DoNotUse()) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -438,7 +437,7 @@ public class ChangeControl {
|
||||
return isOwner() // owner (aka creator) of the change can edit topic
|
||||
|| getRefControl().isOwner() // branch owner can edit topic
|
||||
|| getProjectControl().isOwner() // project owner can edit topic
|
||||
|| getUser().getCapabilities().canAdministrateServer() // site administers are god
|
||||
|| getUser().getCapabilities().isAdmin_DoNotUse() // site administers are god
|
||||
|| getRefControl().canEditTopicName() // user can edit topic on a specific ref
|
||||
;
|
||||
}
|
||||
@@ -451,7 +450,7 @@ public class ChangeControl {
|
||||
return isOwner() // owner (aka creator) of the change can edit desc
|
||||
|| getRefControl().isOwner() // branch owner can edit desc
|
||||
|| getProjectControl().isOwner() // project owner can edit desc
|
||||
|| getUser().getCapabilities().canAdministrateServer() // site administers are god
|
||||
|| getUser().getCapabilities().isAdmin_DoNotUse() // site administers are god
|
||||
;
|
||||
}
|
||||
return false;
|
||||
@@ -469,7 +468,7 @@ public class ChangeControl {
|
||||
return isOwner() // owner (aka creator) of the change can edit hashtags
|
||||
|| getRefControl().isOwner() // branch owner can edit hashtags
|
||||
|| getProjectControl().isOwner() // project owner can edit hashtags
|
||||
|| getUser().getCapabilities().canAdministrateServer() // site administers are god
|
||||
|| getUser().getCapabilities().isAdmin_DoNotUse() // site administers are god
|
||||
|| getRefControl().canEditHashtags(); // user can edit hashtag on a specific ref
|
||||
}
|
||||
|
||||
|
||||
@@ -324,7 +324,7 @@ public class ProjectControl {
|
||||
/** Is this user a project owner? Ownership does not imply {@link #isVisible()} */
|
||||
public boolean isOwner() {
|
||||
return (isDeclaredOwner() && !controlForRef("refs/*").isBlocked(Permission.OWNER))
|
||||
|| user.getCapabilities().canAdministrateServer();
|
||||
|| user.getCapabilities().isAdmin_DoNotUse();
|
||||
}
|
||||
|
||||
private boolean isDeclaredOwner() {
|
||||
@@ -337,7 +337,7 @@ public class ProjectControl {
|
||||
|
||||
/** Does this user have ownership on at least one reference name? */
|
||||
public boolean isOwnerAnyRef() {
|
||||
return canPerformOnAnyRef(Permission.OWNER) || user.getCapabilities().canAdministrateServer();
|
||||
return canPerformOnAnyRef(Permission.OWNER) || user.getCapabilities().isAdmin_DoNotUse();
|
||||
}
|
||||
|
||||
/** @return true if the user can upload to at least one reference */
|
||||
|
||||
@@ -200,7 +200,7 @@ public class RefControl {
|
||||
// this why for the AllProjects project we allow administrators to push
|
||||
// configuration changes if they have push without being project owner.
|
||||
if (!(projectControl.getProjectState().isAllProjects()
|
||||
&& getUser().getCapabilities().canAdministrateServer())) {
|
||||
&& getUser().getCapabilities().isAdmin_DoNotUse())) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -227,7 +227,7 @@ public class RefControl {
|
||||
case UNKNOWN:
|
||||
case WEB_BROWSER:
|
||||
default:
|
||||
return getUser().getCapabilities().canAdministrateServer()
|
||||
return getUser().getCapabilities().isAdmin_DoNotUse()
|
||||
|| (isOwner() && !isForceBlocked(Permission.PUSH));
|
||||
}
|
||||
}
|
||||
@@ -373,7 +373,7 @@ public class RefControl {
|
||||
case UNKNOWN:
|
||||
case WEB_BROWSER:
|
||||
default:
|
||||
return getUser().getCapabilities().canAdministrateServer()
|
||||
return getUser().getCapabilities().isAdmin_DoNotUse()
|
||||
|| (isOwner() && !isForceBlocked(Permission.PUSH))
|
||||
|| canPushWithForce()
|
||||
|| canPerform(Permission.DELETE);
|
||||
|
||||
@@ -41,6 +41,9 @@ import com.google.gerrit.server.config.AllProjectsName;
|
||||
import com.google.gerrit.server.git.MetaDataUpdate;
|
||||
import com.google.gerrit.server.git.ProjectConfig;
|
||||
import com.google.gerrit.server.group.GroupsCollection;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -54,6 +57,7 @@ import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||
@Singleton
|
||||
public class SetAccess implements RestModifyView<ProjectResource, ProjectAccessInput> {
|
||||
protected final GroupBackend groupBackend;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final GroupsCollection groupsCollection;
|
||||
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
|
||||
private final AllProjectsName allProjects;
|
||||
@@ -65,6 +69,7 @@ public class SetAccess implements RestModifyView<ProjectResource, ProjectAccessI
|
||||
@Inject
|
||||
private SetAccess(
|
||||
GroupBackend groupBackend,
|
||||
PermissionBackend permissionBackend,
|
||||
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
|
||||
AllProjectsName allProjects,
