Remove PermissionBackend#user(Provider<CurrentUser>)
Checking permissions of users that aren't the caller on the current request can have implications on the security of the system. The most prominent one is creating a group-oracle. To limit the cases where we could potentially expose Gerrit to these threats, PermissionBackend removes the method that was operating solely on the provider of the current user. Change-Id: I601ea1200a15a5f262ca0770b23cc1c7bee126b1
This commit is contained in:
Patrick Hiesel
@@ -208,7 +208,6 @@ class InProcessProtocol extends TestProtocol<Context> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static class Upload implements UploadPackFactory<Context> {
|
private static class Upload implements UploadPackFactory<Context> {
|
||||||
private final Provider<CurrentUser> userProvider;
|
|
||||||
private final TransferConfig transferConfig;
|
private final TransferConfig transferConfig;
|
||||||
private final DynamicSet<UploadPackInitializer> uploadPackInitializers;
|
private final DynamicSet<UploadPackInitializer> uploadPackInitializers;
|
||||||
private final DynamicSet<PreUploadHook> preUploadHooks;
|
private final DynamicSet<PreUploadHook> preUploadHooks;
|
||||||
@@ -219,7 +218,6 @@ class InProcessProtocol extends TestProtocol<Context> {
|
|||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
Upload(
|
Upload(
|
||||||
Provider<CurrentUser> userProvider,
|
|
||||||
TransferConfig transferConfig,
|
TransferConfig transferConfig,
|
||||||
DynamicSet<UploadPackInitializer> uploadPackInitializers,
|
DynamicSet<UploadPackInitializer> uploadPackInitializers,
|
||||||
DynamicSet<PreUploadHook> preUploadHooks,
|
DynamicSet<PreUploadHook> preUploadHooks,
|
||||||
@@ -227,7 +225,6 @@ class InProcessProtocol extends TestProtocol<Context> {
|
|||||||
ThreadLocalRequestContext threadContext,
|
ThreadLocalRequestContext threadContext,
|
||||||
ProjectCache projectCache,
|
ProjectCache projectCache,
|
||||||
PermissionBackend permissionBackend) {
|
PermissionBackend permissionBackend) {
|
||||||
this.userProvider = userProvider;
|
|
||||||
this.transferConfig = transferConfig;
|
this.transferConfig = transferConfig;
|
||||||
this.uploadPackInitializers = uploadPackInitializers;
|
this.uploadPackInitializers = uploadPackInitializers;
|
||||||
this.preUploadHooks = preUploadHooks;
|
this.preUploadHooks = preUploadHooks;
|
||||||
@@ -246,7 +243,7 @@ class InProcessProtocol extends TestProtocol<Context> {
|
|||||||
threadContext.setContext(req);
|
threadContext.setContext(req);
|
||||||
current.set(req);
|
current.set(req);
|
||||||
|
|
||||||
PermissionBackend.ForProject perm = permissionBackend.user(userProvider).project(req.project);
|
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(req.project);
|
||||||
try {
|
try {
|
||||||
perm.check(ProjectPermission.RUN_UPLOAD_PACK);
|
perm.check(ProjectPermission.RUN_UPLOAD_PACK);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
@@ -318,7 +315,7 @@ class InProcessProtocol extends TestProtocol<Context> {
|
|||||||
current.set(req);
|
current.set(req);
|
||||||
try {
|
try {
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(userProvider)
|
.currentUser()
|
||||||
.project(req.project)
|
.project(req.project)
|
||||||
.check(ProjectPermission.RUN_RECEIVE_PACK);
|
.check(ProjectPermission.RUN_RECEIVE_PACK);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
|
|||||||
@@ -261,7 +261,7 @@ public class GitOverHttpServlet extends GitServlet {
|
|||||||
ProjectState state = (ProjectState) request.getAttribute(ATT_STATE);
|
ProjectState state = (ProjectState) request.getAttribute(ATT_STATE);
|
||||||
UploadPack up = (UploadPack) request.getAttribute(ServletUtils.ATTRIBUTE_HANDLER);
|
UploadPack up = (UploadPack) request.getAttribute(ServletUtils.ATTRIBUTE_HANDLER);
|
||||||
PermissionBackend.ForProject perm =
|
PermissionBackend.ForProject perm =
|
||||||
permissionBackend.user(userProvider).project(state.getNameKey());
|
permissionBackend.currentUser().project(state.getNameKey());
|
||||||
try {
|
try {
|
||||||
perm.check(ProjectPermission.RUN_UPLOAD_PACK);
|
perm.check(ProjectPermission.RUN_UPLOAD_PACK);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
@@ -356,7 +356,7 @@ public class GitOverHttpServlet extends GitServlet {
|
|||||||
Capable s;
|
Capable s;
|
||||||
try {
|
try {
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(userProvider)
|
.currentUser()
|
||||||
.project(state.getNameKey())
|
.project(state.getNameKey())
|
||||||
.check(ProjectPermission.RUN_RECEIVE_PACK);
|
.check(ProjectPermission.RUN_RECEIVE_PACK);
|
||||||
s = arc.canUpload();
|
s = arc.canUpload();
|
||||||
|
|||||||
@@ -112,11 +112,11 @@ class GitwebServlet extends HttpServlet {
|
|||||||
GitRepositoryManager repoManager,
|
GitRepositoryManager repoManager,
|
||||||
ProjectCache projectCache,
|
ProjectCache projectCache,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<AnonymousUser> anonymousUserProvider,
|
|
||||||
Provider<CurrentUser> userProvider,
|
Provider<CurrentUser> userProvider,
|
||||||
SitePaths site,
|
SitePaths site,
|
||||||
@GerritServerConfig Config cfg,
|
@GerritServerConfig Config cfg,
|
||||||
SshInfo sshInfo,
|
SshInfo sshInfo,
|
||||||
|
Provider<AnonymousUser> anonymousUserProvider,
|
||||||
GitwebConfig gitwebConfig,
|
GitwebConfig gitwebConfig,
|
||||||
GitwebCgiConfig gitwebCgiConfig)
|
GitwebCgiConfig gitwebCgiConfig)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
@@ -423,7 +423,10 @@ class GitwebServlet extends HttpServlet {
|
|||||||
}
|
}
|
||||||
|
|
||||||
projectState.checkStatePermitsRead();
|
projectState.checkStatePermitsRead();
|
||||||
permissionBackend.user(userProvider).project(nameKey).check(ProjectPermission.READ);
|
permissionBackend
|
||||||
|
.user(anonymousUserProvider.get())
|
||||||
|
.project(nameKey)
|
||||||
|
.check(ProjectPermission.READ);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
sendErrorOrRedirect(req, rsp, HttpServletResponse.SC_NOT_FOUND);
|
sendErrorOrRedirect(req, rsp, HttpServletResponse.SC_NOT_FOUND);
|
||||||
return;
|
return;
|
||||||
@@ -584,7 +587,7 @@ class GitwebServlet extends HttpServlet {
|
|||||||
|
|
||||||
if (projectState.statePermitsRead()
|
if (projectState.statePermitsRead()
|
||||||
&& permissionBackend
|
&& permissionBackend
|
||||||
.user(anonymousUserProvider)
|
.user(anonymousUserProvider.get())
|
||||||
.project(nameKey)
|
.project(nameKey)
|
||||||
.testOrFalse(ProjectPermission.READ)) {
|
.testOrFalse(ProjectPermission.READ)) {
|
||||||
env.set("GERRIT_ANONYMOUS_READ", "1");
|
env.set("GERRIT_ANONYMOUS_READ", "1");
|
||||||
|
|||||||
@@ -21,7 +21,6 @@ import com.google.gerrit.reviewdb.client.Change;
|
|||||||
import com.google.gerrit.reviewdb.client.Patch;
|
import com.google.gerrit.reviewdb.client.Patch;
|
||||||
import com.google.gerrit.reviewdb.client.PatchSet;
|
import com.google.gerrit.reviewdb.client.PatchSet;
|
||||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.PatchSetUtil;
|
import com.google.gerrit.server.PatchSetUtil;
|
||||||
import com.google.gerrit.server.edit.ChangeEdit;
|
import com.google.gerrit.server.edit.ChangeEdit;
|
||||||
import com.google.gerrit.server.edit.ChangeEditUtil;
|
import com.google.gerrit.server.edit.ChangeEditUtil;
|
||||||
@@ -54,7 +53,6 @@ import org.eclipse.jgit.lib.ObjectId;
|
|||||||
@Singleton
|
@Singleton
|
||||||
public class CatServlet extends HttpServlet {
|
public class CatServlet extends HttpServlet {
|
||||||
private final Provider<ReviewDb> requestDb;
|
private final Provider<ReviewDb> requestDb;
|
||||||
private final Provider<CurrentUser> userProvider;
|
|
||||||
private final ChangeEditUtil changeEditUtil;
|
private final ChangeEditUtil changeEditUtil;
|
||||||
private final PatchSetUtil psUtil;
|
private final PatchSetUtil psUtil;
|
||||||
private final ChangeNotes.Factory changeNotesFactory;
|
private final ChangeNotes.Factory changeNotesFactory;
|
||||||
@@ -64,14 +62,12 @@ public class CatServlet extends HttpServlet {
|
|||||||
@Inject
|
@Inject
|
||||||
CatServlet(
|
CatServlet(
|
||||||
Provider<ReviewDb> sf,
|
Provider<ReviewDb> sf,
|
||||||
Provider<CurrentUser> usrprv,
|
|
||||||
ChangeEditUtil ceu,
|
ChangeEditUtil ceu,
|
||||||
PatchSetUtil psu,
|
PatchSetUtil psu,
|
||||||
ChangeNotes.Factory cnf,
|
ChangeNotes.Factory cnf,
|
||||||
PermissionBackend pb,
|
PermissionBackend pb,
|
||||||
ProjectCache pc) {
|
ProjectCache pc) {
|
||||||
requestDb = sf;
|
requestDb = sf;
|
||||||
userProvider = usrprv;
|
|
||||||
changeEditUtil = ceu;
|
changeEditUtil = ceu;
|
||||||
psUtil = psu;
|
psUtil = psu;
|
||||||
changeNotesFactory = cnf;
|
changeNotesFactory = cnf;
|
||||||
@@ -132,7 +128,7 @@ public class CatServlet extends HttpServlet {
|
|||||||
try {
|
try {
|
||||||
ChangeNotes notes = changeNotesFactory.createChecked(changeId);
|
ChangeNotes notes = changeNotesFactory.createChecked(changeId);
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(userProvider)
|
.currentUser()
|
||||||
.change(notes)
|
.change(notes)
|
||||||
.database(requestDb)
|
.database(requestDb)
|
||||||
.check(ChangePermission.READ);
|
.check(ChangePermission.READ);
|
||||||
|
|||||||
@@ -295,7 +295,7 @@ public class RestApiServlet extends HttpServlet {
|
|||||||
RestCollection<RestResource, RestResource> rc = members.get();
|
RestCollection<RestResource, RestResource> rc = members.get();
|
||||||
globals
|
globals
|
||||||
.permissionBackend
|
.permissionBackend
|
||||||
.user(globals.currentUser)
|
.user(globals.currentUser.get())
|
||||||
.checkAny(GlobalPermission.fromAnnotation(rc.getClass()));
|
.checkAny(GlobalPermission.fromAnnotation(rc.getClass()));
|
||||||
|
|
||||||
viewData = new ViewData(null, null);
|
viewData = new ViewData(null, null);
|
||||||
@@ -1189,7 +1189,7 @@ public class RestApiServlet extends HttpServlet {
|
|||||||
throws AuthException, PermissionBackendException {
|
throws AuthException, PermissionBackendException {
|
||||||
globals
|
globals
|
||||||
.permissionBackend
|
.permissionBackend
|
||||||
.user(globals.currentUser)
|
.user(globals.currentUser.get())
|
||||||
.checkAny(GlobalPermission.fromAnnotation(d.pluginName, d.view.getClass()));
|
.checkAny(GlobalPermission.fromAnnotation(d.pluginName, d.view.getClass()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -131,7 +131,7 @@ class ProjectAccessFactory extends Handler<ProjectAccess> {
|
|||||||
List<AccessSection> local = new ArrayList<>();
|
List<AccessSection> local = new ArrayList<>();
|
||||||
Set<String> ownerOf = new HashSet<>();
|
Set<String> ownerOf = new HashSet<>();
|
||||||
Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
|
Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
|
||||||
PermissionBackend.ForProject perm = permissionBackend.user(user).project(projectName);
|
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(projectName);
|
||||||
boolean checkReadConfig = check(perm, RefNames.REFS_CONFIG, READ);
|
boolean checkReadConfig = check(perm, RefNames.REFS_CONFIG, READ);
|
||||||
boolean canWriteProjectConfig = true;
|
boolean canWriteProjectConfig = true;
|
||||||
try {
|
try {
|
||||||
@@ -217,7 +217,7 @@ class ProjectAccessFactory extends Handler<ProjectAccess> {
|
|||||||
detail.setInheritsFrom(config.getProject().getParent(allProjectsName));
|
detail.setInheritsFrom(config.getProject().getParent(allProjectsName));
|
||||||
|
|
||||||
if (projectName.equals(allProjectsName)
|
if (projectName.equals(allProjectsName)
|
||||||
&& permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER)) {
|
&& permissionBackend.currentUser().testOrFalse(ADMINISTRATE_SERVER)) {
|
||||||
ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
|
ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -265,7 +265,7 @@ class ProjectAccessFactory extends Handler<ProjectAccess> {
|
|||||||
ResourceConflictException {
|
ResourceConflictException {
|
||||||
ProjectState state = projectCache.checkedGet(projectName);
|
ProjectState state = projectCache.checkedGet(projectName);
|
||||||
try {
|
try {
|
||||||
permissionBackend.user(user).project(projectName).check(ProjectPermission.ACCESS);
|
permissionBackend.currentUser().project(projectName).check(ProjectPermission.ACCESS);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
throw new NoSuchProjectException(projectName);
|
throw new NoSuchProjectException(projectName);
|
||||||
}
|
}
|
||||||
@@ -285,7 +285,7 @@ class ProjectAccessFactory extends Handler<ProjectAccess> {
|
|||||||
|
|
||||||
private boolean isAdmin() throws PermissionBackendException {
|
private boolean isAdmin() throws PermissionBackendException {
|
||||||
try {
|
try {
|
||||||
permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
