opendev/gerrit
Code Issues Proposed changes

Remove ReviewDb from PermissionBackend hierarchy

Browse Source 
Change-Id: I5a1a2f59573f3f3f3ea67137ea203e32e2f07e79
This commit is contained in:
Dave Borowitz
2018-12-14 13:44:10 -08:00
parent 5fef1eb3a0
commit 3d54a41d60
48 changed files with 77 additions and 287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/com/google/gerrit/server/ApprovalsUtil.java
View File

@@ -204,11 +204,11 @@ public class ApprovalsUtil {
}
Set<Account.Id> need = Sets.newLinkedHashSet(wantReviewers);
if (authorId != null && canSee(db, update.getNotes(), authorId)) {
if (authorId != null && canSee(update.getNotes(), authorId)) {
need.add(authorId);
}
if (committerId != null && canSee(db, update.getNotes(), committerId)) {
if (committerId != null && canSee(update.getNotes(), committerId)) {
need.add(committerId);
}
need.remove(change.getOwner());
@@ -229,16 +229,12 @@ public class ApprovalsUtil {
return Collections.unmodifiableList(cells);
}
private boolean canSee(ReviewDb db, ChangeNotes notes, Account.Id accountId) {
private boolean canSee(ChangeNotes notes, Account.Id accountId) {
try {
if (!projectCache.checkedGet(notes.getProjectName()).statePermitsRead()) {
return false;
}
permissionBackend
.absentUser(accountId)
.change(notes)
.database(db)
.check(ChangePermission.READ);
permissionBackend.absentUser(accountId).change(notes).check(ChangePermission.READ);
return true;
} catch (AuthException e) {
return false;
@@ -304,7 +300,7 @@ public class ApprovalsUtil {
if (approvals.isEmpty()) {
return ImmutableList.of();
}
checkApprovals(approvals, permissionBackend.user(user).database(db).change(update.getNotes()));
checkApprovals(approvals, permissionBackend.user(user).change(update.getNotes()));
List<PatchSetApproval> cells = new ArrayList<>(approvals.size());
Date ts = update.getWhen();
for (Map.Entry<String, Short> vote : approvals.entrySet()) {

3
java/com/google/gerrit/server/change/ChangeInserter.java
View File

@@ -425,8 +425,7 @@ public class ChangeInserter implements InsertChangeOp {
update.fixStatus(change.getStatus());
reviewerAdditions =
reviewerAdder.prepare(
ctx.getDb(), ctx.getNotes(), ctx.getUser(), getReviewerInputs(), true);
reviewerAdder.prepare(ctx.getNotes(), ctx.getUser(), getReviewerInputs(), true);
Optional<ReviewerAddition> reviewerError = reviewerAdditions.getFailures().stream().findFirst();
if (reviewerError.isPresent()) {
throw new UnprocessableEntityException(reviewerError.get().result.error);

6
java/com/google/gerrit/server/change/ChangeJson.java
View File

@@ -74,7 +74,6 @@ import com.google.gerrit.reviewdb.client.ChangeMessage;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.PatchSetApproval;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.ChangeMessagesUtil;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.GpgException;
@@ -202,7 +201,6 @@ public class ChangeJson {
}
}
private final Provider<ReviewDb> db;
private final Provider<CurrentUser> userProvider;
private final PermissionBackend permissionBackend;
private final ChangeData.Factory changeDataFactory;
@@ -225,7 +223,6 @@ public class ChangeJson {
@Inject
ChangeJson(
Provider<ReviewDb> db,
Provider<CurrentUser> user,
PermissionBackend permissionBackend,
ChangeData.Factory cdf,
@@ -241,7 +238,6 @@ public class ChangeJson {
RevisionJson.Factory revisionJsonFactory,
@Assisted Iterable<ListChangesOption> options,
@Assisted Optional<PluginDefinedAttributesFactory> pluginDefinedAttributesFactory) {
this.db = db;
this.userProvider = user;
this.changeDataFactory = cdf;
this.permissionBackend = permissionBackend;
@@ -803,7 +799,7 @@ public class ChangeJson {
*/
private PermissionBackend.ForChange permissionBackendForChange(CurrentUser user, ChangeData cd)
throws OrmException {
PermissionBackend.WithUser withUser = permissionBackend.user(user).database(db);
PermissionBackend.WithUser withUser = permissionBackend.user(user);
return lazyLoad
? withUser.change(cd)
: withUser.indexedChange(cd, notesFactory.createFromIndexedChange(cd.change()));

7
java/com/google/gerrit/server/change/ChangeResource.java
View File

@@ -29,7 +29,6 @@ import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.ApprovalsUtil;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.PatchSetUtil;
@@ -42,7 +41,6 @@ import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.TypeLiteral;
import com.google.inject.assistedinject.Assisted;
import java.io.IOException;
@@ -71,7 +69,6 @@ public class ChangeResource implements RestResource, HasETag {
private static final String ZERO_ID_STRING = ObjectId.zeroId().name();
private final Provider<ReviewDb> db;
private final AccountCache accountCache;
private final ApprovalsUtil approvalUtil;
private final PatchSetUtil patchSetUtil;
@@ -83,7 +80,6 @@ public class ChangeResource implements RestResource, HasETag {
@Inject
ChangeResource(
Provider<ReviewDb> db,
AccountCache accountCache,
ApprovalsUtil approvalUtil,
PatchSetUtil patchSetUtil,
@@ -92,7 +88,6 @@ public class ChangeResource implements RestResource, HasETag {
ProjectCache projectCache,
@Assisted ChangeNotes notes,
@Assisted CurrentUser user) {
this.db = db;
this.accountCache = accountCache;
this.approvalUtil = approvalUtil;
this.patchSetUtil = patchSetUtil;
@@ -104,7 +99,7 @@ public class ChangeResource implements RestResource, HasETag {
}
public PermissionBackend.ForChange permissions() {
return permissionBackend.user(user).database(db).change(notes);
return permissionBackend.user(user).change(notes);
}
public CurrentUser getUser() {

7
java/com/google/gerrit/server/change/LabelsJson.java
View File

@@ -44,7 +44,6 @@ import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.Account.Id;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSetApproval;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.ApprovalsUtil;
import com.google.gerrit.server.account.AccountLoader;
import com.google.gerrit.server.notedb.ChangeNotes;
@@ -55,7 +54,6 @@ import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.query.change.ChangeData;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.assistedinject.Assisted;
import java.sql.Timestamp;
import java.util.ArrayList;
@@ -79,7 +77,6 @@ public class LabelsJson {
LabelsJson create(Iterable<ListChangesOption> options);
}
private final Provider<ReviewDb> db;
private final ApprovalsUtil approvalsUtil;
private final ChangeNotes.Factory notesFactory;
private final PermissionBackend permissionBackend;
@@ -87,12 +84,10 @@ public class LabelsJson {
@Inject
LabelsJson(
Provider<ReviewDb> db,
ApprovalsUtil approvalsUtil,
ChangeNotes.Factory notesFactory,
PermissionBackend permissionBackend,
@Assisted Iterable<ListChangesOption> options) {
this.db = db;
this.approvalsUtil = approvalsUtil;
this.notesFactory = notesFactory;
this.permissionBackend = permissionBackend;
@@ -507,7 +502,7 @@ public class LabelsJson {
*/
private PermissionBackend.ForChange permissionBackendForChange(Account.Id user, ChangeData cd)
throws OrmException {
PermissionBackend.WithUser withUser = permissionBackend.absentUser(user).database(db);
PermissionBackend.WithUser withUser = permissionBackend.absentUser(user);
return lazyLoad
? withUser.change(cd)
: withUser.indexedChange(cd, notesFactory.createFromIndexedChange(cd.change()));

