opendev/gerrit
Code Issues Proposed changes

Allow administrators to manage users' watched projects lists

Browse Source 
Rationale:
1. This fixes code to match the docs, as it currently reads e.g.
   'POST /accounts/{account-id}/watched.projects:delete', meaning that
   if it was only for the current user, we could omit the {account-id}
   part.
2. This is already doable by admins via getting (or generating) a
   user's HTTP password and then impersonating that user to modify the
   watched projects.
3. In most other API endpoints there is this check to allow admins
   modify user's settings.
4. This allows for watched projects automation, i.e. to subscribe
   project owners to the newly added projects that they own.

Change-Id: I8fc8ce4e39edbe09904eca8a8b6b78c412a392e1
This commit is contained in:
Dmitry Polyanitsa
2016-07-04 11:00:33 +02:00
parent b738eedced
commit 2f77f00c24
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteWatchedProjects.java
View File

@@ -50,7 +50,8 @@ public class DeleteWatchedProjects
public Response<?> apply( public Response<?> apply(
AccountResource rsrc, List<ProjectWatchInfo> input) AccountResource rsrc, List<ProjectWatchInfo> input)
throws UnprocessableEntityException, OrmException, AuthException { throws UnprocessableEntityException, OrmException, AuthException {
if (self.get() != rsrc.getUser()) { if (self.get() != rsrc.getUser()
&& !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("It is not allowed to edit project watches " throw new AuthException("It is not allowed to edit project watches "
+ "of other users"); + "of other users");
} }

3
gerrit-server/src/main/java/com/google/gerrit/server/account/GetWatchedProjects.java
View File

@@ -43,7 +43,8 @@ public class GetWatchedProjects implements RestReadView<AccountResource> {
@Override @Override
public List<ProjectWatchInfo> apply(AccountResource rsrc) public List<ProjectWatchInfo> apply(AccountResource rsrc)
throws OrmException, AuthException { throws OrmException, AuthException {
if (self.get() != rsrc.getUser()) { if (self.get() != rsrc.getUser()
&& !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("It is not allowed to list project watches " throw new AuthException("It is not allowed to list project watches "
+ "of other users"); + "of other users");
} }

3
gerrit-server/src/main/java/com/google/gerrit/server/account/PostWatchedProjects.java
View File

@@ -57,7 +57,8 @@ public class PostWatchedProjects
public List<ProjectWatchInfo> apply(AccountResource rsrc, public List<ProjectWatchInfo> apply(AccountResource rsrc,
List<ProjectWatchInfo> input) List<ProjectWatchInfo> input)
throws OrmException, RestApiException, IOException { throws OrmException, RestApiException, IOException {
if (self.get() != rsrc.getUser()) { if (self.get() != rsrc.getUser()
&& !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to edit project watches"); throw new AuthException("not allowed to edit project watches");
} }
List<AccountProjectWatch> accountProjectWatchList = List<AccountProjectWatch> accountProjectWatchList =