return true;
|
return true;
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@@ -21,7 +21,6 @@ import com.google.gerrit.extensions.restapi.ChildCollection;
|
|||||||
import com.google.gerrit.extensions.restapi.IdString;
|
import com.google.gerrit.extensions.restapi.IdString;
|
||||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||||
import com.google.gerrit.extensions.restapi.RestView;
|
import com.google.gerrit.extensions.restapi.RestView;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.config.ConfigResource;
|
import com.google.gerrit.server.config.ConfigResource;
|
||||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
@@ -35,7 +34,6 @@ class MetricsCollection implements ChildCollection<ConfigResource, MetricResourc
|
|||||||
private final DynamicMap<RestView<MetricResource>> views;
|
private final DynamicMap<RestView<MetricResource>> views;
|
||||||
private final Provider<ListMetrics> list;
|
private final Provider<ListMetrics> list;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final DropWizardMetricMaker metrics;
|
private final DropWizardMetricMaker metrics;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
@@ -43,12 +41,10 @@ class MetricsCollection implements ChildCollection<ConfigResource, MetricResourc
|
|||||||
DynamicMap<RestView<MetricResource>> views,
|
DynamicMap<RestView<MetricResource>> views,
|
||||||
Provider<ListMetrics> list,
|
Provider<ListMetrics> list,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
DropWizardMetricMaker metrics) {
|
DropWizardMetricMaker metrics) {
|
||||||
this.views = views;
|
this.views = views;
|
||||||
this.list = list;
|
this.list = list;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.metrics = metrics;
|
this.metrics = metrics;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -65,7 +61,7 @@ class MetricsCollection implements ChildCollection<ConfigResource, MetricResourc
|
|||||||
@Override
|
@Override
|
||||||
public MetricResource parse(ConfigResource parent, IdString id)
|
public MetricResource parse(ConfigResource parent, IdString id)
|
||||||
throws ResourceNotFoundException, AuthException, PermissionBackendException {
|
throws ResourceNotFoundException, AuthException, PermissionBackendException {
|
||||||
permissionBackend.user(user).check(GlobalPermission.VIEW_CACHES);
|
permissionBackend.currentUser().check(GlobalPermission.VIEW_CACHES);
|
||||||
|
|
||||||
Metric metric = metrics.getMetric(id.get());
|
Metric metric = metrics.getMetric(id.get());
|
||||||
if (metric == null) {
|
if (metric == null) {
|
||||||
|
|||||||
@@ -100,7 +100,7 @@ public class AccountsImpl implements Accounts {
|
|||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
CreateAccount impl = createAccount.create(in.username);
|
CreateAccount impl = createAccount.create(in.username);
|
||||||
permissionBackend.user(self).checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
|
permissionBackend.currentUser().checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
|
||||||
AccountInfo info = impl.apply(TopLevelResource.INSTANCE, in).value();
|
AccountInfo info = impl.apply(TopLevelResource.INSTANCE, in).value();
|
||||||
return id(info._accountId);
|
return id(info._accountId);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
|||||||
@@ -26,7 +26,6 @@ import com.google.gerrit.extensions.restapi.BadRequestException;
|
|||||||
import com.google.gerrit.extensions.restapi.IdString;
|
import com.google.gerrit.extensions.restapi.IdString;
|
||||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||||
import com.google.gerrit.extensions.restapi.TopLevelResource;
|
import com.google.gerrit.extensions.restapi.TopLevelResource;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.project.ProjectResource;
|
import com.google.gerrit.server.project.ProjectResource;
|
||||||
@@ -49,7 +48,6 @@ class GroupsImpl implements Groups {
|
|||||||
private final ProjectsCollection projects;
|
private final ProjectsCollection projects;
|
||||||
private final Provider<ListGroups> listGroups;
|
private final Provider<ListGroups> listGroups;
|
||||||
private final Provider<QueryGroups> queryGroups;
|
private final Provider<QueryGroups> queryGroups;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final CreateGroup.Factory createGroup;
|
private final CreateGroup.Factory createGroup;
|
||||||
private final GroupApiImpl.Factory api;
|
private final GroupApiImpl.Factory api;
|
||||||
@@ -61,7 +59,6 @@ class GroupsImpl implements Groups {
|
|||||||
ProjectsCollection projects,
|
ProjectsCollection projects,
|
||||||
Provider<ListGroups> listGroups,
|
Provider<ListGroups> listGroups,
|
||||||
Provider<QueryGroups> queryGroups,
|
Provider<QueryGroups> queryGroups,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
CreateGroup.Factory createGroup,
|
CreateGroup.Factory createGroup,
|
||||||
GroupApiImpl.Factory api) {
|
GroupApiImpl.Factory api) {
|
||||||
@@ -70,7 +67,6 @@ class GroupsImpl implements Groups {
|
|||||||
this.projects = projects;
|
this.projects = projects;
|
||||||
this.listGroups = listGroups;
|
this.listGroups = listGroups;
|
||||||
this.queryGroups = queryGroups;
|
this.queryGroups = queryGroups;
|
||||||
this.user = user;
|
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.createGroup = createGroup;
|
this.createGroup = createGroup;
|
||||||
this.api = api;
|
this.api = api;
|
||||||
@@ -95,7 +91,7 @@ class GroupsImpl implements Groups {
|
|||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
CreateGroup impl = createGroup.create(in.name);
|
CreateGroup impl = createGroup.create(in.name);
|
||||||
permissionBackend.user(user).checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
|
permissionBackend.currentUser().checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
|
||||||
GroupInfo info = impl.apply(TopLevelResource.INSTANCE, in);
|
GroupInfo info = impl.apply(TopLevelResource.INSTANCE, in);
|
||||||
return id(info.id);
|
return id(info.id);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
|||||||
@@ -17,7 +17,6 @@ package com.google.gerrit.server.args4j;
|
|||||||
import com.google.gerrit.common.ProjectUtil;
|
import com.google.gerrit.common.ProjectUtil;
|
||||||
import com.google.gerrit.extensions.restapi.AuthException;
|
import com.google.gerrit.extensions.restapi.AuthException;
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.gerrit.server.permissions.ProjectPermission;
|
import com.google.gerrit.server.permissions.ProjectPermission;
|
||||||
@@ -25,7 +24,6 @@ import com.google.gerrit.server.project.NoSuchProjectException;
|
|||||||
import com.google.gerrit.server.project.ProjectCache;
|
import com.google.gerrit.server.project.ProjectCache;
|
||||||
import com.google.gerrit.server.project.ProjectState;
|
import com.google.gerrit.server.project.ProjectState;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.assistedinject.Assisted;
|
import com.google.inject.assistedinject.Assisted;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import org.kohsuke.args4j.CmdLineException;
|
import org.kohsuke.args4j.CmdLineException;
|
||||||
@@ -42,20 +40,17 @@ public class ProjectHandler extends OptionHandler<ProjectState> {
|
|||||||
|
|
||||||
private final ProjectCache projectCache;
|
private final ProjectCache projectCache;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
public ProjectHandler(
|
public ProjectHandler(
|
||||||
ProjectCache projectCache,
|
ProjectCache projectCache,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
@Assisted final CmdLineParser parser,
|
@Assisted final CmdLineParser parser,
|
||||||
@Assisted final OptionDef option,
|
@Assisted final OptionDef option,
|
||||||
@Assisted final Setter<ProjectState> setter) {
|
@Assisted final Setter<ProjectState> setter) {
|
||||||
super(parser, option, setter);
|
super(parser, option, setter);
|
||||||
this.projectCache = projectCache;
|
this.projectCache = projectCache;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -84,7 +79,7 @@ public class ProjectHandler extends OptionHandler<ProjectState> {
|
|||||||
if (state == null) {
|
if (state == null) {
|
||||||
throw new CmdLineException(owner, String.format("project %s not found", nameWithoutSuffix));
|
throw new CmdLineException(owner, String.format("project %s not found", nameWithoutSuffix));
|
||||||
}
|
}
|
||||||
permissionBackend.user(user).project(nameKey).check(ProjectPermission.ACCESS);
|
permissionBackend.currentUser().project(nameKey).check(ProjectPermission.ACCESS);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
throw new CmdLineException(owner, new NoSuchProjectException(nameKey).getMessage());
|
throw new CmdLineException(owner, new NoSuchProjectException(nameKey).getMessage());
|
||||||
} catch (PermissionBackendException | IOException e) {
|
} catch (PermissionBackendException | IOException e) {
|
||||||
|
|||||||
@@ -400,7 +400,7 @@ public class ChangeEditModifier {
|
|||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(currentUser)
|
.currentUser()
|
||||||
.database(reviewDb)
|
.database(reviewDb)
|
||||||
.change(notes)
|
.change(notes)
|
||||||
.check(ChangePermission.ADD_PATCH_SET);
|
.check(ChangePermission.ADD_PATCH_SET);
|
||||||
|
|||||||
@@ -31,13 +31,11 @@ import com.google.gerrit.extensions.restapi.RestView;
|
|||||||
import com.google.gerrit.extensions.webui.PrivateInternals_UiActionDescription;
|
import com.google.gerrit.extensions.webui.PrivateInternals_UiActionDescription;
|
||||||
import com.google.gerrit.extensions.webui.UiAction;
|
import com.google.gerrit.extensions.webui.UiAction;
|
||||||
import com.google.gerrit.extensions.webui.UiAction.Description;
|
import com.google.gerrit.extensions.webui.UiAction.Description;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendCondition;
|
import com.google.gerrit.server.permissions.PermissionBackendCondition;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
@@ -57,12 +55,10 @@ public class UiActions {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> userProvider;
|
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
UiActions(PermissionBackend permissionBackend, Provider<CurrentUser> userProvider) {
|
UiActions(PermissionBackend permissionBackend) {
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.userProvider = userProvider;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public <R extends RestResource> Iterable<UiAction.Description> from(
|
public <R extends RestResource> Iterable<UiAction.Description> from(
|
||||||
@@ -146,7 +142,7 @@ public class UiActions {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (!globalRequired.isEmpty()) {
|
if (!globalRequired.isEmpty()) {
|
||||||
PermissionBackend.WithUser withUser = permissionBackend.user(userProvider);
|
PermissionBackend.WithUser withUser = permissionBackend.currentUser();
|
||||||
Iterator<GlobalOrPluginPermission> i = globalRequired.iterator();
|
Iterator<GlobalOrPluginPermission> i = globalRequired.iterator();
|
||||||
BooleanCondition p = withUser.testCond(i.next());
|
BooleanCondition p = withUser.testCond(i.next());
|
||||||
while (i.hasNext()) {
|
while (i.hasNext()) {
|
||||||
|
|||||||
@@ -205,11 +205,7 @@ public class PatchScriptFactory implements Callable<PatchScript> {
|
|||||||
PatchSet psEntityB = psb.get() == 0 ? new PatchSet(psb) : psUtil.get(db, notes, psb);
|
PatchSet psEntityB = psb.get() == 0 ? new PatchSet(psb) : psUtil.get(db, notes, psb);
|
||||||
if (psEntityA != null || psEntityB != null) {
|
if (psEntityA != null || psEntityB != null) {
|
||||||
try {
|
try {
|
||||||
permissionBackend
|
permissionBackend.currentUser().change(notes).database(db).check(ChangePermission.READ);
|
||||||
.user(userProvider)
|
|
||||||
.change(notes)
|
|
||||||
.database(db)
|
|
||||||
.check(ChangePermission.READ);
|
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
throw new NoSuchChangeException(changeId);
|
throw new NoSuchChangeException(changeId);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -99,14 +99,6 @@ public abstract class PermissionBackend {
|
|||||||
*/
|
*/
|
||||||
public abstract WithUser user(CurrentUser user);
|
public abstract WithUser user(CurrentUser user);
|
||||||
|
|
||||||
/**
|
|
||||||
* @return lightweight factory scoped to answer for the specified user. If an instance scoped to
|
|
||||||
* the current user is desired, use {@code currentUser()} instead.
|
|
||||||
*/
|
|
||||||
public <U extends CurrentUser> WithUser user(Provider<U> user) {
|
|
||||||
return user(checkNotNull(user, "Provider<CurrentUser>").get());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Bulk evaluate a set of {@link PermissionBackendCondition} for view handling.
|
* Bulk evaluate a set of {@link PermissionBackendCondition} for view handling.