6
java/com/google/gerrit/server/change/PatchSetInserter.java
View File

@@ -287,11 +287,7 @@ public class PatchSetInserter implements BatchUpdateOp {
psUtil.checkPatchSetNotLocked(origNotes);
if (checkAddPatchSetPermission) {
permissionBackend
.user(ctx.getUser())
.database(ctx.getDb())
.change(origNotes)
.check(ChangePermission.ADD_PATCH_SET);
permissionBackend.user(ctx.getUser()).change(origNotes).check(ChangePermission.ADD_PATCH_SET);
}
projectCache.checkedGet(ctx.getProject()).checkStatePermitsWrite();
if (!validate) {

35
java/com/google/gerrit/server/change/ReviewerAdder.java
View File

@@ -52,7 +52,6 @@ import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.PatchSetApproval;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.AnonymousUser;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
@@ -189,7 +188,6 @@ public class ReviewerAdder {
/**
* Prepare application of a single {@link AddReviewerInput}.
*
* @param db database.
* @param notes change notes.
* @param user user performing the reviewer addition.
* @param input input describing user or group to add as a reviewer.
@@ -203,7 +201,7 @@ public class ReviewerAdder {
* @throws ConfigInvalidException
*/
public ReviewerAddition prepare(
ReviewDb db, ChangeNotes notes, CurrentUser user, AddReviewerInput input, boolean allowGroup)
ChangeNotes notes, CurrentUser user, AddReviewerInput input, boolean allowGroup)
throws OrmException, IOException, PermissionBackendException, ConfigInvalidException {
requireNonNull(input.reviewer);
ListMultimap<RecipientType, Account.Id> accountsToNotify;
@@ -219,13 +217,12 @@ public class ReviewerAdder {
.is(BooleanProjectConfig.ENABLE_REVIEWER_BY_EMAIL);
ReviewerAddition byAccountId =
addByAccountId(db, input, notes, user, accountsToNotify, allowGroup, allowByEmail);
addByAccountId(input, notes, user, accountsToNotify, allowGroup, allowByEmail);
ReviewerAddition wholeGroup = null;
if (byAccountId == null || !byAccountId.exactMatchFound) {
wholeGroup =
addWholeGroup(
db, input, notes, user, accountsToNotify, confirmed, allowGroup, allowByEmail);
addWholeGroup(input, notes, user, accountsToNotify, confirmed, allowGroup, allowByEmail);
if (wholeGroup != null && wholeGroup.exactMatchFound) {
return wholeGroup;
}
@@ -238,7 +235,7 @@ public class ReviewerAdder {
return wholeGroup;
}
return addByEmail(db, input, notes, user, accountsToNotify);
return addByEmail(input, notes, user, accountsToNotify);
}
public ReviewerAddition ccCurrentUser(CurrentUser user, RevisionResource revision) {
@@ -254,7 +251,6 @@ public class ReviewerAdder {
@Nullable
private ReviewerAddition addByAccountId(
ReviewDb db,
AddReviewerInput input,
ChangeNotes notes,
CurrentUser user,
@@ -282,7 +278,7 @@ public class ReviewerAdder {
return null;
}
if (isValidReviewer(db, notes.getChange().getDest(), reviewerUser.getAccount())) {
if (isValidReviewer(notes.getChange().getDest(), reviewerUser.getAccount())) {
return new ReviewerAddition(
input,
notes,
@@ -309,7 +305,6 @@ public class ReviewerAdder {
@Nullable
private ReviewerAddition addWholeGroup(
ReviewDb db,
AddReviewerInput input,
ChangeNotes notes,
CurrentUser user,
@@ -380,7 +375,7 @@ public class ReviewerAdder {
}
for (Account member : members) {
if (isValidReviewer(db, notes.getChange().getDest(), member)) {
if (isValidReviewer(notes.getChange().getDest(), member)) {
reviewers.add(member.getId());
}
}
@@ -390,18 +385,13 @@ public class ReviewerAdder {
@Nullable
private ReviewerAddition addByEmail(
ReviewDb db,
AddReviewerInput input,
ChangeNotes notes,
CurrentUser user,
ListMultimap<RecipientType, Account.Id> accountsToNotify)
throws PermissionBackendException {
try {
permissionBackend
.user(anonymousProvider.get())
.database(db)
.change(notes)
.check(ChangePermission.READ);
permissionBackend.user(anonymousProvider.get()).change(notes).check(ChangePermission.READ);
} catch (AuthException e) {
return fail(
input,
@@ -420,7 +410,7 @@ public class ReviewerAdder {
input, notes, user, null, ImmutableList.of(adr), accountsToNotify, true);
}
private boolean isValidReviewer(ReviewDb db, Branch.NameKey branch, Account member)
private boolean isValidReviewer(Branch.NameKey branch, Account member)
throws PermissionBackendException {
if (!member.isActive()) {
return false;
@@ -430,11 +420,7 @@ public class ReviewerAdder {
// Check ref permission instead of change permission, since change permissions take into
// account the private bit, whereas adding a user as a reviewer is explicitly allowing them to
// see private changes.
permissionBackend
.absentUser(member.getId())
.database(db)
.ref(branch)
.check(RefPermission.READ);
permissionBackend.absentUser(member.getId()).ref(branch).check(RefPermission.READ);
return true;
} catch (AuthException e) {
return false;
@@ -566,7 +552,6 @@ public class ReviewerAdder {
}
public ReviewerAdditionList prepare(
ReviewDb db,
ChangeNotes notes,
CurrentUser user,
Iterable<? extends AddReviewerInput> inputs,
@@ -587,7 +572,7 @@ public class ReviewerAdder {
.collect(toImmutableList());
List<ReviewerAddition> additions = new ArrayList<>();
for (AddReviewerInput input : sorted) {
additions.add(prepare(db, notes, user, input, allowGroup));
additions.add(prepare(notes, user, input, allowGroup));
}
return new ReviewerAdditionList(additions);
}

8
java/com/google/gerrit/server/change/ReviewerJson.java
View File

@@ -27,7 +27,6 @@ import com.google.gerrit.mail.Address;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.PatchSetApproval;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.ApprovalsUtil;
import com.google.gerrit.server.account.AccountLoader;
import com.google.gerrit.server.permissions.LabelPermission;
@@ -38,7 +37,6 @@ import com.google.gerrit.server.project.SubmitRuleOptions;
import com.google.gerrit.server.query.change.ChangeData;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.Collection;
import java.util.List;
@@ -46,7 +44,6 @@ import java.util.TreeMap;
@Singleton
public class ReviewerJson {
private final Provider<ReviewDb> db;
private final PermissionBackend permissionBackend;
private final ChangeData.Factory changeDataFactory;
private final ApprovalsUtil approvalsUtil;
@@ -55,13 +52,11 @@ public class ReviewerJson {
@Inject
ReviewerJson(
Provider<ReviewDb> db,
PermissionBackend permissionBackend,
ChangeData.Factory changeDataFactory,
ApprovalsUtil approvalsUtil,
AccountLoader.Factory accountLoaderFactory,
SubmitRuleEvaluator.Factory submitRuleEvaluatorFactory) {
this.db = db;
this.permissionBackend = permissionBackend;
this.changeDataFactory = changeDataFactory;
this.approvalsUtil = approvalsUtil;
@@ -128,8 +123,7 @@ public class ReviewerJson {
// do not exist in the DB.
PatchSet ps = cd.currentPatchSet();
if (ps != null) {
PermissionBackend.ForChange perm =
permissionBackend.absentUser(reviewerAccountId).database(db).change(cd);
PermissionBackend.ForChange perm = permissionBackend.absentUser(reviewerAccountId).change(cd);
for (SubmitRecord rec : submitRuleEvaluator.evaluate(cd)) {
if (rec.labels == null) {