|
||||
Provider<SetParent> setParent,
|
||||
@@ -73,6 +78,7 @@ public class SetAccess implements RestModifyView<ProjectResource, ProjectAccessI
|
||||
GetAccess getAccess,
|
||||
Provider<IdentifiedUser> identifiedUser) {
|
||||
this.groupBackend = groupBackend;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.metaDataUpdateFactory = metaDataUpdateFactory;
|
||||
this.allProjects = allProjects;
|
||||
this.setParent = setParent;
|
||||
@@ -85,7 +91,7 @@ public class SetAccess implements RestModifyView<ProjectResource, ProjectAccessI
|
||||
@Override
|
||||
public ProjectAccessInfo apply(ProjectResource rsrc, ProjectAccessInput input)
|
||||
throws ResourceNotFoundException, ResourceConflictException, IOException, AuthException,
|
||||
BadRequestException, UnprocessableEntityException {
|
||||
BadRequestException, UnprocessableEntityException, PermissionBackendException {
|
||||
List<AccessSection> removals = getAccessSections(input.remove);
|
||||
List<AccessSection> additions = getAccessSections(input.add);
|
||||
MetaDataUpdate.User metaDataUpdateUser = metaDataUpdateFactory.get();
|
||||
@@ -269,16 +275,11 @@ public class SetAccess implements RestModifyView<ProjectResource, ProjectAccessI
|
||||
}
|
||||
|
||||
private void checkGlobalCapabilityPermissions(Project.NameKey projectName)
|
||||
throws BadRequestException, AuthException {
|
||||
|
||||
throws BadRequestException, AuthException, PermissionBackendException {
|
||||
if (!allProjects.equals(projectName)) {
|
||||
throw new BadRequestException(
|
||||
"Cannot edit global capabilities for projects other than " + allProjects.get());
|
||||
}
|
||||
|
||||
if (!identifiedUser.get().getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException(
|
||||
"Editing global capabilities requires " + GlobalCapability.ADMINISTRATE_SERVER);
|
||||
}
|
||||
permissionBackend.user(identifiedUser).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,6 +30,9 @@ import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.config.AllProjectsName;
|
||||
import com.google.gerrit.server.git.MetaDataUpdate;
|
||||
import com.google.gerrit.server.git.ProjectConfig;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.project.SetParent.Input;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -45,12 +48,18 @@ public class SetParent implements RestModifyView<ProjectResource, Input> {
|
||||
}
|
||||
|
||||
private final ProjectCache cache;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final MetaDataUpdate.Server updateFactory;
|
||||
private final AllProjectsName allProjects;
|
||||
|
||||
@Inject
|
||||
SetParent(ProjectCache cache, MetaDataUpdate.Server updateFactory, AllProjectsName allProjects) {
|
||||
SetParent(
|
||||
ProjectCache cache,
|
||||
PermissionBackend permissionBackend,
|
||||
MetaDataUpdate.Server updateFactory,
|
||||
AllProjectsName allProjects) {
|
||||
this.cache = cache;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.updateFactory = updateFactory;
|
||||
this.allProjects = allProjects;
|
||||
}
|
||||
@@ -58,13 +67,13 @@ public class SetParent implements RestModifyView<ProjectResource, Input> {
|
||||
@Override
|
||||
public String apply(ProjectResource rsrc, Input input)
|
||||
throws AuthException, ResourceConflictException, ResourceNotFoundException,
|
||||
UnprocessableEntityException, IOException {
|
||||
UnprocessableEntityException, IOException, PermissionBackendException {
|
||||
return apply(rsrc, input, true);
|
||||
}
|
||||
|
||||
public String apply(ProjectResource rsrc, Input input, boolean checkIfAdmin)
|
||||
throws AuthException, ResourceConflictException, ResourceNotFoundException,
|
||||
UnprocessableEntityException, IOException {
|
||||
UnprocessableEntityException, IOException, PermissionBackendException {
|
||||
ProjectControl ctl = rsrc.getControl();
|
||||
String parentName =
|
||||
MoreObjects.firstNonNull(Strings.emptyToNull(input.parent), allProjects.get());
|
||||
@@ -97,10 +106,11 @@ public class SetParent implements RestModifyView<ProjectResource, Input> {
|
||||
}
|
||||
|
||||
public void validateParentUpdate(final ProjectControl ctl, String newParent, boolean checkIfAdmin)
|
||||
throws AuthException, ResourceConflictException, UnprocessableEntityException {
|
||||
throws AuthException, ResourceConflictException, UnprocessableEntityException,
|
||||
PermissionBackendException {
|
||||
IdentifiedUser user = ctl.getUser().asIdentifiedUser();
|
||||
if (checkIfAdmin && !user.getCapabilities().canAdministrateServer()) {
|
||||
throw new AuthException("not administrator");
|
||||
if (checkIfAdmin) {
|
||||
permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
if (ctl.getProject().getNameKey().equals(allProjects)) {
|
||||
|
||||
Reference in New Issue
Block a user