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -19,33 +19,28 @@ import com.google.gerrit.extensions.common.Input;
|
|||||||
import com.google.gerrit.extensions.common.PluginInfo;
|
import com.google.gerrit.extensions.common.PluginInfo;
|
||||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||||
import com.google.gerrit.server.IdentifiedUser;
|
|
||||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
|
|
||||||
@Singleton
|
@Singleton
|
||||||
public class DisablePlugin implements RestModifyView<PluginResource, Input> {
|
public class DisablePlugin implements RestModifyView<PluginResource, Input> {
|
||||||
|
|
||||||
private final PluginLoader loader;
|
private final PluginLoader loader;
|
||||||
private final Provider<IdentifiedUser> user;
|
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
DisablePlugin(
|
DisablePlugin(PluginLoader loader, PermissionBackend permissionBackend) {
|
||||||
PluginLoader loader, Provider<IdentifiedUser> user, PermissionBackend permissionBackend) {
|
|
||||||
this.loader = loader;
|
this.loader = loader;
|
||||||
this.user = user;
|
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PluginInfo apply(PluginResource resource, Input input) throws RestApiException {
|
public PluginInfo apply(PluginResource resource, Input input) throws RestApiException {
|
||||||
try {
|
try {
|
||||||
permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
} catch (PermissionBackendException e) {
|
} catch (PermissionBackendException e) {
|
||||||
throw new RestApiException("Could not check permission", e);
|
throw new RestApiException("Could not check permission", e);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -20,13 +20,11 @@ import com.google.common.collect.ArrayListMultimap;
|
|||||||
import com.google.common.collect.Multimap;
|
import com.google.common.collect.Multimap;
|
||||||
import com.google.gerrit.extensions.common.ProjectInfo;
|
import com.google.gerrit.extensions.common.ProjectInfo;
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.config.AllProjectsName;
|
import com.google.gerrit.server.config.AllProjectsName;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.gerrit.server.permissions.ProjectPermission;
|
import com.google.gerrit.server.permissions.ProjectPermission;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
@@ -38,7 +36,6 @@ import java.util.Map;
|
|||||||
public class ChildProjects {
|
public class ChildProjects {
|
||||||
private final ProjectCache projectCache;
|
private final ProjectCache projectCache;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final AllProjectsName allProjects;
|
private final AllProjectsName allProjects;
|
||||||
private final ProjectJson json;
|
private final ProjectJson json;
|
||||||
|
|
||||||
@@ -46,12 +43,10 @@ public class ChildProjects {
|
|||||||
ChildProjects(
|
ChildProjects(
|
||||||
ProjectCache projectCache,
|
ProjectCache projectCache,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
AllProjectsName allProjectsName,
|
AllProjectsName allProjectsName,
|
||||||
ProjectJson json) {
|
ProjectJson json) {
|
||||||
this.projectCache = projectCache;
|
this.projectCache = projectCache;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.allProjects = allProjectsName;
|
this.allProjects = allProjectsName;
|
||||||
this.json = json;
|
this.json = json;
|
||||||
}
|
}
|
||||||
@@ -60,7 +55,7 @@ public class ChildProjects {
|
|||||||
public List<ProjectInfo> list(Project.NameKey parent) throws PermissionBackendException {
|
public List<ProjectInfo> list(Project.NameKey parent) throws PermissionBackendException {
|
||||||
Map<Project.NameKey, Project> projects = readAllProjects();
|
Map<Project.NameKey, Project> projects = readAllProjects();
|
||||||
Multimap<Project.NameKey, Project.NameKey> children = parentToChildren(projects);
|
Multimap<Project.NameKey, Project.NameKey> children = parentToChildren(projects);
|
||||||
PermissionBackend.WithUser perm = permissionBackend.user(user);
|
PermissionBackend.WithUser perm = permissionBackend.currentUser();
|
||||||
|
|
||||||
List<ProjectInfo> results = new ArrayList<>();
|
List<ProjectInfo> results = new ArrayList<>();
|
||||||
depthFirstFormat(results, perm, projects, children, parent);
|
depthFirstFormat(results, perm, projects, children, parent);
|
||||||
|
|||||||
@@ -75,7 +75,7 @@ public class CreateRefControl {
|
|||||||
}
|
}
|
||||||
ps.checkStatePermitsWrite();
|
ps.checkStatePermitsWrite();
|
||||||
|
|
||||||
PermissionBackend.ForRef perm = permissionBackend.user(user).ref(branch);
|
PermissionBackend.ForRef perm = permissionBackend.user(user.get()).ref(branch);
|
||||||
if (object instanceof RevCommit) {
|
if (object instanceof RevCommit) {
|
||||||
perm.check(RefPermission.CREATE);
|
perm.check(RefPermission.CREATE);
|
||||||
checkCreateCommit(repo, (RevCommit) object, ps, perm);
|
checkCreateCommit(repo, (RevCommit) object, ps, perm);
|
||||||
@@ -105,7 +105,7 @@ public class CreateRefControl {
|
|||||||
|
|
||||||
// If the tag has a PGP signature, allow a lower level of permission
|
// If the tag has a PGP signature, allow a lower level of permission
|
||||||
// than if it doesn't have a PGP signature.
|
// than if it doesn't have a PGP signature.
|
||||||
PermissionBackend.ForRef forRef = permissionBackend.user(user).ref(branch);
|
PermissionBackend.ForRef forRef = permissionBackend.user(user.get()).ref(branch);
|
||||||
if (tag.getFullMessage().contains("-----BEGIN PGP SIGNATURE-----\n")) {
|
if (tag.getFullMessage().contains("-----BEGIN PGP SIGNATURE-----\n")) {
|
||||||
forRef.check(RefPermission.CREATE_SIGNED_TAG);
|
forRef.check(RefPermission.CREATE_SIGNED_TAG);
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -16,13 +16,11 @@ package com.google.gerrit.server.project;
|
|||||||
|
|
||||||
import com.google.common.collect.Iterables;
|
import com.google.common.collect.Iterables;
|
||||||
import com.google.common.collect.Maps;
|
import com.google.common.collect.Maps;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.change.IncludedInResolver;
|
import com.google.gerrit.server.change.IncludedInResolver;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend.RefFilterOptions;
|
import com.google.gerrit.server.permissions.PermissionBackend.RefFilterOptions;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
@@ -45,12 +43,10 @@ public class Reachable {
|
|||||||
private static final Logger log = LoggerFactory.getLogger(Reachable.class);
|
private static final Logger log = LoggerFactory.getLogger(Reachable.class);
|
||||||
|
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
Reachable(PermissionBackend permissionBackend, Provider<CurrentUser> user) {
|
Reachable(PermissionBackend permissionBackend) {
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** @return true if a commit is reachable from a given set of refs. */
|
/** @return true if a commit is reachable from a given set of refs. */
|
||||||
@@ -60,7 +56,7 @@ public class Reachable {
|
|||||||
// TODO(hiesel) Convert interface to Project.NameKey
|
// TODO(hiesel) Convert interface to Project.NameKey
|
||||||
Map<String, Ref> filtered =
|
Map<String, Ref> filtered =
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(user)
|
.currentUser()
|
||||||
.project(state.getNameKey())
|
.project(state.getNameKey())
|
||||||
.filter(refs, repo, RefFilterOptions.builder().setFilterTagsSeparately(true).build());
|
.filter(refs, repo, RefFilterOptions.builder().setFilterTagsSeparately(true).build());
|
||||||
return IncludedInResolver.includedInAny(repo, rw, commit, filtered.values());
|
return IncludedInResolver.includedInAny(repo, rw, commit, filtered.values());
|
||||||
|
|||||||
@@ -17,13 +17,11 @@ package com.google.gerrit.server.project;
|
|||||||
import static java.util.stream.Collectors.toList;
|
import static java.util.stream.Collectors.toList;
|
||||||
|
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.config.AllProjectsName;
|
import com.google.gerrit.server.config.AllProjectsName;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.gerrit.server.permissions.ProjectPermission;
|
import com.google.gerrit.server.permissions.ProjectPermission;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@@ -33,24 +31,19 @@ import java.util.Set;
|
|||||||
public class SuggestParentCandidates {
|
public class SuggestParentCandidates {
|
||||||
private final ProjectCache projectCache;
|
private final ProjectCache projectCache;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final AllProjectsName allProjects;
|
private final AllProjectsName allProjects;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
SuggestParentCandidates(
|
SuggestParentCandidates(
|
||||||
ProjectCache projectCache,
|
ProjectCache projectCache, PermissionBackend permissionBackend, AllProjectsName allProjects) {
|
||||||
PermissionBackend permissionBackend,
|
|
||||||
Provider<CurrentUser> user,
|
|
||||||
AllProjectsName allProjects) {
|
|
||||||
this.projectCache = projectCache;
|
this.projectCache = projectCache;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.allProjects = allProjects;
|
this.allProjects = allProjects;
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<Project.NameKey> getNameKeys() throws PermissionBackendException {
|
public List<Project.NameKey> getNameKeys() throws PermissionBackendException {
|
||||||
return permissionBackend
|
return permissionBackend
|
||||||
.user(user)
|
.currentUser()
|
||||||
.filter(ProjectPermission.ACCESS, parents())
|
.filter(ProjectPermission.ACCESS, parents())
|
||||||
.stream()
|
.stream()
|
||||||
.sorted()
|
.sorted()
|
||||||
|
|||||||
@@ -75,7 +75,7 @@ public class AddSshKey implements RestModifyView<AccountResource, SshKeyInput> {
|
|||||||
throws AuthException, BadRequestException, OrmException, IOException, ConfigInvalidException,
|
throws AuthException, BadRequestException, OrmException, IOException, ConfigInvalidException,
|
||||||
PermissionBackendException {
|
PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
return apply(rsrc.getUser(), input);
|
return apply(rsrc.getUser(), input);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ class Capabilities implements ChildCollection<AccountResource, AccountResource.C
|
|||||||
throws ResourceNotFoundException, AuthException, PermissionBackendException {
|
throws ResourceNotFoundException, AuthException, PermissionBackendException {
|
||||||
IdentifiedUser target = parent.getUser();
|
IdentifiedUser target = parent.getUser();
|
||||||
if (self.get() != target) {
|
if (self.get() != target) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
GlobalOrPluginPermission perm = parse(id);
|
GlobalOrPluginPermission perm = parse(id);
|
||||||
|
|||||||
@@ -98,7 +98,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (self.get() != rsrc.getUser() || input.noConfirmation) {
|
if (self.get() != rsrc.getUser() || input.noConfirmation) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!realm.allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL)) {
|
if (!realm.allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL)) {
|
||||||
|
|||||||
@@ -72,7 +72,7 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
|
|||||||
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException,
|
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException,
|
||||||
PermissionBackendException {
|
PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
return apply(rsrc.getUser(), rsrc.getEmail());
|
return apply(rsrc.getUser(), rsrc.getEmail());
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ public class DeleteExternalIds implements RestModifyView<AccountResource, List<S
|
|||||||
throws RestApiException, IOException, OrmException, ConfigInvalidException,
|
throws RestApiException, IOException, OrmException, ConfigInvalidException,
|
||||||
PermissionBackendException {
|
PermissionBackendException {
|
||||||
if (self.get() != resource.getUser()) {
|
if (self.get() != resource.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
|
permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (extIds == null || extIds.size() == 0) {
|
if (extIds == null || extIds.size() == 0) {
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ public class DeleteSshKey implements RestModifyView<AccountResource.SshKey, Inpu
|
|||||||
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
|
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
|
||||||
ConfigInvalidException, PermissionBackendException {
|
ConfigInvalidException, PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
authorizedKeys.deleteKey(rsrc.getUser().getAccountId(), rsrc.getSshKey().getKey().get());
|
authorizedKeys.deleteKey(rsrc.getUser().getAccountId(), rsrc.getSshKey().getKey().get());
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ public class DeleteWatchedProjects
|
|||||||
throws AuthException, UnprocessableEntityException, OrmException, IOException,
|
throws AuthException, UnprocessableEntityException, OrmException, IOException,
|
||||||
ConfigInvalidException, PermissionBackendException {
|
ConfigInvalidException, PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
if (input == null) {
|
if (input == null) {
|
||||||
return Response.none();
|
return Response.none();
|
||||||
|
|||||||
@@ -65,7 +65,7 @@ public class EmailsCollection
|
|||||||
public AccountResource.Email parse(AccountResource rsrc, IdString id)
|
public AccountResource.Email parse(AccountResource rsrc, IdString id)
|
||||||
throws ResourceNotFoundException, PermissionBackendException, AuthException {
|
throws ResourceNotFoundException, PermissionBackendException, AuthException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ("preferred".equals(id.get())) {
|
if ("preferred".equals(id.get())) {
|
||||||
|
|||||||
@@ -76,7 +76,7 @@ class GetCapabilities implements RestReadView<AccountResource> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Object apply(AccountResource rsrc) throws AuthException, PermissionBackendException {
|
public Object apply(AccountResource rsrc) throws AuthException, PermissionBackendException {
|
||||||
PermissionBackend.WithUser perm = permissionBackend.user(self);
|
PermissionBackend.WithUser perm = permissionBackend.currentUser();
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
perm.check(GlobalPermission.ADMINISTRATE_SERVER);
|
perm.check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
perm = permissionBackend.user(rsrc.getUser());
|
perm = permissionBackend.user(rsrc.getUser());
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ public class GetDiffPreferences implements RestReadView<AccountResource> {
|
|||||||
public DiffPreferencesInfo apply(AccountResource rsrc)
|
public DiffPreferencesInfo apply(AccountResource rsrc)
|
||||||
throws RestApiException, ConfigInvalidException, IOException, PermissionBackendException {
|
throws RestApiException, ConfigInvalidException, IOException, PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
Account.Id id = rsrc.getUser().getAccountId();
|
Account.Id id = rsrc.getUser().getAccountId();
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ public class GetEditPreferences implements RestReadView<AccountResource> {
|
|||||||
public EditPreferencesInfo apply(AccountResource rsrc)
|
public EditPreferencesInfo apply(AccountResource rsrc)
|
||||||
throws RestApiException, IOException, ConfigInvalidException, PermissionBackendException {
|
throws RestApiException, IOException, ConfigInvalidException, PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
|
|
||||||
Account.Id id = rsrc.getUser().getAccountId();
|
Account.Id id = rsrc.getUser().getAccountId();
|
||||||
|
|||||||
@@ -45,7 +45,7 @@ public class GetEmails implements RestReadView<AccountResource> {
|
|||||||
public List<EmailInfo> apply(AccountResource rsrc)
|
public List<EmailInfo> apply(AccountResource rsrc)
|
||||||
throws AuthException, PermissionBackendException {
|
throws AuthException, PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
|
|
||||||
List<EmailInfo> emails = new ArrayList<>();
|
List<EmailInfo> emails = new ArrayList<>();
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ public class GetExternalIds implements RestReadView<AccountResource> {
|
|||||||
public List<AccountExternalIdInfo> apply(AccountResource resource)
|
public List<AccountExternalIdInfo> apply(AccountResource resource)
|
||||||
throws RestApiException, IOException, OrmException, PermissionBackendException {
|
throws RestApiException, IOException, OrmException, PermissionBackendException {
|
||||||
if (self.get() != resource.getUser()) {
|
if (self.get() != resource.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
|
permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
|
||||||
}
|
}
|
||||||
|
|
||||||
Collection<ExternalId> ids = externalIds.byAccount(resource.getUser().getAccountId());
|
Collection<ExternalId> ids = externalIds.byAccount(resource.getUser().getAccountId());
|
||||||
|
|||||||
@@ -49,7 +49,7 @@ public class GetPreferences implements RestReadView<AccountResource> {
|
|||||||
public GeneralPreferencesInfo apply(AccountResource rsrc)
|
public GeneralPreferencesInfo apply(AccountResource rsrc)
|
||||||
throws RestApiException, PermissionBackendException {
|
throws RestApiException, PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
|
|
||||||
Account.Id id = rsrc.getUser().getAccountId();
|
Account.Id id = rsrc.getUser().getAccountId();
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ public class GetSshKeys implements RestReadView<AccountResource> {
|
|||||||
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
|
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
|
||||||
ConfigInvalidException, PermissionBackendException {
|
ConfigInvalidException, PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
return apply(rsrc.getUser());
|
return apply(rsrc.getUser());
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ public class GetWatchedProjects implements RestReadView<AccountResource> {
|
|||||||
throws OrmException, AuthException, IOException, ConfigInvalidException,
|
throws OrmException, AuthException, IOException, ConfigInvalidException,
|
||||||
PermissionBackendException, ResourceNotFoundException {
|
PermissionBackendException, ResourceNotFoundException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
Account.Id accountId = rsrc.getUser().getAccountId();
|
Account.Id accountId = rsrc.getUser().getAccountId();
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ public class Index implements RestModifyView<AccountResource, Input> {
|
|||||||
public Response<?> apply(AccountResource rsrc, Input input)
|
public Response<?> apply(AccountResource rsrc, Input input)
|
||||||
throws IOException, AuthException, PermissionBackendException {
|
throws IOException, AuthException, PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
|
|
||||||
accountIndexer.get().index(rsrc.getUser().getAccountId());
|
accountIndexer.get().index(rsrc.getUser().getAccountId());
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ public class PostWatchedProjects
|
|||||||
throws OrmException, RestApiException, IOException, ConfigInvalidException,
|
throws OrmException, RestApiException, IOException, ConfigInvalidException,
|
||||||
PermissionBackendException {
|
PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
Map<ProjectWatchKey, Set<NotifyType>> projectWatches = asMap(input);
|
Map<ProjectWatchKey, Set<NotifyType>> projectWatches = asMap(input);
|
||||||
|
|||||||
@@ -76,7 +76,7 @@ public class PutHttpPassword implements RestModifyView<AccountResource, HttpPass
|
|||||||
throws AuthException, ResourceNotFoundException, ResourceConflictException, OrmException,
|
throws AuthException, ResourceNotFoundException, ResourceConflictException, OrmException,
|
||||||
IOException, ConfigInvalidException, PermissionBackendException {
|
IOException, ConfigInvalidException, PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (input == null) {
|
if (input == null) {
|
||||||
@@ -91,7 +91,7 @@ public class PutHttpPassword implements RestModifyView<AccountResource, HttpPass
|
|||||||
newPassword = null;
|
newPassword = null;
|
||||||
} else {
|
} else {
|
||||||
// Only administrators can explicitly set the password.