10
java/com/google/gerrit/server/edit/ChangeEditModifier.java
View File

@@ -23,7 +23,6 @@ import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.IdentifiedUser;
@@ -80,7 +79,6 @@ public class ChangeEditModifier {
private final TimeZone tz;
private final ChangeIndexer indexer;
private final Provider<ReviewDb> reviewDb;
private final Provider<CurrentUser> currentUser;
private final PermissionBackend permissionBackend;
private final ChangeEditUtil changeEditUtil;
@@ -91,14 +89,12 @@ public class ChangeEditModifier {
ChangeEditModifier(
@GerritPersonIdent PersonIdent gerritIdent,
ChangeIndexer indexer,
Provider<ReviewDb> reviewDb,
Provider<CurrentUser> currentUser,
PermissionBackend permissionBackend,
ChangeEditUtil changeEditUtil,
PatchSetUtil patchSetUtil,
ProjectCache projectCache) {
this.indexer = indexer;
this.reviewDb = reviewDb;
this.currentUser = currentUser;
this.permissionBackend = permissionBackend;
this.tz = gerritIdent.getTimeZone();
@@ -410,11 +406,7 @@ public class ChangeEditModifier {
// Not allowed to edit if the current patch set is locked.
patchSetUtil.checkPatchSetNotLocked(notes);
try {
permissionBackend
.currentUser()
.database(reviewDb)
.change(notes)
.check(ChangePermission.ADD_PATCH_SET);
permissionBackend.currentUser().change(notes).check(ChangePermission.ADD_PATCH_SET);
projectCache.checkedGet(notes.getProjectName()).checkStatePermitsWrite();
} catch (AuthException denied) {
throw new AuthException("edit not permitted", denied);

10
java/com/google/gerrit/server/events/EventBroker.java
View File

@@ -22,7 +22,6 @@ import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.notedb.ChangeNotes;
import com.google.gerrit.server.permissions.ChangePermission;
@@ -37,7 +36,6 @@ import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
/** Distributes Events to listeners if they are allowed to see them */
@@ -64,22 +62,18 @@ public class EventBroker implements EventDispatcher {
protected final ChangeNotes.Factory notesFactory;
protected final Provider<ReviewDb> dbProvider;
@Inject
public EventBroker(
PluginSetContext<UserScopedEventListener> listeners,
PluginSetContext<EventListener> unrestrictedListeners,
PermissionBackend permissionBackend,
ProjectCache projectCache,
ChangeNotes.Factory notesFactory,
Provider<ReviewDb> dbProvider) {
ChangeNotes.Factory notesFactory) {
this.listeners = listeners;
this.unrestrictedListeners = unrestrictedListeners;
this.permissionBackend = permissionBackend;
this.projectCache = projectCache;
this.notesFactory = notesFactory;
this.dbProvider = dbProvider;
}
@Override
@@ -173,12 +167,10 @@ public class EventBroker implements EventDispatcher {
if (pe == null || !pe.statePermitsRead()) {
return false;
}
ReviewDb db = dbProvider.get();
try {
permissionBackend
.user(user)
.change(notesFactory.createChecked(change))
.database(db)
.check(ChangePermission.READ);
return true;
} catch (AuthException e) {

2
java/com/google/gerrit/server/git/receive/ReceiveCommits.java
View File

@@ -2659,7 +2659,7 @@ class ReceiveCommits {
}
try {
permissions.change(notes).database(db).check(ChangePermission.ADD_PATCH_SET);
permissions.change(notes).check(ChangePermission.ADD_PATCH_SET);
} catch (AuthException no) {
reject(inputCommand, "cannot add patch set to " + ontoChange + ".");
return false;

1
java/com/google/gerrit/server/git/receive/ReplaceOp.java
View File

@@ -316,7 +316,6 @@ public class ReplaceOp implements BatchUpdateOp {
reviewerAdditions =
reviewerAdder.prepare(
ctx.getDb(),
ctx.getNotes(),
ctx.getUser(),
getReviewerInputs(magicBranch, fromFooters, ctx.getChange(), info),

6
java/com/google/gerrit/server/mail/send/ChangeEmail.java
View File

@@ -378,11 +378,7 @@ public abstract class ChangeEmail extends NotificationEmail {
return false;
}
try {
args.permissionBackend
.absentUser(to)
.change(changeData)
.database(args.db)
.check(ChangePermission.READ);
args.permissionBackend.absentUser(to).change(changeData).check(ChangePermission.READ);
return true;
} catch (AuthException e) {
return false;

8
java/com/google/gerrit/server/patch/PatchScriptFactory.java
View File

@@ -29,7 +29,6 @@ import com.google.gerrit.reviewdb.client.Comment;
import com.google.gerrit.reviewdb.client.Patch;
import com.google.gerrit.reviewdb.client.Patch.ChangeType;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CommentsUtil;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.PatchSetUtil;
@@ -82,7 +81,6 @@ public class PatchScriptFactory implements Callable<PatchScript> {
private final PatchSetUtil psUtil;
private final Provider<PatchScriptBuilder> builderFactory;
private final PatchListCache patchListCache;
private final ReviewDb db;
private final CommentsUtil commentsUtil;
private final String fileName;
@@ -112,7 +110,6 @@ public class PatchScriptFactory implements Callable<PatchScript> {
PatchSetUtil psUtil,
Provider<PatchScriptBuilder> builderFactory,
PatchListCache patchListCache,
ReviewDb db,
CommentsUtil commentsUtil,
ChangeEditUtil editReader,
Provider<CurrentUser> userProvider,
@@ -127,7 +124,6 @@ public class PatchScriptFactory implements Callable<PatchScript> {
this.psUtil = psUtil;
this.builderFactory = builderFactory;
this.patchListCache = patchListCache;
this.db = db;
this.notes = notes;
this.commentsUtil = commentsUtil;
this.editReader = editReader;
@@ -150,7 +146,6 @@ public class PatchScriptFactory implements Callable<PatchScript> {
PatchSetUtil psUtil,
Provider<PatchScriptBuilder> builderFactory,
PatchListCache patchListCache,
ReviewDb db,
CommentsUtil commentsUtil,
ChangeEditUtil editReader,
Provider<CurrentUser> userProvider,
@@ -165,7 +160,6 @@ public class PatchScriptFactory implements Callable<PatchScript> {
this.psUtil = psUtil;
this.builderFactory = builderFactory;
this.patchListCache = patchListCache;
this.db = db;
this.notes = notes;
this.commentsUtil = commentsUtil;
this.editReader = editReader;
@@ -204,7 +198,7 @@ public class PatchScriptFactory implements Callable<PatchScript> {
PatchSet psEntityB = psb.get() == 0 ? new PatchSet(psb) : psUtil.get(notes, psb);
if (psEntityA != null || psEntityB != null) {
try {
permissionBackend.currentUser().change(notes).database(db).check(ChangePermission.READ);
permissionBackend.currentUser().change(notes).check(ChangePermission.READ);
} catch (AuthException e) {
throw new NoSuchChangeException(changeId);
}