|
// Only administrators can explicitly set the password.
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
newPassword = input.httpPassword;
|
newPassword = input.httpPassword;
|
||||||
}
|
}
|
||||||
return apply(rsrc.getUser(), newPassword);
|
return apply(rsrc.getUser(), newPassword);
|
||||||
|
|||||||
@@ -63,7 +63,7 @@ public class PutName implements RestModifyView<AccountResource, NameInput> {
|
|||||||
throws AuthException, MethodNotAllowedException, ResourceNotFoundException, OrmException,
|
throws AuthException, MethodNotAllowedException, ResourceNotFoundException, OrmException,
|
||||||
IOException, PermissionBackendException, ConfigInvalidException {
|
IOException, PermissionBackendException, ConfigInvalidException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
return apply(rsrc.getUser(), input);
|
return apply(rsrc.getUser(), input);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ public class PutPreferred implements RestModifyView<AccountResource.Email, Input
|
|||||||
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
||||||
PermissionBackendException, ConfigInvalidException {
|
PermissionBackendException, ConfigInvalidException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
return apply(rsrc.getUser(), rsrc.getEmail());
|
return apply(rsrc.getUser(), rsrc.getEmail());
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ public class PutStatus implements RestModifyView<AccountResource, StatusInput> {
|
|||||||
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
||||||
PermissionBackendException, ConfigInvalidException {
|
PermissionBackendException, ConfigInvalidException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
return apply(rsrc.getUser(), input);
|
return apply(rsrc.getUser(), input);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -75,7 +75,7 @@ public class PutUsername implements RestModifyView<AccountResource, UsernameInpu
|
|||||||
ResourceConflictException, OrmException, IOException, ConfigInvalidException,
|
ResourceConflictException, OrmException, IOException, ConfigInvalidException,
|
||||||
PermissionBackendException {
|
PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!realm.allowsEdit(AccountFieldName.USER_NAME)) {
|
if (!realm.allowsEdit(AccountFieldName.USER_NAME)) {
|
||||||
|
|||||||
@@ -170,7 +170,7 @@ public class QueryAccounts implements RestReadView<TopLevelResource> {
|
|||||||
}
|
}
|
||||||
boolean modifyAccountCapabilityChecked = false;
|
boolean modifyAccountCapabilityChecked = false;
|
||||||
if (options.contains(ListAccountsOption.ALL_EMAILS)) {
|
if (options.contains(ListAccountsOption.ALL_EMAILS)) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
modifyAccountCapabilityChecked = true;
|
modifyAccountCapabilityChecked = true;
|
||||||
fillOptions.add(FillOptions.EMAIL);
|
fillOptions.add(FillOptions.EMAIL);
|
||||||
fillOptions.add(FillOptions.SECONDARY_EMAILS);
|
fillOptions.add(FillOptions.SECONDARY_EMAILS);
|
||||||
@@ -180,7 +180,7 @@ public class QueryAccounts implements RestReadView<TopLevelResource> {
|
|||||||
fillOptions.add(FillOptions.EMAIL);
|
fillOptions.add(FillOptions.EMAIL);
|
||||||
|
|
||||||
if (modifyAccountCapabilityChecked
|
if (modifyAccountCapabilityChecked
|
||||||
|| permissionBackend.user(self).test(GlobalPermission.MODIFY_ACCOUNT)) {
|
|| permissionBackend.currentUser().test(GlobalPermission.MODIFY_ACCOUNT)) {
|
||||||
fillOptions.add(FillOptions.SECONDARY_EMAILS);
|
fillOptions.add(FillOptions.SECONDARY_EMAILS);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ public class SetDiffPreferences implements RestModifyView<AccountResource, DiffP
|
|||||||
throws RestApiException, ConfigInvalidException, RepositoryNotFoundException, IOException,
|
throws RestApiException, ConfigInvalidException, RepositoryNotFoundException, IOException,
|
||||||
PermissionBackendException, OrmException {
|
PermissionBackendException, OrmException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (input == null) {
|
if (input == null) {
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ public class SetEditPreferences implements RestModifyView<AccountResource, EditP
|
|||||||
throws RestApiException, RepositoryNotFoundException, IOException, ConfigInvalidException,
|
throws RestApiException, RepositoryNotFoundException, IOException, ConfigInvalidException,
|
||||||
PermissionBackendException, OrmException {
|
PermissionBackendException, OrmException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (input == null) {
|
if (input == null) {
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ public class SetPreferences implements RestModifyView<AccountResource, GeneralPr
|
|||||||
throws RestApiException, IOException, ConfigInvalidException, PermissionBackendException,
|
throws RestApiException, IOException, ConfigInvalidException, PermissionBackendException,
|
||||||
OrmException {
|
OrmException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
}
|
}
|
||||||
|
|
||||||
checkDownloadScheme(input.downloadScheme);
|
checkDownloadScheme(input.downloadScheme);
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ public class SshKeys implements ChildCollection<AccountResource, AccountResource
|
|||||||
PermissionBackendException {
|
PermissionBackendException {
|
||||||
if (self.get() != rsrc.getUser()) {
|
if (self.get() != rsrc.getUser()) {
|
||||||
try {
|
try {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
// If lacking MODIFY_ACCOUNT claim the resource does not exist.
|
// If lacking MODIFY_ACCOUNT claim the resource does not exist.
|
||||||
throw new ResourceNotFoundException();
|
throw new ResourceNotFoundException();
|
||||||
|
|||||||
@@ -137,7 +137,7 @@ public class ChangesCollection
|
|||||||
|
|
||||||
private boolean canRead(ChangeNotes notes) throws PermissionBackendException, IOException {
|
private boolean canRead(ChangeNotes notes) throws PermissionBackendException, IOException {
|
||||||
try {
|
try {
|
||||||
permissionBackend.user(user).change(notes).database(db).check(ChangePermission.READ);
|
permissionBackend.currentUser().change(notes).database(db).check(ChangePermission.READ);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -22,7 +22,6 @@ import com.google.gerrit.extensions.restapi.Response;
|
|||||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.change.ChangeJson;
|
import com.google.gerrit.server.change.ChangeJson;
|
||||||
import com.google.gerrit.server.change.ChangeResource;
|
import com.google.gerrit.server.change.ChangeResource;
|
||||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||||
@@ -32,7 +31,6 @@ import com.google.gerrit.server.permissions.ProjectPermission;
|
|||||||
import com.google.gerrit.server.project.NoSuchProjectException;
|
import com.google.gerrit.server.project.NoSuchProjectException;
|
||||||
import com.google.gwtorm.server.OrmException;
|
import com.google.gwtorm.server.OrmException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import javax.inject.Singleton;
|
import javax.inject.Singleton;
|
||||||
|
|
||||||
@@ -40,13 +38,11 @@ import javax.inject.Singleton;
|
|||||||
public class Check
|
public class Check
|
||||||
implements RestReadView<ChangeResource>, RestModifyView<ChangeResource, FixInput> {
|
implements RestReadView<ChangeResource>, RestModifyView<ChangeResource, FixInput> {
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final ChangeJson.Factory jsonFactory;
|
private final ChangeJson.Factory jsonFactory;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
Check(PermissionBackend permissionBackend, Provider<CurrentUser> user, ChangeJson.Factory json) {
|
Check(PermissionBackend permissionBackend, ChangeJson.Factory json) {
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.jsonFactory = json;
|
this.jsonFactory = json;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -59,7 +55,7 @@ public class Check
|
|||||||
public Response<ChangeInfo> apply(ChangeResource rsrc, FixInput input)
|
public Response<ChangeInfo> apply(ChangeResource rsrc, FixInput input)
|
||||||
throws RestApiException, OrmException, PermissionBackendException, NoSuchProjectException,
|
throws RestApiException, OrmException, PermissionBackendException, NoSuchProjectException,
|
||||||
IOException {
|
IOException {
|
||||||
PermissionBackend.WithUser perm = permissionBackend.user(user);
|
PermissionBackend.WithUser perm = permissionBackend.currentUser();
|
||||||
if (!rsrc.isUserOwner()) {
|
if (!rsrc.isUserOwner()) {
|
||||||
try {
|
try {
|
||||||
perm.project(rsrc.getProject()).check(ProjectPermission.READ_CONFIG);
|
perm.project(rsrc.getProject()).check(ProjectPermission.READ_CONFIG);
|
||||||
|
|||||||
@@ -25,7 +25,6 @@ import com.google.gerrit.extensions.webui.UiAction;
|
|||||||
import com.google.gerrit.reviewdb.client.Branch;
|
import com.google.gerrit.reviewdb.client.Branch;
|
||||||
import com.google.gerrit.reviewdb.client.Change;
|
import com.google.gerrit.reviewdb.client.Change;
|
||||||
import com.google.gerrit.reviewdb.client.RefNames;
|
import com.google.gerrit.reviewdb.client.RefNames;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.change.ChangeJson;
|
import com.google.gerrit.server.change.ChangeJson;
|
||||||
import com.google.gerrit.server.change.RevisionResource;
|
import com.google.gerrit.server.change.RevisionResource;
|
||||||
import com.google.gerrit.server.git.IntegrationException;
|
import com.google.gerrit.server.git.IntegrationException;
|
||||||
@@ -44,7 +43,6 @@ import com.google.gerrit.server.update.RetryingRestModifyView;
|
|||||||
import com.google.gerrit.server.update.UpdateException;
|
import com.google.gerrit.server.update.UpdateException;
|
||||||
import com.google.gwtorm.server.OrmException;
|
import com.google.gwtorm.server.OrmException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import org.eclipse.jgit.errors.ConfigInvalidException;
|
import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||||
@@ -57,7 +55,6 @@ public class CherryPick
|
|||||||
implements UiAction<RevisionResource> {
|
implements UiAction<RevisionResource> {
|
||||||
private static final Logger log = LoggerFactory.getLogger(CherryPick.class);
|
private static final Logger log = LoggerFactory.getLogger(CherryPick.class);
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final CherryPickChange cherryPickChange;
|
private final CherryPickChange cherryPickChange;
|
||||||
private final ChangeJson.Factory json;
|
private final ChangeJson.Factory json;
|
||||||
private final ContributorAgreementsChecker contributorAgreements;
|
private final ContributorAgreementsChecker contributorAgreements;
|
||||||
@@ -66,7 +63,6 @@ public class CherryPick
|
|||||||
@Inject
|
@Inject
|
||||||
CherryPick(
|
CherryPick(
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
RetryHelper retryHelper,
|
RetryHelper retryHelper,
|
||||||
CherryPickChange cherryPickChange,
|
CherryPickChange cherryPickChange,
|
||||||
ChangeJson.Factory json,
|
ChangeJson.Factory json,
|
||||||
@@ -74,7 +70,6 @@ public class CherryPick
|
|||||||
ProjectCache projectCache) {
|
ProjectCache projectCache) {
|
||||||
super(retryHelper);
|
super(retryHelper);
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.cherryPickChange = cherryPickChange;
|
this.cherryPickChange = cherryPickChange;
|
||||||
this.json = json;
|
this.json = json;
|
||||||
this.contributorAgreements = contributorAgreements;
|
this.contributorAgreements = contributorAgreements;
|
||||||
@@ -97,7 +92,7 @@ public class CherryPick
|
|||||||
contributorAgreements.check(rsrc.getProject(), rsrc.getUser());
|
contributorAgreements.check(rsrc.getProject(), rsrc.getUser());
|
||||||
|
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(user)
|
.currentUser()
|
||||||
.project(rsrc.getChange().getProject())
|
.project(rsrc.getChange().getProject())
|
||||||
.ref(refName)
|
.ref(refName)
|
||||||
.check(RefPermission.CREATE_CHANGE);
|
.check(RefPermission.CREATE_CHANGE);
|
||||||
@@ -134,7 +129,7 @@ public class CherryPick
|
|||||||
and(
|
and(
|
||||||
rsrc.isCurrent() && projectStatePermitsWrite,
|
rsrc.isCurrent() && projectStatePermitsWrite,
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(user)
|
.currentUser()
|
||||||
.project(rsrc.getProject())
|
.project(rsrc.getProject())
|
||||||
.testCond(ProjectPermission.CREATE_CHANGE)));
|
.testCond(ProjectPermission.CREATE_CHANGE)));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -90,7 +90,7 @@ public class CherryPickCommit
|
|||||||
String refName = RefNames.fullName(destination);
|
String refName = RefNames.fullName(destination);
|
||||||
contributorAgreements.check(projectName, user.get());
|
contributorAgreements.check(projectName, user.get());
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(user)
|
.currentUser()
|
||||||
.project(projectName)
|
.project(projectName)
|
||||||
.ref(refName)
|
.ref(refName)
|
||||||
.check(RefPermission.CREATE_CHANGE);
|
.check(RefPermission.CREATE_CHANGE);
|
||||||
|
|||||||
@@ -192,7 +192,11 @@ public class CreateChange
|
|||||||
|
|
||||||
Project.NameKey project = rsrc.getNameKey();
|
Project.NameKey project = rsrc.getNameKey();
|
||||||
String refName = RefNames.fullName(input.branch);
|
String refName = RefNames.fullName(input.branch);
|
||||||
permissionBackend.user(user).project(project).ref(refName).check(RefPermission.CREATE_CHANGE);
|
permissionBackend
|
||||||
|
.currentUser()
|
||||||
|
.project(project)
|
||||||
|
.ref(refName)
|
||||||
|
.check(RefPermission.CREATE_CHANGE);
|
||||||
rsrc.getProjectState().checkStatePermitsWrite();
|
rsrc.getProjectState().checkStatePermitsWrite();
|
||||||
|
|
||||||
try (Repository git = gitManager.openRepository(project);
|
try (Repository git = gitManager.openRepository(project);
|
||||||
@@ -208,7 +212,7 @@ public class CreateChange
|
|||||||
}
|
}
|
||||||
ChangeNotes change = Iterables.getOnlyElement(notes);
|
ChangeNotes change = Iterables.getOnlyElement(notes);
|
||||||
try {
|
try {
|
||||||
permissionBackend.user(user).change(change).database(db).check(ChangePermission.READ);
|
permissionBackend.currentUser().change(change).database(db).check(ChangePermission.READ);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
throw new UnprocessableEntityException("Read not permitted for " + input.baseChange);
|
throw new UnprocessableEntityException("Read not permitted for " + input.baseChange);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -210,7 +210,7 @@ public class CreateMergePatchSet
|
|||||||
}
|
}
|
||||||
ChangeNotes change = Iterables.getOnlyElement(notes);
|
ChangeNotes change = Iterables.getOnlyElement(notes);
|
||||||
try {
|
try {
|
||||||
permissionBackend.user(user).change(change).database(db).check(ChangePermission.READ);
|
permissionBackend.currentUser().change(change).database(db).check(ChangePermission.READ);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
throw new UnprocessableEntityException("Read not permitted for " + baseChange);
|
throw new UnprocessableEntityException("Read not permitted for " + baseChange);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -18,7 +18,6 @@ import com.google.gerrit.extensions.common.Input;
|
|||||||
import com.google.gerrit.extensions.restapi.AuthException;
|
import com.google.gerrit.extensions.restapi.AuthException;
|
||||||
import com.google.gerrit.extensions.restapi.Response;
|
import com.google.gerrit.extensions.restapi.Response;
|
||||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.change.ChangeResource;
|
import com.google.gerrit.server.change.ChangeResource;
|
||||||
import com.google.gerrit.server.index.change.ChangeIndexer;
|
import com.google.gerrit.server.index.change.ChangeIndexer;
|
||||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||||
@@ -38,7 +37,6 @@ public class Index extends RetryingRestModifyView<ChangeResource, Input, Respons
|
|||||||
|
|
||||||
private final Provider<ReviewDb> db;
|
private final Provider<ReviewDb> db;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final ChangeIndexer indexer;
|
private final ChangeIndexer indexer;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
@@ -46,12 +44,10 @@ public class Index extends RetryingRestModifyView<ChangeResource, Input, Respons
|
|||||||
Provider<ReviewDb> db,
|
Provider<ReviewDb> db,
|
||||||
RetryHelper retryHelper,
|
RetryHelper retryHelper,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
ChangeIndexer indexer) {
|
ChangeIndexer indexer) {
|
||||||
super(retryHelper);
|
super(retryHelper);
|
||||||
this.db = db;
|
this.db = db;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.indexer = indexer;
|
this.indexer = indexer;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -59,7 +55,7 @@ public class Index extends RetryingRestModifyView<ChangeResource, Input, Respons
|
|||||||
protected Response<?> applyImpl(
|
protected Response<?> applyImpl(
|
||||||
BatchUpdate.Factory updateFactory, ChangeResource rsrc, Input input)
|
BatchUpdate.Factory updateFactory, ChangeResource rsrc, Input input)
|
||||||
throws IOException, AuthException, OrmException, PermissionBackendException {
|
throws IOException, AuthException, OrmException, PermissionBackendException {
|
||||||
permissionBackend.user(user).check(GlobalPermission.MAINTAIN_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.MAINTAIN_SERVER);
|
||||||
indexer.index(db.get(), rsrc.getChange());
|
indexer.index(db.get(), rsrc.getChange());
|
||||||
return Response.none();
|
return Response.none();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -360,7 +360,7 @@ public class PostReviewers
|
|||||||
ListMultimap<RecipientType, Account.Id> accountsToNotify)
|
ListMultimap<RecipientType, Account.Id> accountsToNotify)
|
||||||
throws PermissionBackendException {
|
throws PermissionBackendException {
|
||||||
if (!permissionBackend
|
if (!permissionBackend
|
||||||
.user(anonymousProvider)
|
.user(anonymousProvider.get())
|
||||||
.change(rsrc.getNotes())
|
.change(rsrc.getNotes())
|
||||||
.database(dbProvider)
|
.database(dbProvider)
|
||||||
.test(ChangePermission.READ)) {
|
.test(ChangePermission.READ)) {
|
||||||
|
|||||||
@@ -29,7 +29,6 @@ import com.google.gerrit.reviewdb.client.Change;
|
|||||||
import com.google.gerrit.reviewdb.client.PatchSet;
|
import com.google.gerrit.reviewdb.client.PatchSet;
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||||
import com.google.gerrit.server.permissions.ChangePermission;
|
import com.google.gerrit.server.permissions.ChangePermission;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
@@ -64,20 +63,17 @@ class RelatedChangesSorter {
|
|||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<ReviewDb> dbProvider;
|
private final Provider<ReviewDb> dbProvider;
|
||||||
private final ProjectCache projectCache;
|
private final ProjectCache projectCache;
|
||||||
private final Provider<CurrentUser> currentUserProvider;
|
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
RelatedChangesSorter(
|
RelatedChangesSorter(
|
||||||
GitRepositoryManager repoManager,
|
GitRepositoryManager repoManager,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<ReviewDb> dbProvider,
|
Provider<ReviewDb> dbProvider,
|
||||||
ProjectCache projectCache,
|
ProjectCache projectCache) {
|
||||||
Provider<CurrentUser> currentUserProvider) {
|
|
||||||
this.repoManager = repoManager;
|
this.repoManager = repoManager;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.dbProvider = dbProvider;
|
this.dbProvider = dbProvider;
|
||||||
this.projectCache = projectCache;
|
this.projectCache = projectCache;
|
||||||
this.currentUserProvider = currentUserProvider;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<PatchSetData> sort(List<ChangeData> in, PatchSet startPs)
|
public List<PatchSetData> sort(List<ChangeData> in, PatchSet startPs)
|
||||||
@@ -239,8 +235,7 @@ class RelatedChangesSorter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private boolean isVisible(PatchSetData psd) throws PermissionBackendException, IOException {
|
private boolean isVisible(PatchSetData psd) throws PermissionBackendException, IOException {
|
||||||
PermissionBackend.WithUser perm =
|
PermissionBackend.WithUser perm = permissionBackend.currentUser().database(dbProvider);
|
||||||
permissionBackend.user(currentUserProvider).database(dbProvider);
|
|
||||||
try {
|
try {
|
||||||
perm.change(psd.data()).check(ChangePermission.READ);
|
perm.change(psd.data()).check(ChangePermission.READ);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
|
|||||||
@@ -286,7 +286,7 @@ public class ReviewersUtil {
|
|||||||
private List<SuggestedReviewerInfo> loadAccounts(List<Account.Id> accountIds)
|
private List<SuggestedReviewerInfo> loadAccounts(List<Account.Id> accountIds)
|
||||||
throws OrmException, PermissionBackendException {
|
throws OrmException, PermissionBackendException {
|
||||||
Set<FillOptions> fillOptions =
|
Set<FillOptions> fillOptions =
|
||||||
permissionBackend.user(self).test(GlobalPermission.MODIFY_ACCOUNT)
|
permissionBackend.currentUser().test(GlobalPermission.MODIFY_ACCOUNT)
|
||||||
? EnumSet.of(FillOptions.SECONDARY_EMAILS)
|
? EnumSet.of(FillOptions.SECONDARY_EMAILS)
|
||||||
: EnumSet.noneOf(FillOptions.class);
|
: EnumSet.noneOf(FillOptions.class);
|
||||||
fillOptions.addAll(AccountLoader.DETAILED_OPTIONS);
|
fillOptions.addAll(AccountLoader.DETAILED_OPTIONS);
|
||||||
|
|||||||
@@ -67,7 +67,7 @@ public class SetReadyForReview extends RetryingRestModifyView<ChangeResource, In
|
|||||||
throws RestApiException, UpdateException, PermissionBackendException {
|
throws RestApiException, UpdateException, PermissionBackendException {
|
||||||
Change change = rsrc.getChange();
|
Change change = rsrc.getChange();
|
||||||
if (!rsrc.isUserOwner()
|
if (!rsrc.isUserOwner()
|
||||||
&& !permissionBackend.user(self).test(GlobalPermission.ADMINISTRATE_SERVER)) {
|
&& !permissionBackend.currentUser().test(GlobalPermission.ADMINISTRATE_SERVER)) {
|
||||||
throw new AuthException("not allowed to set ready for review");
|
throw new AuthException("not allowed to set ready for review");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -24,7 +24,6 @@ import com.google.gerrit.reviewdb.client.Change;
|
|||||||
import com.google.gerrit.reviewdb.client.Change.Status;
|
import com.google.gerrit.reviewdb.client.Change.Status;
|
||||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||||
import com.google.gerrit.server.ChangeUtil;
|
import com.google.gerrit.server.ChangeUtil;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.change.ChangeResource;
|
import com.google.gerrit.server.change.ChangeResource;
|
||||||
import com.google.gerrit.server.change.WorkInProgressOp;
|
import com.google.gerrit.server.change.WorkInProgressOp;
|
||||||
import com.google.gerrit.server.change.WorkInProgressOp.Input;
|
import com.google.gerrit.server.change.WorkInProgressOp.Input;
|
||||||
@@ -44,7 +43,6 @@ public class SetWorkInProgress extends RetryingRestModifyView<ChangeResource, In
|
|||||||
implements UiAction<ChangeResource> {
|
implements UiAction<ChangeResource> {
|
||||||
private final WorkInProgressOp.Factory opFactory;
|
private final WorkInProgressOp.Factory opFactory;
|
||||||
private final Provider<ReviewDb> db;
|
private final Provider<ReviewDb> db;
|
||||||
private final Provider<CurrentUser> self;
|
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
@@ -52,12 +50,10 @@ public class SetWorkInProgress extends RetryingRestModifyView<ChangeResource, In
|
|||||||
WorkInProgressOp.Factory opFactory,
|
WorkInProgressOp.Factory opFactory,
|
||||||
RetryHelper retryHelper,
|
RetryHelper retryHelper,
|
||||||
Provider<ReviewDb> db,
|
Provider<ReviewDb> db,
|
||||||
Provider<CurrentUser> self,
|
|
||||||
PermissionBackend permissionBackend) {
|
PermissionBackend permissionBackend) {
|
||||||
super(retryHelper);
|
super(retryHelper);
|
||||||
this.opFactory = opFactory;
|
this.opFactory = opFactory;
|
||||||
this.db = db;
|
this.db = db;
|
||||||
this.self = self;
|
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -68,7 +64,7 @@ public class SetWorkInProgress extends RetryingRestModifyView<ChangeResource, In
|
|||||||
Change change = rsrc.getChange();
|
Change change = rsrc.getChange();
|
||||||
|
|
||||||
if (!rsrc.isUserOwner()
|
if (!rsrc.isUserOwner()
|
||||||
&& !permissionBackend.user(self).test(GlobalPermission.ADMINISTRATE_SERVER)) {
|
&& !permissionBackend.currentUser().test(GlobalPermission.ADMINISTRATE_SERVER)) {
|
||||||
throw new AuthException("not allowed to set work in progress");
|
throw new AuthException("not allowed to set work in progress");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -88,7 +88,7 @@ public class SuggestChangeReviewers extends SuggestReviewers
|
|||||||
private VisibilityControl getVisibility(ChangeResource rsrc) {
|
private VisibilityControl getVisibility(ChangeResource rsrc) {
|
||||||
// Use the destination reference, not the change, as private changes deny anyone who is not
|
// Use the destination reference, not the change, as private changes deny anyone who is not
|
||||||
// already a reviewer.