8
java/com/google/gerrit/server/permissions/ChangeControl.java
View File

@@ -27,7 +27,6 @@ import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.notedb.ChangeNotes;
import com.google.gerrit.server.permissions.PermissionBackend.ForChange;
@@ -221,13 +220,6 @@ class ChangeControl {
this.cd = cd;
}
private ReviewDb db() {
if (db != null) {
return db.get();
}
return null;
}
private ChangeData changeData() {
if (cd == null) {
cd = changeDataFactory.create(notes);

2
java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
View File

@@ -109,7 +109,7 @@ public class DefaultPermissionBackend extends PermissionBackend {
PerThreadCache.getOrCompute(
PerThreadCache.Key.create(ProjectControl.class, project, user.getCacheKey()),
() -> projectControlFactory.create(user, state));
return control.asForProject().database(db);
return control.asForProject();
} catch (Exception e) {
Throwable cause = e.getCause() != null ? e.getCause() : e;
return FailedPermissionBackend.project(

5
java/com/google/gerrit/server/permissions/DefaultRefFilter.java
View File

@@ -35,7 +35,6 @@ import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.GroupCache;
@@ -51,7 +50,6 @@ import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.query.change.ChangeData;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.assistedinject.Assisted;
import java.io.IOException;
import java.util.ArrayList;
@@ -93,7 +91,6 @@ class DefaultRefFilter {
TagCache tagCache,
ChangeNotes.Factory changeNotesFactory,
@Nullable SearchingChangeCacheImpl changeCache,
Provider<ReviewDb> db,
GroupCache groupCache,
PermissionBackend permissionBackend,
@GerritServerConfig Config config,
@@ -111,7 +108,7 @@ class DefaultRefFilter {
this.user = projectControl.getUser();
this.projectState = projectControl.getProjectState();
this.permissionBackendForProject =
permissionBackend.user(user).database(db).project(projectState.getNameKey());
permissionBackend.user(user).project(projectState.getNameKey());
this.fullFilterCount =
metricMaker.newCounter(
"permissions/ref_filter/full_filter_count",

17
java/com/google/gerrit/server/permissions/FailedPermissionBackend.java
View File

@@ -17,7 +17,6 @@ package com.google.gerrit.server.permissions;
import com.google.gerrit.extensions.api.access.GlobalOrPluginPermission;
import com.google.gerrit.extensions.conditions.BooleanCondition;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.notedb.ChangeNotes;
import com.google.gerrit.server.permissions.PermissionBackend.ForChange;
import com.google.gerrit.server.permissions.PermissionBackend.ForProject;
@@ -25,7 +24,6 @@ import com.google.gerrit.server.permissions.PermissionBackend.ForRef;
import com.google.gerrit.server.permissions.PermissionBackend.RefFilterOptions;
import com.google.gerrit.server.permissions.PermissionBackend.WithUser;
import com.google.gerrit.server.query.change.ChangeData;
import com.google.inject.Provider;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
@@ -114,11 +112,6 @@ public class FailedPermissionBackend {
this.cause = cause;
}
@Override
public ForProject database(Provider<ReviewDb> db) {
return this;
}
@Override
public String resourcePath() {
throw new UnsupportedOperationException(
@@ -163,11 +156,6 @@ public class FailedPermissionBackend {
this.cause = cause;
}
@Override
public ForRef database(Provider<ReviewDb> db) {
return this;
}
@Override
public String resourcePath() {
throw new UnsupportedOperationException(
@@ -216,11 +204,6 @@ public class FailedPermissionBackend {
this.cause = cause;
}
@Override
public ForChange database(Provider<ReviewDb> db) {
return this;
}
@Override
public String resourcePath() {
throw new UnsupportedOperationException(

34
java/com/google/gerrit/server/permissions/PermissionBackend.java
View File

@@ -29,14 +29,11 @@ import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.notedb.ChangeNotes;
import com.google.gerrit.server.query.change.ChangeData;
import com.google.gwtorm.server.OrmException;
import com.google.inject.ImplementedBy;
import com.google.inject.Provider;
import com.google.inject.util.Providers;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
@@ -152,35 +149,14 @@ public abstract class PermissionBackend {
// delegates to the appropriate testOrFalse method in PermissionBackend.
}
/** PermissionBackend with an optional per-request ReviewDb handle. */
public abstract static class AcceptsReviewDb<T> {
protected Provider<ReviewDb> db;
public T database(Provider<ReviewDb> db) {
if (db != null) {
this.db = db;
}
return self();
}
public T database(ReviewDb db) {
return database(Providers.of(requireNonNull(db, "ReviewDb")));
}
@SuppressWarnings("unchecked")
private T self() {
return (T) this;
}
}
/** PermissionBackend scoped to a specific user. */
public abstract static class WithUser extends AcceptsReviewDb<WithUser> {
public abstract static class WithUser {
/** Returns an instance scoped for the specified project. */
public abstract ForProject project(Project.NameKey project);
/** Returns an instance scoped for the {@code ref}, and its parent project. */
public ForRef ref(Branch.NameKey ref) {
return project(ref.getParentKey()).ref(ref.get()).database(db);
return project(ref.getParentKey()).ref(ref.get());
}
/** Returns an instance scoped for the change, and its destination ref and project. */
@@ -292,7 +268,7 @@ public abstract class PermissionBackend {
}
/** PermissionBackend scoped to a user and project. */
public abstract static class ForProject extends AcceptsReviewDb<ForProject> {
public abstract static class ForProject {
/** Returns the fully qualified resource path that this instance is scoped to. */
public abstract String resourcePath();
@@ -401,7 +377,7 @@ public abstract class PermissionBackend {
}
/** PermissionBackend scoped to a user, project and reference. */
public abstract static class ForRef extends AcceptsReviewDb<ForRef> {
public abstract static class ForRef {
/** Returns a fully qualified resource path that this instance is scoped to. */
public abstract String resourcePath();
@@ -451,7 +427,7 @@ public abstract class PermissionBackend {
}
/** PermissionBackend scoped to a user, project, reference and change. */
public abstract static class ForChange extends AcceptsReviewDb<ForChange> {
public abstract static class ForChange {
/** Returns the fully qualified resource path that this instance is scoped to. */
public abstract String resourcePath();

2
java/com/google/gerrit/server/permissions/ProjectControl.java
View File

@@ -343,7 +343,7 @@ class ProjectControl {
@Override
public ForRef ref(String ref) {
return controlForRef(ref).asForRef().database(db);
return controlForRef(ref).asForRef();
}
@Override

18
java/com/google/gerrit/server/project/RemoveReviewerControl.java
View File

@@ -18,7 +18,6 @@ import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSetApproval;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.notedb.ChangeNotes;
import com.google.gerrit.server.permissions.ChangePermission;
@@ -29,18 +28,15 @@ import com.google.gerrit.server.permissions.RefPermission;
import com.google.gerrit.server.query.change.ChangeData;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
@Singleton
public class RemoveReviewerControl {
private final PermissionBackend permissionBackend;
private final Provider<ReviewDb> dbProvider;
@Inject
RemoveReviewerControl(PermissionBackend permissionBackend, Provider<ReviewDb> dbProvider) {
RemoveReviewerControl(PermissionBackend permissionBackend) {
this.permissionBackend = permissionBackend;
this.dbProvider = dbProvider;
}
/**
@@ -75,11 +71,7 @@ public class RemoveReviewerControl {
permissionBackend, cd.change(), currentUser, reviewer, value)) {
return true;
}
return permissionBackend
.user(currentUser)
.change(cd)
.database(dbProvider)
.test(ChangePermission.REMOVE_REVIEWER);
return permissionBackend.user(currentUser).change(cd).test(ChangePermission.REMOVE_REVIEWER);
}
private void checkRemoveReviewer(
@@ -90,11 +82,7 @@ public class RemoveReviewerControl {
return;
}
permissionBackend
.user(currentUser)
.change(notes)
.database(dbProvider)
.check(ChangePermission.REMOVE_REVIEWER);
permissionBackend.user(currentUser).change(notes).check(ChangePermission.REMOVE_REVIEWER);
}
private static boolean canRemoveReviewerWithoutPermissionCheck(

2
java/com/google/gerrit/server/query/account/AccountPredicates.java
View File

@@ -126,7 +126,7 @@ public class AccountPredicates {
public static Predicate<AccountState> cansee(
AccountQueryBuilder.Arguments args, ChangeNotes changeNotes) {
return new CanSeeChangePredicate(args.db, args.permissionBackend, changeNotes);
return new CanSeeChangePredicate(args.permissionBackend, changeNotes);
}
static class AccountPredicate extends IndexPredicate<AccountState>

6
java/com/google/gerrit/server/query/account/AccountQueryBuilder.java
View File

@@ -126,11 +126,7 @@ public class AccountQueryBuilder extends QueryBuilder<AccountState> {
}
try {
args.permissionBackend
.user(args.getUser())
.database(args.db)
.change(changeNotes)
.check(ChangePermission.READ);
args.permissionBackend.user(args.getUser()).change(changeNotes).check(ChangePermission.READ);
} catch (AuthException e) {
throw error(String.format("change %s not found", change));
}

8
java/com/google/gerrit/server/query/account/CanSeeChangePredicate.java
View File

@@ -16,24 +16,19 @@ package com.google.gerrit.server.query.account;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.index.query.PostFilterPredicate;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.account.AccountState;
import com.google.gerrit.server.notedb.ChangeNotes;
import com.google.gerrit.server.permissions.ChangePermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Provider;
public class CanSeeChangePredicate extends PostFilterPredicate<AccountState> {
private final Provider<ReviewDb> db;
private final PermissionBackend permissionBackend;
private final ChangeNotes changeNotes;
CanSeeChangePredicate(
Provider<ReviewDb> db, PermissionBackend permissionBackend, ChangeNotes changeNotes) {
CanSeeChangePredicate(PermissionBackend permissionBackend, ChangeNotes changeNotes) {
super(AccountQueryBuilder.FIELD_CAN_SEE, changeNotes.getChangeId().toString());
this.db = db;
this.permissionBackend = permissionBackend;
this.changeNotes = changeNotes;
}
@@ -43,7 +38,6 @@ public class CanSeeChangePredicate extends PostFilterPredicate<AccountState> {
try {
permissionBackend
.absentUser(accountState.getAccount().getId())
.database(db)
.change(changeNotes)
.check(ChangePermission.READ);
return true;

6
java/com/google/gerrit/server/query/change/ChangeIsVisibleToPredicate.java
View File

@@ -18,7 +18,6 @@ import com.google.common.flogger.FluentLogger;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.index.query.IsVisibleToPredicate;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.AnonymousUser;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.index.IndexUtils;
@@ -37,7 +36,6 @@ import org.eclipse.jgit.errors.RepositoryNotFoundException;
public class ChangeIsVisibleToPredicate extends IsVisibleToPredicate<ChangeData> {
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
protected final Provider<ReviewDb> db;
protected final ChangeNotes.Factory notesFactory;
protected final CurrentUser user;
protected final PermissionBackend permissionBackend;
@@ -46,14 +44,12 @@ public class ChangeIsVisibleToPredicate extends IsVisibleToPredicate<ChangeData>
@Inject
public ChangeIsVisibleToPredicate(
Provider<ReviewDb> db,
ChangeNotes.Factory notesFactory,
CurrentUser user,
PermissionBackend permissionBackend,
ProjectCache projectCache,
Provider<AnonymousUser> anonymousUserProvider) {
super(ChangeQueryBuilder.FIELD_VISIBLETO, IndexUtils.describe(user));
this.db = db;
this.notesFactory = notesFactory;
this.user = user;
this.permissionBackend = permissionBackend;
@@ -92,7 +88,7 @@ public class ChangeIsVisibleToPredicate extends IsVisibleToPredicate<ChangeData>
? permissionBackend.absentUser(user.getAccountId())
: permissionBackend.user(anonymousUserProvider.get());
try {
withUser.indexedChange(cd, notes).database(db).check(ChangePermission.READ);
withUser.indexedChange(cd, notes).check(ChangePermission.READ);
} catch (PermissionBackendException e) {
Throwable cause = e.getCause();
if (cause instanceof RepositoryNotFoundException) {

1
java/com/google/gerrit/server/query/change/ChangeQueryBuilder.java
View File

@@ -931,7 +931,6 @@ public class ChangeQueryBuilder extends QueryBuilder<ChangeData> {
public Predicate<ChangeData> visibleto(CurrentUser user) {
return new ChangeIsVisibleToPredicate(
args.db,
args.notesFactory,
user,
args.permissionBackend,

5
java/com/google/gerrit/server/query/change/ChangeQueryProcessor.java
View File

@@ -27,7 +27,6 @@ import com.google.gerrit.index.query.IndexPredicate;
import com.google.gerrit.index.query.Predicate;
import com.google.gerrit.index.query.QueryProcessor;
import com.google.gerrit.metrics.MetricMaker;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.AnonymousUser;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.DynamicOptions;
@@ -66,7 +65,6 @@ public class ChangeQueryProcessor extends QueryProcessor<ChangeData>
PluginDefinedInfo create(ChangeData a, ChangeQueryProcessor qp, String plugin);
}
private final Provider<ReviewDb> db;
private final Provider<CurrentUser> userProvider;
private final ChangeNotes.Factory notesFactory;
private final DynamicMap<ChangeAttributeFactory> attributeFactories;
@@ -92,7 +90,6 @@ public class ChangeQueryProcessor extends QueryProcessor<ChangeData>
IndexConfig indexConfig,
ChangeIndexCollection indexes,
ChangeIndexRewriter rewriter,
Provider<ReviewDb> db,
ChangeNotes.Factory notesFactory,
DynamicMap<ChangeAttributeFactory> attributeFactories,
PermissionBackend permissionBackend,
@@ -106,7 +103,6 @@ public class ChangeQueryProcessor extends QueryProcessor<ChangeData>
rewriter,
FIELD_LIMIT,
() -> limitsFactory.create(userProvider.get()).getQueryLimit());
this.db = db;
this.userProvider = userProvider;
this.notesFactory = notesFactory;
this.attributeFactories = attributeFactories;
@@ -173,7 +169,6 @@ public class ChangeQueryProcessor extends QueryProcessor<ChangeData>
return new AndChangeSource(
pred,
new ChangeIsVisibleToPredicate(
db,
notesFactory,
userProvider.get(),
permissionBackend,