|
// already a reviewer.
|
||||||
PermissionBackend.ForRef perm = permissionBackend.user(self).ref(rsrc.getChange().getDest());
|
PermissionBackend.ForRef perm = permissionBackend.currentUser().ref(rsrc.getChange().getDest());
|
||||||
return new VisibilityControl() {
|
return new VisibilityControl() {
|
||||||
@Override
|
@Override
|
||||||
public boolean isVisibleTo(Account.Id account) throws OrmException {
|
public boolean isVisibleTo(Account.Id account) throws OrmException {
|
||||||
|
|||||||
@@ -27,7 +27,6 @@ import com.google.gerrit.extensions.restapi.IdString;
|
|||||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||||
import com.google.gerrit.extensions.restapi.RestView;
|
import com.google.gerrit.extensions.restapi.RestView;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.config.CacheResource;
|
import com.google.gerrit.server.config.CacheResource;
|
||||||
import com.google.gerrit.server.config.ConfigResource;
|
import com.google.gerrit.server.config.ConfigResource;
|
||||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||||
@@ -45,7 +44,6 @@ public class CachesCollection
|
|||||||
private final DynamicMap<RestView<CacheResource>> views;
|
private final DynamicMap<RestView<CacheResource>> views;
|
||||||
private final Provider<ListCaches> list;
|
private final Provider<ListCaches> list;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> self;
|
|
||||||
private final DynamicMap<Cache<?, ?>> cacheMap;
|
private final DynamicMap<Cache<?, ?>> cacheMap;
|
||||||
private final PostCaches postCaches;
|
private final PostCaches postCaches;
|
||||||
|
|
||||||
@@ -54,13 +52,11 @@ public class CachesCollection
|
|||||||
DynamicMap<RestView<CacheResource>> views,
|
DynamicMap<RestView<CacheResource>> views,
|
||||||
Provider<ListCaches> list,
|
Provider<ListCaches> list,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> self,
|
|
||||||
DynamicMap<Cache<?, ?>> cacheMap,
|
DynamicMap<Cache<?, ?>> cacheMap,
|
||||||
PostCaches postCaches) {
|
PostCaches postCaches) {
|
||||||
this.views = views;
|
this.views = views;
|
||||||
this.list = list;
|
this.list = list;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.self = self;
|
|
||||||
this.cacheMap = cacheMap;
|
this.cacheMap = cacheMap;
|
||||||
this.postCaches = postCaches;
|
this.postCaches = postCaches;
|
||||||
}
|
}
|
||||||
@@ -73,7 +69,7 @@ public class CachesCollection
|
|||||||
@Override
|
@Override
|
||||||
public CacheResource parse(ConfigResource parent, IdString id)
|
public CacheResource parse(ConfigResource parent, IdString id)
|
||||||
throws AuthException, ResourceNotFoundException, PermissionBackendException {
|
throws AuthException, ResourceNotFoundException, PermissionBackendException {
|
||||||
permissionBackend.user(self).check(GlobalPermission.VIEW_CACHES);
|
permissionBackend.currentUser().check(GlobalPermission.VIEW_CACHES);
|
||||||
|
|
||||||
String cacheName = id.get();
|
String cacheName = id.get();
|
||||||
String pluginName = "gerrit";
|
String pluginName = "gerrit";
|
||||||
|
|||||||
@@ -22,7 +22,6 @@ import com.google.gerrit.extensions.api.config.ConsistencyCheckInput;
|
|||||||
import com.google.gerrit.extensions.restapi.BadRequestException;
|
import com.google.gerrit.extensions.restapi.BadRequestException;
|
||||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.account.AccountsConsistencyChecker;
|
import com.google.gerrit.server.account.AccountsConsistencyChecker;
|
||||||
import com.google.gerrit.server.account.externalids.ExternalIdsConsistencyChecker;
|
import com.google.gerrit.server.account.externalids.ExternalIdsConsistencyChecker;
|
||||||
import com.google.gerrit.server.config.ConfigResource;
|
import com.google.gerrit.server.config.ConfigResource;
|
||||||
@@ -32,7 +31,6 @@ import com.google.gerrit.server.permissions.PermissionBackend;
|
|||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.gwtorm.server.OrmException;
|
import com.google.gwtorm.server.OrmException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import org.eclipse.jgit.errors.ConfigInvalidException;
|
import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||||
@@ -40,7 +38,6 @@ import org.eclipse.jgit.errors.ConfigInvalidException;
|
|||||||
@Singleton
|
@Singleton
|
||||||
public class CheckConsistency implements RestModifyView<ConfigResource, ConsistencyCheckInput> {
|
public class CheckConsistency implements RestModifyView<ConfigResource, ConsistencyCheckInput> {
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final AccountsConsistencyChecker accountsConsistencyChecker;
|
private final AccountsConsistencyChecker accountsConsistencyChecker;
|
||||||
private final ExternalIdsConsistencyChecker externalIdsConsistencyChecker;
|
private final ExternalIdsConsistencyChecker externalIdsConsistencyChecker;
|
||||||
private final GroupsConsistencyChecker groupsConsistencyChecker;
|
private final GroupsConsistencyChecker groupsConsistencyChecker;
|
||||||
@@ -48,12 +45,10 @@ public class CheckConsistency implements RestModifyView<ConfigResource, Consiste
|
|||||||
@Inject
|
@Inject
|
||||||
CheckConsistency(
|
CheckConsistency(
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
AccountsConsistencyChecker accountsConsistencyChecker,
|
AccountsConsistencyChecker accountsConsistencyChecker,
|
||||||
ExternalIdsConsistencyChecker externalIdsConsistencyChecker,
|
ExternalIdsConsistencyChecker externalIdsConsistencyChecker,
|
||||||
GroupsConsistencyChecker groupsChecker) {
|
GroupsConsistencyChecker groupsChecker) {
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.accountsConsistencyChecker = accountsConsistencyChecker;
|
this.accountsConsistencyChecker = accountsConsistencyChecker;
|
||||||
this.externalIdsConsistencyChecker = externalIdsConsistencyChecker;
|
this.externalIdsConsistencyChecker = externalIdsConsistencyChecker;
|
||||||
this.groupsConsistencyChecker = groupsChecker;
|
this.groupsConsistencyChecker = groupsChecker;
|
||||||
@@ -63,7 +58,7 @@ public class CheckConsistency implements RestModifyView<ConfigResource, Consiste
|
|||||||
public ConsistencyCheckInfo apply(ConfigResource resource, ConsistencyCheckInput input)
|
public ConsistencyCheckInfo apply(ConfigResource resource, ConsistencyCheckInput input)
|
||||||
throws RestApiException, IOException, OrmException, PermissionBackendException,
|
throws RestApiException, IOException, OrmException, PermissionBackendException,
|
||||||
ConfigInvalidException {
|
ConfigInvalidException {
|
||||||
permissionBackend.user(user).check(GlobalPermission.ACCESS_DATABASE);
|
permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
|
||||||
|
|
||||||
if (input == null
|
if (input == null
|
||||||
|| (input.checkAccounts == null
|
|| (input.checkAccounts == null
|
||||||
|
|||||||
@@ -22,13 +22,11 @@ import com.google.gerrit.extensions.common.Input;
|
|||||||
import com.google.gerrit.extensions.restapi.AuthException;
|
import com.google.gerrit.extensions.restapi.AuthException;
|
||||||
import com.google.gerrit.extensions.restapi.Response;
|
import com.google.gerrit.extensions.restapi.Response;
|
||||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.config.CacheResource;
|
import com.google.gerrit.server.config.CacheResource;
|
||||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
|
|
||||||
@RequiresAnyCapability({FLUSH_CACHES, MAINTAIN_SERVER})
|
@RequiresAnyCapability({FLUSH_CACHES, MAINTAIN_SERVER})
|
||||||
@@ -38,19 +36,17 @@ public class FlushCache implements RestModifyView<CacheResource, Input> {
|
|||||||
public static final String WEB_SESSIONS = "web_sessions";
|
public static final String WEB_SESSIONS = "web_sessions";
|
||||||
|
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> self;
|
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
public FlushCache(PermissionBackend permissionBackend, Provider<CurrentUser> self) {
|
public FlushCache(PermissionBackend permissionBackend) {
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.self = self;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response<String> apply(CacheResource rsrc, Input input)
|
public Response<String> apply(CacheResource rsrc, Input input)
|
||||||
throws AuthException, PermissionBackendException {
|
throws AuthException, PermissionBackendException {
|
||||||
if (WEB_SESSIONS.equals(rsrc.getName())) {
|
if (WEB_SESSIONS.equals(rsrc.getName())) {
|
||||||
permissionBackend.user(self).check(GlobalPermission.MAINTAIN_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.MAINTAIN_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
rsrc.getCache().invalidateAll();
|
rsrc.getCache().invalidateAll();
|
||||||
|
|||||||
@@ -24,7 +24,6 @@ import com.google.gerrit.extensions.restapi.RestApiException;
|
|||||||
import com.google.gerrit.extensions.restapi.RestView;
|
import com.google.gerrit.extensions.restapi.RestView;
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.reviewdb.client.RefNames;
|
import com.google.gerrit.reviewdb.client.RefNames;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
@@ -45,7 +44,6 @@ public class BranchesCollection
|
|||||||
private final DynamicMap<RestView<BranchResource>> views;
|
private final DynamicMap<RestView<BranchResource>> views;
|
||||||
private final Provider<ListBranches> list;
|
private final Provider<ListBranches> list;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final GitRepositoryManager repoManager;
|
private final GitRepositoryManager repoManager;
|
||||||
private final CreateBranch.Factory createBranchFactory;
|
private final CreateBranch.Factory createBranchFactory;
|
||||||
|
|
||||||
@@ -54,13 +52,11 @@ public class BranchesCollection
|
|||||||
DynamicMap<RestView<BranchResource>> views,
|
DynamicMap<RestView<BranchResource>> views,
|
||||||
Provider<ListBranches> list,
|
Provider<ListBranches> list,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
GitRepositoryManager repoManager,
|
GitRepositoryManager repoManager,
|
||||||
CreateBranch.Factory createBranchFactory) {
|
CreateBranch.Factory createBranchFactory) {
|
||||||
this.views = views;
|
this.views = views;
|
||||||
this.list = list;
|
this.list = list;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.repoManager = repoManager;
|
this.repoManager = repoManager;
|
||||||
this.createBranchFactory = createBranchFactory;
|
this.createBranchFactory = createBranchFactory;
|
||||||
}
|
}
|
||||||
@@ -86,7 +82,7 @@ public class BranchesCollection
|
|||||||
// rights on the symbolic reference itself. This check prevents seeing a hidden
|
// rights on the symbolic reference itself. This check prevents seeing a hidden
|
||||||
// branch simply because the symbolic reference name was visible.
|
// branch simply because the symbolic reference name was visible.
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(user)
|
.currentUser()
|
||||||
.project(project)
|
.project(project)
|
||||||
.ref(ref.isSymbolic() ? ref.getTarget().getName() : ref.getName())
|
.ref(ref.isSymbolic() ? ref.getTarget().getName() : ref.getName())
|
||||||
.check(RefPermission.READ);
|
.check(RefPermission.READ);
|
||||||
|
|||||||
@@ -179,7 +179,7 @@ public class CreateBranch implements RestModifyView<ProjectResource, BranchInput
|
|||||||
info.ref = ref;
|
info.ref = ref;
|
||||||
info.revision = revid.getName();
|
info.revision = revid.getName();
|
||||||
info.canDelete =
|
info.canDelete =
|
||||||
permissionBackend.user(identifiedUser).ref(name).testOrFalse(RefPermission.DELETE)
|
permissionBackend.currentUser().ref(name).testOrFalse(RefPermission.DELETE)
|
||||||
&& rsrc.getProjectState().statePermitsWrite()
|
&& rsrc.getProjectState().statePermitsWrite()
|
||||||
? true
|
? true
|
||||||
: null;
|
: null;
|
||||||
|
|||||||
@@ -26,7 +26,6 @@ import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
|
|||||||
import com.google.gerrit.extensions.restapi.ResourceConflictException;
|
import com.google.gerrit.extensions.restapi.ResourceConflictException;
|
||||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||||
import com.google.gerrit.server.IdentifiedUser;
|
|
||||||
import com.google.gerrit.server.WebLinks;
|
import com.google.gerrit.server.WebLinks;
|
||||||
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
|
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
|
||||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||||
@@ -39,7 +38,6 @@ import com.google.gerrit.server.project.ProjectResource;
|
|||||||
import com.google.gerrit.server.project.RefUtil;
|
import com.google.gerrit.server.project.RefUtil;
|
||||||
import com.google.gerrit.server.project.RefUtil.InvalidRevisionException;
|
import com.google.gerrit.server.project.RefUtil.InvalidRevisionException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.assistedinject.Assisted;
|
import com.google.inject.assistedinject.Assisted;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.TimeZone;
|
import java.util.TimeZone;
|
||||||
@@ -63,7 +61,6 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<IdentifiedUser> identifiedUser;
|
|
||||||
private final GitRepositoryManager repoManager;
|
private final GitRepositoryManager repoManager;
|
||||||
private final TagCache tagCache;
|
private final TagCache tagCache;
|
||||||
private final GitReferenceUpdated referenceUpdated;
|
private final GitReferenceUpdated referenceUpdated;
|
||||||
@@ -73,14 +70,12 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
|
|||||||
@Inject
|
@Inject
|
||||||
CreateTag(
|
CreateTag(
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<IdentifiedUser> identifiedUser,
|
|
||||||
GitRepositoryManager repoManager,
|
GitRepositoryManager repoManager,
|
||||||
TagCache tagCache,
|
TagCache tagCache,
|
||||||
GitReferenceUpdated referenceUpdated,
|
GitReferenceUpdated referenceUpdated,
|
||||||
WebLinks webLinks,
|
WebLinks webLinks,
|
||||||
@Assisted String ref) {
|
@Assisted String ref) {
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.identifiedUser = identifiedUser;
|
|
||||||
this.repoManager = repoManager;
|
this.repoManager = repoManager;
|
||||||
this.tagCache = tagCache;
|
this.tagCache = tagCache;
|
||||||
this.referenceUpdated = referenceUpdated;
|
this.referenceUpdated = referenceUpdated;
|
||||||
@@ -103,7 +98,7 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
|
|||||||
|
|
||||||
ref = RefUtil.normalizeTagRef(ref);
|
ref = RefUtil.normalizeTagRef(ref);
|
||||||
PermissionBackend.ForRef perm =
|
PermissionBackend.ForRef perm =
|
||||||
permissionBackend.user(identifiedUser).project(resource.getNameKey()).ref(ref);
|
permissionBackend.currentUser().project(resource.getNameKey()).ref(ref);
|
||||||
|
|
||||||
try (Repository repo = repoManager.openRepository(resource.getNameKey())) {
|
try (Repository repo = repoManager.openRepository(resource.getNameKey())) {
|
||||||
ObjectId revid = RefUtil.parseBaseRevision(repo, resource.getNameKey(), input.revision);
|
ObjectId revid = RefUtil.parseBaseRevision(repo, resource.getNameKey(), input.revision);
|
||||||
@@ -134,7 +129,10 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
|
|||||||
if (isAnnotated) {
|
if (isAnnotated) {
|
||||||
tag.setMessage(input.message)
|
tag.setMessage(input.message)
|
||||||
.setTagger(
|
.setTagger(
|
||||||
identifiedUser.get().newCommitterIdent(TimeUtil.nowTs(), TimeZone.getDefault()));
|
resource
|
||||||
|
.getUser()
|
||||||
|
.asIdentifiedUser()
|
||||||
|
.newCommitterIdent(TimeUtil.nowTs(), TimeZone.getDefault()));
|
||||||
}
|
}
|
||||||
|
|
||||||
Ref result = tag.call();
|
Ref result = tag.call();
|
||||||
@@ -145,7 +143,7 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
|
|||||||
ref,
|
ref,
|
||||||
ObjectId.zeroId(),
|
ObjectId.zeroId(),
|
||||||
result.getObjectId(),
|
result.getObjectId(),
|
||||||
identifiedUser.get().state());
|
resource.getUser().asIdentifiedUser().state());
|
||||||
try (RevWalk w = new RevWalk(repo)) {
|
try (RevWalk w = new RevWalk(repo)) {
|
||||||
return ListTags.createTagInfo(perm, result, w, resource.getProjectState(), links);
|
return ListTags.createTagInfo(perm, result, w, resource.getProjectState(), links);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -21,7 +21,6 @@ import com.google.gerrit.extensions.restapi.ResourceConflictException;
|
|||||||
import com.google.gerrit.extensions.restapi.Response;
|
import com.google.gerrit.extensions.restapi.Response;
|
||||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.gerrit.server.permissions.RefPermission;
|
import com.google.gerrit.server.permissions.RefPermission;
|
||||||
@@ -38,25 +37,22 @@ public class DeleteBranch implements RestModifyView<BranchResource, Input> {
|
|||||||
|
|
||||||
private final Provider<InternalChangeQuery> queryProvider;
|
private final Provider<InternalChangeQuery> queryProvider;
|
||||||
private final DeleteRef.Factory deleteRefFactory;
|
private final DeleteRef.Factory deleteRefFactory;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
DeleteBranch(
|
DeleteBranch(
|
||||||
Provider<InternalChangeQuery> queryProvider,
|
Provider<InternalChangeQuery> queryProvider,
|
||||||
DeleteRef.Factory deleteRefFactory,
|
DeleteRef.Factory deleteRefFactory,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
PermissionBackend permissionBackend) {
|
PermissionBackend permissionBackend) {
|
||||||
this.queryProvider = queryProvider;
|
this.queryProvider = queryProvider;
|
||||||
this.deleteRefFactory = deleteRefFactory;
|
this.deleteRefFactory = deleteRefFactory;
|
||||||
this.user = user;
|
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response<?> apply(BranchResource rsrc, Input input)
|
public Response<?> apply(BranchResource rsrc, Input input)
|
||||||
throws RestApiException, OrmException, IOException, PermissionBackendException {
|
throws RestApiException, OrmException, IOException, PermissionBackendException {
|
||||||
permissionBackend.user(user).ref(rsrc.getBranchKey()).check(RefPermission.DELETE);
|
permissionBackend.currentUser().ref(rsrc.getBranchKey()).check(RefPermission.DELETE);
|
||||||
rsrc.getProjectState().checkStatePermitsWrite();
|
rsrc.getProjectState().checkStatePermitsWrite();
|
||||||
|
|
||||||
if (!queryProvider.get().setLimit(1).byBranchOpen(rsrc.getBranchKey()).isEmpty()) {
|
if (!queryProvider.get().setLimit(1).byBranchOpen(rsrc.getBranchKey()).isEmpty()) {
|
||||||
|
|||||||
@@ -222,7 +222,7 @@ public class DeleteRef {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(identifiedUser)
|
.currentUser()
|
||||||
.project(project.getNameKey())
|
.project(project.getNameKey())
|
||||||
.ref(refName)
|
.ref(refName)
|
||||||
.check(RefPermission.DELETE);
|
.check(RefPermission.DELETE);
|
||||||
|
|||||||
@@ -18,7 +18,6 @@ import com.google.gerrit.extensions.common.Input;
|
|||||||
import com.google.gerrit.extensions.restapi.Response;
|
import com.google.gerrit.extensions.restapi.Response;
|
||||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
import com.google.gerrit.server.permissions.RefPermission;
|
import com.google.gerrit.server.permissions.RefPermission;
|
||||||
@@ -26,7 +25,6 @@ import com.google.gerrit.server.project.RefUtil;
|
|||||||
import com.google.gerrit.server.project.TagResource;
|
import com.google.gerrit.server.project.TagResource;
|
||||||
import com.google.gwtorm.server.OrmException;
|
import com.google.gwtorm.server.OrmException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import com.google.inject.Singleton;
|
import com.google.inject.Singleton;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
@@ -34,16 +32,11 @@ import java.io.IOException;
|
|||||||
public class DeleteTag implements RestModifyView<TagResource, Input> {
|
public class DeleteTag implements RestModifyView<TagResource, Input> {
|
||||||
|
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final DeleteRef.Factory deleteRefFactory;
|
private final DeleteRef.Factory deleteRefFactory;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
DeleteTag(
|
DeleteTag(PermissionBackend permissionBackend, DeleteRef.Factory deleteRefFactory) {
|
||||||
PermissionBackend permissionBackend,
|
|
||||||
Provider<CurrentUser> user,
|
|
||||||
DeleteRef.Factory deleteRefFactory) {
|
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.deleteRefFactory = deleteRefFactory;
|
this.deleteRefFactory = deleteRefFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -52,7 +45,7 @@ public class DeleteTag implements RestModifyView<TagResource, Input> {
|
|||||||
throws OrmException, RestApiException, IOException, PermissionBackendException {
|
throws OrmException, RestApiException, IOException, PermissionBackendException {
|
||||||
String tag = RefUtil.normalizeTagRef(resource.getTagInfo().ref);
|
String tag = RefUtil.normalizeTagRef(resource.getTagInfo().ref);
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(user)
|
.currentUser()
|
||||||
.project(resource.getNameKey())
|
.project(resource.getNameKey())
|
||||||
.ref(tag)
|
.ref(tag)
|
||||||
.check(RefPermission.DELETE);
|
.check(RefPermission.DELETE);
|
||||||
|
|||||||
@@ -137,7 +137,7 @@ public class GetAccess implements RestReadView<ProjectResource> {
|
|||||||
Project.NameKey projectName = rsrc.getNameKey();
|
Project.NameKey projectName = rsrc.getNameKey();
|
||||||
ProjectAccessInfo info = new ProjectAccessInfo();
|
ProjectAccessInfo info = new ProjectAccessInfo();
|
||||||
ProjectState projectState = projectCache.checkedGet(projectName);
|
ProjectState projectState = projectCache.checkedGet(projectName);
|
||||||
PermissionBackend.ForProject perm = permissionBackend.user(user).project(projectName);
|
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(projectName);
|
||||||
|
|
||||||
ProjectConfig config;
|
ProjectConfig config;
|
||||||
try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
|
try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
|
||||||
@@ -160,12 +160,12 @@ public class GetAccess implements RestReadView<ProjectResource> {
|
|||||||
config.commit(md);
|
config.commit(md);
|
||||||
projectCache.evict(config.getProject());
|
projectCache.evict(config.getProject());
|
||||||
projectState = projectCache.checkedGet(projectName);
|
projectState = projectCache.checkedGet(projectName);
|
||||||
perm = permissionBackend.user(user).project(projectName);
|
perm = permissionBackend.currentUser().project(projectName);
|
||||||
} else if (config.getRevision() != null
|
} else if (config.getRevision() != null
|
||||||
&& !config.getRevision().equals(projectState.getConfig().getRevision())) {
|
&& !config.getRevision().equals(projectState.getConfig().getRevision())) {
|
||||||
projectCache.evict(config.getProject());
|
projectCache.evict(config.getProject());
|
||||||
projectState = projectCache.checkedGet(projectName);
|
projectState = projectCache.checkedGet(projectName);
|
||||||
perm = permissionBackend.user(user).project(projectName);
|
perm = permissionBackend.currentUser().project(projectName);
|
||||||
}
|
}
|
||||||
} catch (ConfigInvalidException e) {
|
} catch (ConfigInvalidException e) {
|
||||||
throw new ResourceConflictException(e.getMessage());
|
throw new ResourceConflictException(e.getMessage());
|
||||||
@@ -239,7 +239,7 @@ public class GetAccess implements RestReadView<ProjectResource> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (info.ownerOf.isEmpty()
|
if (info.ownerOf.isEmpty()
|
||||||
&& permissionBackend.user(user).test(GlobalPermission.ADMINISTRATE_SERVER)) {
|
&& permissionBackend.currentUser().test(GlobalPermission.ADMINISTRATE_SERVER)) {
|
||||||
// Special case: If the section list is empty, this project has no current
|
// Special case: If the section list is empty, this project has no current
|
||||||
// access control information. Fall back to site administrators.
|
// access control information. Fall back to site administrators.