7
java/com/google/gerrit/server/query/change/EqualsLabelPredicate.java
View File

@@ -21,7 +21,6 @@ import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSetApproval;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.index.change.ChangeField;
import com.google.gerrit.server.permissions.ChangePermission;
@@ -30,14 +29,12 @@ import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Provider;
import java.io.IOException;
public class EqualsLabelPredicate extends ChangeIndexPredicate {
protected final ProjectCache projectCache;
protected final PermissionBackend permissionBackend;
protected final IdentifiedUser.GenericFactory userFactory;
protected final Provider<ReviewDb> dbProvider;
protected final String label;
protected final int expVal;
protected final Account.Id account;
@@ -49,7 +46,6 @@ public class EqualsLabelPredicate extends ChangeIndexPredicate {
this.permissionBackend = args.permissionBackend;
this.projectCache = args.projectCache;
this.userFactory = args.userFactory;
this.dbProvider = args.dbProvider;
this.group = args.group;
this.label = label;
this.expVal = expVal;
@@ -123,8 +119,7 @@ public class EqualsLabelPredicate extends ChangeIndexPredicate {
// Check the user has 'READ' permission.
try {
PermissionBackend.ForChange perm =
permissionBackend.absentUser(approver).database(dbProvider).change(cd);
PermissionBackend.ForChange perm = permissionBackend.absentUser(approver).change(cd);
ProjectState projectState = projectCache.checkedGet(cd.project());
if (projectState == null || !projectState.statePermitsRead()) {
return false;

2
java/com/google/gerrit/server/restapi/change/Abandon.java
View File

@@ -83,7 +83,7 @@ public class Abandon extends RetryingRestModifyView<ChangeResource, AbandonInput
// Not allowed to abandon if the current patch set is locked.
patchSetUtil.checkPatchSetNotLocked(rsrc.getNotes());
rsrc.permissions().database(dbProvider).check(ChangePermission.ABANDON);
rsrc.permissions().check(ChangePermission.ABANDON);
NotifyHandling notify = input.notify == null ? defaultNotify(rsrc.getChange()) : input.notify;
Change change =

6
java/com/google/gerrit/server/restapi/change/ChangesCollection.java
View File

@@ -25,7 +25,6 @@ import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.extensions.restapi.TopLevelResource;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.ChangeFinder;
import com.google.gerrit.server.change.ChangeResource;
@@ -44,7 +43,6 @@ import java.util.List;
@Singleton
public class ChangesCollection implements RestCollection<TopLevelResource, ChangeResource> {
private final Provider<ReviewDb> db;
private final Provider<CurrentUser> user;
private final Provider<QueryChanges> queryFactory;
private final DynamicMap<RestView<ChangeResource>> views;
@@ -55,7 +53,6 @@ public class ChangesCollection implements RestCollection<TopLevelResource, Chang
@Inject
public ChangesCollection(
Provider<ReviewDb> db,
Provider<CurrentUser> user,
Provider<QueryChanges> queryFactory,
DynamicMap<RestView<ChangeResource>> views,
@@ -63,7 +60,6 @@ public class ChangesCollection implements RestCollection<TopLevelResource, Chang
ChangeResource.Factory changeResourceFactory,
PermissionBackend permissionBackend,
ProjectCache projectCache) {
this.db = db;
this.user = user;
this.queryFactory = queryFactory;
this.views = views;
@@ -129,7 +125,7 @@ public class ChangesCollection implements RestCollection<TopLevelResource, Chang
private boolean canRead(ChangeNotes notes) throws PermissionBackendException, IOException {
try {
permissionBackend.currentUser().change(notes).database(db).check(ChangePermission.READ);
permissionBackend.currentUser().change(notes).check(ChangePermission.READ);
} catch (AuthException e) {
return false;
}

2
java/com/google/gerrit/server/restapi/change/CreateChange.java
View File

@@ -221,7 +221,7 @@ public class CreateChange
}
ChangeNotes change = Iterables.getOnlyElement(notes);
try {
permissionBackend.currentUser().change(change).database(db).check(ChangePermission.READ);
permissionBackend.currentUser().change(change).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException("Read not permitted for " + input.baseChange);
}

4
java/com/google/gerrit/server/restapi/change/CreateMergePatchSet.java
View File

@@ -130,7 +130,7 @@ public class CreateMergePatchSet
// Not allowed to create a new patch set if the current patch set is locked.
psUtil.checkPatchSetNotLocked(rsrc.getNotes());
rsrc.permissions().database(db).check(ChangePermission.ADD_PATCH_SET);
rsrc.permissions().check(ChangePermission.ADD_PATCH_SET);
ProjectState projectState = projectCache.checkedGet(rsrc.getProject());
projectState.checkStatePermitsWrite();
@@ -212,7 +212,7 @@ public class CreateMergePatchSet
}
ChangeNotes change = Iterables.getOnlyElement(notes);
try {
permissionBackend.currentUser().change(change).database(db).check(ChangePermission.READ);
permissionBackend.currentUser().change(change).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException("Read not permitted for " + baseChange);
}

4
java/com/google/gerrit/server/restapi/change/DeleteChange.java
View File

@@ -59,7 +59,7 @@ public class DeleteChange extends RetryingRestModifyView<ChangeResource, Input,
if (!isChangeDeletable(rsrc.getChange().getStatus())) {
throw new MethodNotAllowedException("delete not permitted");
}
rsrc.permissions().database(db).check(ChangePermission.DELETE);
rsrc.permissions().check(ChangePermission.DELETE);
try (BatchUpdate bu =
updateFactory.create(db.get(), rsrc.getProject(), rsrc.getUser(), TimeUtil.nowTs())) {
@@ -74,7 +74,7 @@ public class DeleteChange extends RetryingRestModifyView<ChangeResource, Input,
@Override
public UiAction.Description getDescription(ChangeResource rsrc) {
Change.Status status = rsrc.getChange().getStatus();
PermissionBackend.ForChange perm = rsrc.permissions().database(db);
PermissionBackend.ForChange perm = rsrc.permissions();
return new UiAction.Description()
.setLabel("Delete")
.setTitle("Delete change " + rsrc.getId())

6
java/com/google/gerrit/server/restapi/change/Move.java
View File

@@ -151,8 +151,8 @@ public class Move extends RetryingRestModifyView<ChangeResource, MoveInput, Chan
// Move requires abandoning this change, and creating a new change.
try {
rsrc.permissions().database(dbProvider).check(ABANDON);
permissionBackend.user(caller).database(dbProvider).ref(newDest).check(CREATE_CHANGE);
rsrc.permissions().check(ABANDON);
permissionBackend.user(caller).ref(newDest).check(CREATE_CHANGE);
} catch (AuthException denied) {
throw new AuthException("move not permitted", denied);
}
@@ -327,6 +327,6 @@ public class Move extends RetryingRestModifyView<ChangeResource, MoveInput, Chan
return description.setVisible(
and(
permissionBackend.user(rsrc.getUser()).ref(change.getDest()).testCond(CREATE_CHANGE),
rsrc.permissions().database(dbProvider).testCond(ABANDON)));
rsrc.permissions().testCond(ABANDON)));
}
}