|
||||||
info.ownerOf.add(AccessSection.ALL);
|
info.ownerOf.add(AccessSection.ALL);
|
||||||
@@ -255,7 +255,7 @@ public class GetAccess implements RestReadView<ProjectResource> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (projectName.equals(allProjectsName)
|
if (projectName.equals(allProjectsName)
|
||||||
&& permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER)) {
|
&& permissionBackend.currentUser().testOrFalse(ADMINISTRATE_SERVER)) {
|
||||||
info.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
|
info.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -40,7 +40,6 @@ import com.google.gerrit.server.project.ProjectResource;
|
|||||||
import com.google.gerrit.server.project.ProjectState;
|
import com.google.gerrit.server.project.ProjectState;
|
||||||
import com.google.gerrit.server.project.RefFilter;
|
import com.google.gerrit.server.project.RefFilter;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
@@ -58,7 +57,6 @@ import org.kohsuke.args4j.Option;
|
|||||||
public class ListBranches implements RestReadView<ProjectResource> {
|
public class ListBranches implements RestReadView<ProjectResource> {
|
||||||
private final GitRepositoryManager repoManager;
|
private final GitRepositoryManager repoManager;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final DynamicMap<RestView<BranchResource>> branchViews;
|
private final DynamicMap<RestView<BranchResource>> branchViews;
|
||||||
private final UiActions uiActions;
|
private final UiActions uiActions;
|
||||||
private final WebLinks webLinks;
|
private final WebLinks webLinks;
|
||||||
@@ -112,13 +110,11 @@ public class ListBranches implements RestReadView<ProjectResource> {
|
|||||||
public ListBranches(
|
public ListBranches(
|
||||||
GitRepositoryManager repoManager,
|
GitRepositoryManager repoManager,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
DynamicMap<RestView<BranchResource>> branchViews,
|
DynamicMap<RestView<BranchResource>> branchViews,
|
||||||
UiActions uiActions,
|
UiActions uiActions,
|
||||||
WebLinks webLinks) {
|
WebLinks webLinks) {
|
||||||
this.repoManager = repoManager;
|
this.repoManager = repoManager;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.branchViews = branchViews;
|
this.branchViews = branchViews;
|
||||||
this.uiActions = uiActions;
|
this.uiActions = uiActions;
|
||||||
this.webLinks = webLinks;
|
this.webLinks = webLinks;
|
||||||
@@ -183,7 +179,7 @@ public class ListBranches implements RestReadView<ProjectResource> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
PermissionBackend.ForProject perm = permissionBackend.user(user).project(rsrc.getNameKey());
|
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(rsrc.getNameKey());
|
||||||
List<BranchInfo> branches = new ArrayList<>(refs.size());
|
List<BranchInfo> branches = new ArrayList<>(refs.size());
|
||||||
for (Ref ref : refs) {
|
for (Ref ref : refs) {
|
||||||
if (ref.isSymbolic()) {
|
if (ref.isSymbolic()) {
|
||||||
|
|||||||
@@ -20,7 +20,6 @@ import com.google.gerrit.extensions.common.ProjectInfo;
|
|||||||
import com.google.gerrit.extensions.restapi.ResourceConflictException;
|
import com.google.gerrit.extensions.restapi.ResourceConflictException;
|
||||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.config.AllProjectsName;
|
import com.google.gerrit.server.config.AllProjectsName;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
@@ -31,7 +30,6 @@ import com.google.gerrit.server.project.ProjectJson;
|
|||||||
import com.google.gerrit.server.project.ProjectResource;
|
import com.google.gerrit.server.project.ProjectResource;
|
||||||
import com.google.gerrit.server.project.ProjectState;
|
import com.google.gerrit.server.project.ProjectState;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@@ -44,7 +42,6 @@ public class ListChildProjects implements RestReadView<ProjectResource> {
|
|||||||
|
|
||||||
private final ProjectCache projectCache;
|
private final ProjectCache projectCache;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final AllProjectsName allProjects;
|
private final AllProjectsName allProjects;
|
||||||
private final ProjectJson json;
|
private final ProjectJson json;
|
||||||
private final ChildProjects childProjects;
|
private final ChildProjects childProjects;
|
||||||
@@ -53,13 +50,11 @@ public class ListChildProjects implements RestReadView<ProjectResource> {
|
|||||||
ListChildProjects(
|
ListChildProjects(
|
||||||
ProjectCache projectCache,
|
ProjectCache projectCache,
|
||||||
PermissionBackend permissionBackend,
|
PermissionBackend permissionBackend,
|
||||||
Provider<CurrentUser> user,
|
|
||||||
AllProjectsName allProjectsName,
|
AllProjectsName allProjectsName,
|
||||||
ProjectJson json,
|
ProjectJson json,
|
||||||
ChildProjects childProjects) {
|
ChildProjects childProjects) {
|
||||||
this.projectCache = projectCache;
|
this.projectCache = projectCache;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.allProjects = allProjectsName;
|
this.allProjects = allProjectsName;
|
||||||
this.json = json;
|
this.json = json;
|
||||||
this.childProjects = childProjects;
|
this.childProjects = childProjects;
|
||||||
@@ -90,7 +85,7 @@ public class ListChildProjects implements RestReadView<ProjectResource> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
return permissionBackend
|
return permissionBackend
|
||||||
.user(user)
|
.currentUser()
|
||||||
.filter(ProjectPermission.ACCESS, children.keySet())
|
.filter(ProjectPermission.ACCESS, children.keySet())
|
||||||
.stream()
|
.stream()
|
||||||
.sorted()
|
.sorted()
|
||||||
|
|||||||
@@ -20,7 +20,6 @@ import com.google.gerrit.extensions.api.projects.DashboardInfo;
|
|||||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||||
@@ -29,7 +28,6 @@ import com.google.gerrit.server.permissions.RefPermission;
|
|||||||
import com.google.gerrit.server.project.ProjectResource;
|
import com.google.gerrit.server.project.ProjectResource;
|
||||||
import com.google.gerrit.server.project.ProjectState;
|
import com.google.gerrit.server.project.ProjectState;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
@@ -53,19 +51,14 @@ public class ListDashboards implements RestReadView<ProjectResource> {
|
|||||||
|
|
||||||
private final GitRepositoryManager gitManager;
|
private final GitRepositoryManager gitManager;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
|
|
||||||
@Option(name = "--inherited", usage = "include inherited dashboards")
|
@Option(name = "--inherited", usage = "include inherited dashboards")
|
||||||
private boolean inherited;
|
private boolean inherited;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
ListDashboards(
|
ListDashboards(GitRepositoryManager gitManager, PermissionBackend permissionBackend) {
|
||||||
GitRepositoryManager gitManager,
|
|
||||||
PermissionBackend permissionBackend,
|
|
||||||
Provider<CurrentUser> user) {
|
|
||||||
this.gitManager = gitManager;
|
this.gitManager = gitManager;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -98,13 +91,13 @@ public class ListDashboards implements RestReadView<ProjectResource> {
|
|||||||
tree.put(ps.getNameKey(), ps);
|
tree.put(ps.getNameKey(), ps);
|
||||||
}
|
}
|
||||||
tree.keySet()
|
tree.keySet()
|
||||||
.retainAll(permissionBackend.user(user).filter(ProjectPermission.ACCESS, tree.keySet()));
|
.retainAll(permissionBackend.currentUser().filter(ProjectPermission.ACCESS, tree.keySet()));
|
||||||
return tree.values();
|
return tree.values();
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<DashboardInfo> scan(ProjectState state, String project, boolean setDefault)
|
private List<DashboardInfo> scan(ProjectState state, String project, boolean setDefault)
|
||||||
throws ResourceNotFoundException, IOException, PermissionBackendException {
|
throws ResourceNotFoundException, IOException, PermissionBackendException {
|
||||||
PermissionBackend.ForProject perm = permissionBackend.user(user).project(state.getNameKey());
|
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(state.getNameKey());
|
||||||
try (Repository git = gitManager.openRepository(state.getNameKey());
|
try (Repository git = gitManager.openRepository(state.getNameKey());
|
||||||
RevWalk rw = new RevWalk(git)) {
|
RevWalk rw = new RevWalk(git)) {
|
||||||
List<DashboardInfo> all = new ArrayList<>();
|
List<DashboardInfo> all = new ArrayList<>();
|
||||||
|
|||||||
@@ -24,7 +24,6 @@ import com.google.gerrit.extensions.restapi.RestApiException;
|
|||||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.server.CommonConverters;
|
import com.google.gerrit.server.CommonConverters;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.WebLinks;
|
import com.google.gerrit.server.WebLinks;
|
||||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||||
@@ -35,7 +34,6 @@ import com.google.gerrit.server.project.ProjectResource;
|
|||||||
import com.google.gerrit.server.project.ProjectState;
|
import com.google.gerrit.server.project.ProjectState;
|
||||||
import com.google.gerrit.server.project.RefFilter;
|
import com.google.gerrit.server.project.RefFilter;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.Provider;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.sql.Timestamp;
|
import java.sql.Timestamp;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
@@ -58,7 +56,6 @@ import org.kohsuke.args4j.Option;
|
|||||||
public class ListTags implements RestReadView<ProjectResource> {
|
public class ListTags implements RestReadView<ProjectResource> {
|
||||||
private final GitRepositoryManager repoManager;
|
private final GitRepositoryManager repoManager;
|
||||||
private final PermissionBackend permissionBackend;
|
private final PermissionBackend permissionBackend;
|
||||||
private final Provider<CurrentUser> user;
|
|
||||||
private final WebLinks links;
|
private final WebLinks links;
|
||||||
|
|
||||||
@Option(
|
@Option(
|
||||||
@@ -108,13 +105,9 @@ public class ListTags implements RestReadView<ProjectResource> {
|
|||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
public ListTags(
|
public ListTags(
|
||||||
GitRepositoryManager repoManager,
|
GitRepositoryManager repoManager, PermissionBackend permissionBackend, WebLinks webLinks) {
|
||||||
PermissionBackend permissionBackend,
|
|
||||||
Provider<CurrentUser> user,
|
|
||||||
WebLinks webLinks) {
|
|
||||||
this.repoManager = repoManager;
|
this.repoManager = repoManager;
|
||||||
this.permissionBackend = permissionBackend;
|
this.permissionBackend = permissionBackend;
|
||||||
this.user = user;
|
|
||||||
this.links = webLinks;
|
this.links = webLinks;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -133,7 +126,8 @@ public class ListTags implements RestReadView<ProjectResource> {
|
|||||||
|
|
||||||
List<TagInfo> tags = new ArrayList<>();
|
List<TagInfo> tags = new ArrayList<>();
|
||||||
|
|
||||||
PermissionBackend.ForProject perm = permissionBackend.user(user).project(resource.getNameKey());
|
PermissionBackend.ForProject perm =
|
||||||
|
permissionBackend.currentUser().project(resource.getNameKey());
|
||||||
try (Repository repo = getRepository(resource.getNameKey());
|
try (Repository repo = getRepository(resource.getNameKey());
|
||||||
RevWalk rw = new RevWalk(repo)) {
|
RevWalk rw = new RevWalk(repo)) {
|
||||||
Map<String, Ref> all =
|
Map<String, Ref> all =
|
||||||
@@ -236,7 +230,7 @@ public class ListTags implements RestReadView<ProjectResource> {
|
|||||||
Project.NameKey project, Repository repo, Map<String, Ref> tags)
|
Project.NameKey project, Repository repo, Map<String, Ref> tags)
|
||||||
throws PermissionBackendException {
|
throws PermissionBackendException {
|
||||||
return permissionBackend
|
return permissionBackend
|
||||||
.user(user)
|
.currentUser()
|
||||||
.project(project)
|
.project(project)
|
||||||
.filter(
|
.filter(
|
||||||
tags,
|
tags,
|
||||||
|
|||||||
@@ -151,7 +151,7 @@ public class ProjectsCollection
|
|||||||
|
|
||||||
if (checkAccess) {
|
if (checkAccess) {
|
||||||
try {
|
try {
|
||||||
permissionBackend.user(user).project(nameKey).check(ProjectPermission.ACCESS);
|
permissionBackend.currentUser().project(nameKey).check(ProjectPermission.ACCESS);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
return null; // Pretend like not found on access denied.
|
return null; // Pretend like not found on access denied.
|
||||||
}
|
}
|
||||||
@@ -161,7 +161,7 @@ public class ProjectsCollection
|
|||||||
// ACTIVE). Individual views should still check for checkStatePermitsRead() and this should
|
// ACTIVE). Individual views should still check for checkStatePermitsRead() and this should
|
||||||
// just serve as a safety net in case the individual check is forgotten.
|
// just serve as a safety net in case the individual check is forgotten.
|
||||||
try {
|
try {
|
||||||
permissionBackend.user(user).project(nameKey).check(ProjectPermission.WRITE_CONFIG);
|
permissionBackend.currentUser().project(nameKey).check(ProjectPermission.WRITE_CONFIG);
|
||||||
} catch (AuthException e) {
|
} catch (AuthException e) {
|
||||||
state.checkStatePermitsRead();
|
state.checkStatePermitsRead();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -111,7 +111,10 @@ public class PutConfig implements RestModifyView<ProjectResource, ConfigInput> {
|
|||||||
@Override
|
@Override
|
||||||
public ConfigInfo apply(ProjectResource rsrc, ConfigInput input)
|
public ConfigInfo apply(ProjectResource rsrc, ConfigInput input)
|
||||||
throws RestApiException, PermissionBackendException {
|
throws RestApiException, PermissionBackendException {
|
||||||
permissionBackend.user(user).project(rsrc.getNameKey()).check(ProjectPermission.WRITE_CONFIG);
|
permissionBackend
|
||||||
|
.currentUser()
|
||||||
|
.project(rsrc.getNameKey())
|
||||||
|
.check(ProjectPermission.WRITE_CONFIG);
|
||||||
return apply(rsrc.getProjectState(), input);
|
return apply(rsrc.getProjectState(), input);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -97,12 +97,12 @@ public class SetAccess implements RestModifyView<ProjectResource, ProjectAccessI
|
|||||||
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
|
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
|
||||||
if (isGlobalCapabilities) {
|
if (isGlobalCapabilities) {
|
||||||
if (!checkedAdmin) {
|
if (!checkedAdmin) {
|
||||||
permissionBackend.user(identifiedUser).check(GlobalPermission.ADMINISTRATE_SERVER);
|
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||||
checkedAdmin = true;
|
checkedAdmin = true;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
permissionBackend
|
permissionBackend
|
||||||
.user(identifiedUser)
|
.currentUser()
|
||||||
.project(rsrc.getNameKey())
|
.project(rsrc.getNameKey())
|
||||||
.ref(section.getName())
|
.ref(section.getName())
|
||||||
.check(RefPermission.WRITE_CONFIG);
|
.check(RefPermission.WRITE_CONFIG);
|
||||||
|
|||||||
Submodule plugins/replication updated: d8f5bcec21...9a24a2368a
Reference in New Issue
Block a user