11
java/com/google/gerrit/server/restapi/change/PostReview.java
View File

@@ -280,8 +280,7 @@ public class PostReview
reviewerInput.notify = NotifyHandling.NONE;
ReviewerAddition result =
reviewerAdder.prepare(
db.get(), revision.getNotes(), revision.getUser(), reviewerInput, true);
reviewerAdder.prepare(revision.getNotes(), revision.getUser(), reviewerInput, true);
reviewerJsonResults.put(reviewerInput.reviewer, result.result);
if (result.result.error != null) {
hasError = true;
@@ -467,7 +466,7 @@ public class PostReview
}
CurrentUser caller = rev.getUser();
PermissionBackend.ForChange perm = rev.permissions().database(db);
PermissionBackend.ForChange perm = rev.permissions();
Iterator<Map.Entry<String, Short>> itr = in.labels.entrySet().iterator();
while (itr.hasNext()) {
Map.Entry<String, Short> ent = itr.next();
@@ -499,11 +498,7 @@ public class PostReview
IdentifiedUser reviewer = accountResolver.parseOnBehalfOf(caller, in.onBehalfOf);
try {
permissionBackend
.user(reviewer)
.database(db)
.change(rev.getNotes())
.check(ChangePermission.READ);
permissionBackend.user(reviewer).change(rev.getNotes()).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException(
String.format("on_behalf_of account %s cannot see change", reviewer.getAccountId()));

3
java/com/google/gerrit/server/restapi/change/PostReviewers.java
View File

@@ -68,8 +68,7 @@ public class PostReviewers
throw new BadRequestException("missing reviewer field");
}
ReviewerAddition addition =
reviewerAdder.prepare(dbProvider.get(), rsrc.getNotes(), rsrc.getUser(), input, true);
ReviewerAddition addition = reviewerAdder.prepare(rsrc.getNotes(), rsrc.getUser(), input, true);
if (addition.op == null) {
return addition.result;
}

3
java/com/google/gerrit/server/restapi/change/PutAssignee.java
View File

@@ -96,7 +96,6 @@ public class PutAssignee extends RetryingRestModifyView<ChangeResource, Assignee
try {
permissionBackend
.absentUser(assignee.getAccountId())
.database(db)
.change(rsrc.getNotes())
.check(ChangePermission.READ);
} catch (AuthException e) {
@@ -124,7 +123,7 @@ public class PutAssignee extends RetryingRestModifyView<ChangeResource, Assignee
reviewerInput.state = ReviewerState.CC;
reviewerInput.confirmed = true;
reviewerInput.notify = NotifyHandling.NONE;
return reviewerAdder.prepare(db.get(), rsrc.getNotes(), rsrc.getUser(), reviewerInput, false);
return reviewerAdder.prepare(rsrc.getNotes(), rsrc.getUser(), reviewerInput, false);
}
@Override

1
java/com/google/gerrit/server/restapi/change/PutMessage.java
View File

@@ -188,7 +188,6 @@ public class PutMessage
try {
permissionBackend
.user(userProvider.get())
.database(db.get())
.change(changeNotes)
.check(ChangePermission.ADD_PATCH_SET);
projectCache.checkedGet(changeNotes.getProjectName()).checkStatePermitsWrite();

10
java/com/google/gerrit/server/restapi/change/Rebase.java
View File

@@ -109,7 +109,7 @@ public class Rebase extends RetryingRestModifyView<RevisionResource, RebaseInput
// Not allowed to rebase if the current patch set is locked.
patchSetUtil.checkPatchSetNotLocked(rsrc.getNotes());
rsrc.permissions().database(dbProvider).check(ChangePermission.REBASE);
rsrc.permissions().check(ChangePermission.REBASE);
projectCache.checkedGet(rsrc.getProject()).checkStatePermitsWrite();
Change change = rsrc.getChange();
@@ -169,11 +169,7 @@ public class Rebase extends RetryingRestModifyView<RevisionResource, RebaseInput
throw new ResourceConflictException("cannot rebase change onto itself");
}
permissionBackend
.user(rsrc.getUser())
.database(dbProvider)
.change(base.notes())
.check(ChangePermission.READ);
permissionBackend.user(rsrc.getUser()).change(base.notes()).check(ChangePermission.READ);
Change baseChange = base.notes().getChange();
if (!baseChange.getProject().equals(change.getProject())) {
@@ -250,7 +246,7 @@ public class Rebase extends RetryingRestModifyView<RevisionResource, RebaseInput
return description;
}
if (rsrc.permissions().database(dbProvider).testOrFalse(ChangePermission.REBASE)) {
if (rsrc.permissions().testOrFalse(ChangePermission.REBASE)) {
return description.setVisible(true).setEnabled(enabled);
}
return description;

7
java/com/google/gerrit/server/restapi/change/RelatedChangesSorter.java
View File

@@ -28,7 +28,6 @@ import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.permissions.ChangePermission;
import com.google.gerrit.server.permissions.PermissionBackend;
@@ -38,7 +37,6 @@ import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.query.change.ChangeData;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.ArrayDeque;
@@ -61,18 +59,15 @@ import org.eclipse.jgit.revwalk.RevWalk;
class RelatedChangesSorter {
private final GitRepositoryManager repoManager;
private final PermissionBackend permissionBackend;
private final Provider<ReviewDb> dbProvider;
private final ProjectCache projectCache;
@Inject
RelatedChangesSorter(
GitRepositoryManager repoManager,
PermissionBackend permissionBackend,
Provider<ReviewDb> dbProvider,
ProjectCache projectCache) {
this.repoManager = repoManager;
this.permissionBackend = permissionBackend;
this.dbProvider = dbProvider;
this.projectCache = projectCache;
}
@@ -235,7 +230,7 @@ class RelatedChangesSorter {
}
private boolean isVisible(PatchSetData psd) throws PermissionBackendException, IOException {
PermissionBackend.WithUser perm = permissionBackend.currentUser().database(dbProvider);
PermissionBackend.WithUser perm = permissionBackend.currentUser();
try {
perm.change(psd.data()).check(ChangePermission.READ);
} catch (AuthException e) {

4
java/com/google/gerrit/server/restapi/change/Restore.java
View File

@@ -93,7 +93,7 @@ public class Restore extends RetryingRestModifyView<ChangeResource, RestoreInput
// Not allowed to restore if the current patch set is locked.
psUtil.checkPatchSetNotLocked(rsrc.getNotes());
rsrc.permissions().database(dbProvider).check(ChangePermission.RESTORE);
rsrc.permissions().check(ChangePermission.RESTORE);
projectCache.checkedGet(rsrc.getProject()).checkStatePermitsWrite();
Op op = new Op(input);
@@ -192,7 +192,7 @@ public class Restore extends RetryingRestModifyView<ChangeResource, RestoreInput
return description;
}
boolean visible = rsrc.permissions().database(dbProvider).testOrFalse(ChangePermission.RESTORE);
boolean visible = rsrc.permissions().testOrFalse(ChangePermission.RESTORE);
return description.setVisible(visible);
}
}

6
java/com/google/gerrit/server/restapi/change/Revisions.java
View File

@@ -24,7 +24,6 @@ import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.RevId;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.PatchSetUtil;
import com.google.gerrit.server.change.ChangeResource;
import com.google.gerrit.server.change.RevisionResource;
@@ -36,7 +35,6 @@ import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.ArrayList;
@@ -48,7 +46,6 @@ import org.eclipse.jgit.lib.ObjectId;
@Singleton
public class Revisions implements ChildCollection<ChangeResource, RevisionResource> {
private final DynamicMap<RestView<RevisionResource>> views;
private final Provider<ReviewDb> dbProvider;
private final ChangeEditUtil editUtil;
private final PatchSetUtil psUtil;
private final PermissionBackend permissionBackend;
@@ -57,13 +54,11 @@ public class Revisions implements ChildCollection<ChangeResource, RevisionResour
@Inject
Revisions(
DynamicMap<RestView<RevisionResource>> views,
Provider<ReviewDb> dbProvider,
ChangeEditUtil editUtil,
PatchSetUtil psUtil,
PermissionBackend permissionBackend,
ProjectCache projectCache) {
this.views = views;
this.dbProvider = dbProvider;
this.editUtil = editUtil;
this.psUtil = psUtil;
this.permissionBackend = permissionBackend;
@@ -114,7 +109,6 @@ public class Revisions implements ChildCollection<ChangeResource, RevisionResour
permissionBackend
.user(change.getUser())
.change(change.getNotes())
.database(dbProvider)
.check(ChangePermission.READ);
return projectCache.checkedGet(change.getProject()).statePermitsRead();
} catch (AuthException e) {

9
java/com/google/gerrit/server/restapi/change/Submit.java
View File

@@ -261,7 +261,6 @@ public class Submit
Set<ChangePermission> can =
permissionBackend
.user(user)
.database(dbProvider)
.change(c)
.test(EnumSet.of(ChangePermission.READ, ChangePermission.SUBMIT));
if (!can.contains(ChangePermission.READ)) {
@@ -465,18 +464,14 @@ public class Submit
private IdentifiedUser onBehalfOf(RevisionResource rsrc, SubmitInput in)
throws AuthException, UnprocessableEntityException, OrmException, PermissionBackendException,
IOException, ConfigInvalidException {
PermissionBackend.ForChange perm = rsrc.permissions().database(dbProvider);
PermissionBackend.ForChange perm = rsrc.permissions();
perm.check(ChangePermission.SUBMIT);
perm.check(ChangePermission.SUBMIT_AS);
CurrentUser caller = rsrc.getUser();
IdentifiedUser submitter = accountResolver.parseOnBehalfOf(caller, in.onBehalfOf);
try {
permissionBackend
.user(submitter)
.database(dbProvider)
.change(rsrc.getNotes())
.check(ChangePermission.READ);
permissionBackend.user(submitter).change(rsrc.getNotes()).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException(
String.format("on_behalf_of account %s cannot see change", submitter.getAccountId()));

1
java/com/google/gerrit/server/restapi/change/SuggestChangeReviewers.java
View File

@@ -90,7 +90,6 @@ public class SuggestChangeReviewers extends SuggestReviewers
// already a reviewer.
return permissionBackend
.absentUser(account)
.database(dbProvider)
.ref(rsrc.getChange().getDest())
.testOrFalse(RefPermission.READ);
}

6
java/com/google/gerrit/server/submit/LocalMergeSuperSetComputation.java
View File

@@ -123,7 +123,7 @@ public class LocalMergeSuperSetComputation implements MergeSuperSetComputation {
List<RevCommit> visibleCommits = new ArrayList<>();
List<RevCommit> nonVisibleCommits = new ArrayList<>();
for (ChangeData cd : bc.get(b)) {
boolean visible = isVisible(db, changeSet, cd, user);
boolean visible = isVisible(changeSet, cd, user);
if (submitType(cd) == SubmitType.CHERRY_PICK) {
if (visible) {
@@ -181,7 +181,7 @@ public class LocalMergeSuperSetComputation implements MergeSuperSetComputation {
}
}
private boolean isVisible(ReviewDb db, ChangeSet changeSet, ChangeData cd, CurrentUser user)
private boolean isVisible(ChangeSet changeSet, ChangeData cd, CurrentUser user)
throws PermissionBackendException, IOException {
ProjectState projectState = projectCache.checkedGet(cd.project());
boolean visible =
@@ -193,7 +193,7 @@ public class LocalMergeSuperSetComputation implements MergeSuperSetComputation {
}
try {
permissionBackend.user(user).change(cd).database(db).check(ChangePermission.READ);
permissionBackend.user(user).change(cd).check(ChangePermission.READ);
return true;
} catch (AuthException e) {
// We thought the change was visible, but it isn't.

18
java/com/google/gerrit/server/submit/MergeSuperSet.java
View File

@@ -110,7 +110,7 @@ public class MergeSuperSet {
if (projectState.statePermitsRead()) {
try {
permissionBackend.user(user).change(cd).database(db).check(ChangePermission.READ);
permissionBackend.user(user).change(cd).check(ChangePermission.READ);
visible = true;
} catch (AuthException e) {
// Do nothing.
@@ -147,11 +147,7 @@ public class MergeSuperSet {
* @return the resulting larger {@link ChangeSet}
*/
private ChangeSet topicClosure(
ReviewDb db,
ChangeSet changeSet,
CurrentUser user,
Set<String> topicsSeen,
Set<String> visibleTopicsSeen)
ChangeSet changeSet, CurrentUser user, Set<String> topicsSeen, Set<String> visibleTopicsSeen)
throws OrmException, PermissionBackendException, IOException {
List<ChangeData> visibleChanges = new ArrayList<>();
List<ChangeData> nonVisibleChanges = new ArrayList<>();
@@ -163,7 +159,7 @@ public class MergeSuperSet {
continue;
}
for (ChangeData topicCd : byTopicOpen(topic)) {
if (canRead(db, user, topicCd)) {
if (canRead(user, topicCd)) {
visibleChanges.add(topicCd);
} else {
nonVisibleChanges.add(topicCd);
@@ -194,7 +190,7 @@ public class MergeSuperSet {
int oldSeen;
int seen;
changeSet = topicClosure(db, changeSet, user, topicsSeen, visibleTopicsSeen);
changeSet = topicClosure(changeSet, user, topicsSeen, visibleTopicsSeen);
seen = topicsSeen.size() + visibleTopicsSeen.size();
do {
@@ -202,7 +198,7 @@ public class MergeSuperSet {
try (TraceContext traceContext = PluginContext.newTrace(mergeSuperSetComputation)) {
changeSet = mergeSuperSetComputation.get().completeWithoutTopic(db, orm, changeSet, user);
}
changeSet = topicClosure(db, changeSet, user, topicsSeen, visibleTopicsSeen);
changeSet = topicClosure(changeSet, user, topicsSeen, visibleTopicsSeen);
seen = topicsSeen.size() + visibleTopicsSeen.size();
} while (seen != oldSeen);
return changeSet;
@@ -212,7 +208,7 @@ public class MergeSuperSet {
return queryProvider.get().byTopicOpen(topic);
}
private boolean canRead(ReviewDb db, CurrentUser user, ChangeData cd)
private boolean canRead(CurrentUser user, ChangeData cd)
throws PermissionBackendException, IOException {
ProjectState projectState = projectCache.checkedGet(cd.project());
if (projectState == null || !projectState.statePermitsRead()) {
@@ -220,7 +216,7 @@ public class MergeSuperSet {
}
try {
permissionBackend.user(user).change(cd).database(db).check(ChangePermission.READ);
permissionBackend.user(user).change(cd).check(ChangePermission.READ);
return true;
} catch (AuthException e) {
return false;