opendev/gerrit
Code Issues Proposed changes

Remove PermissionBackend#user(Provider<CurrentUser>)

Browse Source 
Checking permissions of users that aren't the caller on the current request
can have implications on the security of the system. The most prominent
one is creating a group-oracle.

To limit the cases where we could potentially expose Gerrit to these
threats, PermissionBackend removes the method that was operating solely
on the provider of the current user.

Change-Id: I601ea1200a15a5f262ca0770b23cc1c7bee126b1
This commit is contained in:
Patrick Hiesel
2018-02-20 12:19:33 +01:00
parent 659ea71969
commit 4bdef6c030
78 changed files with 124 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/com/google/gerrit/acceptance/InProcessProtocol.java
View File

@@ -208,7 +208,6 @@ class InProcessProtocol extends TestProtocol<Context> {
}
private static class Upload implements UploadPackFactory<Context> {
private final Provider<CurrentUser> userProvider;
private final TransferConfig transferConfig;
private final DynamicSet<UploadPackInitializer> uploadPackInitializers;
private final DynamicSet<PreUploadHook> preUploadHooks;
@@ -219,7 +218,6 @@ class InProcessProtocol extends TestProtocol<Context> {
@Inject
Upload(
Provider<CurrentUser> userProvider,
TransferConfig transferConfig,
DynamicSet<UploadPackInitializer> uploadPackInitializers,
DynamicSet<PreUploadHook> preUploadHooks,
@@ -227,7 +225,6 @@ class InProcessProtocol extends TestProtocol<Context> {
ThreadLocalRequestContext threadContext,
ProjectCache projectCache,
PermissionBackend permissionBackend) {
this.userProvider = userProvider;
this.transferConfig = transferConfig;
this.uploadPackInitializers = uploadPackInitializers;
this.preUploadHooks = preUploadHooks;
@@ -246,7 +243,7 @@ class InProcessProtocol extends TestProtocol<Context> {
threadContext.setContext(req);
current.set(req);
PermissionBackend.ForProject perm = permissionBackend.user(userProvider).project(req.project);
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(req.project);
try {
perm.check(ProjectPermission.RUN_UPLOAD_PACK);
} catch (AuthException e) {
@@ -318,7 +315,7 @@ class InProcessProtocol extends TestProtocol<Context> {
current.set(req);
try {
permissionBackend
.user(userProvider)
.currentUser()
.project(req.project)
.check(ProjectPermission.RUN_RECEIVE_PACK);
} catch (AuthException e) {

4
java/com/google/gerrit/httpd/GitOverHttpServlet.java
View File

@@ -261,7 +261,7 @@ public class GitOverHttpServlet extends GitServlet {
ProjectState state = (ProjectState) request.getAttribute(ATT_STATE);
UploadPack up = (UploadPack) request.getAttribute(ServletUtils.ATTRIBUTE_HANDLER);
PermissionBackend.ForProject perm =
permissionBackend.user(userProvider).project(state.getNameKey());
permissionBackend.currentUser().project(state.getNameKey());
try {
perm.check(ProjectPermission.RUN_UPLOAD_PACK);
} catch (AuthException e) {
@@ -356,7 +356,7 @@ public class GitOverHttpServlet extends GitServlet {
Capable s;
try {
permissionBackend
.user(userProvider)
.currentUser()
.project(state.getNameKey())
.check(ProjectPermission.RUN_RECEIVE_PACK);
s = arc.canUpload();

9
java/com/google/gerrit/httpd/gitweb/GitwebServlet.java
View File

@@ -112,11 +112,11 @@ class GitwebServlet extends HttpServlet {
GitRepositoryManager repoManager,
ProjectCache projectCache,
PermissionBackend permissionBackend,
Provider<AnonymousUser> anonymousUserProvider,
Provider<CurrentUser> userProvider,
SitePaths site,
@GerritServerConfig Config cfg,
SshInfo sshInfo,
Provider<AnonymousUser> anonymousUserProvider,
GitwebConfig gitwebConfig,
GitwebCgiConfig gitwebCgiConfig)
throws IOException {
@@ -423,7 +423,10 @@ class GitwebServlet extends HttpServlet {
}
projectState.checkStatePermitsRead();
permissionBackend.user(userProvider).project(nameKey).check(ProjectPermission.READ);
permissionBackend
.user(anonymousUserProvider.get())
.project(nameKey)
.check(ProjectPermission.READ);
} catch (AuthException e) {
sendErrorOrRedirect(req, rsp, HttpServletResponse.SC_NOT_FOUND);
return;
@@ -584,7 +587,7 @@ class GitwebServlet extends HttpServlet {
if (projectState.statePermitsRead()
&& permissionBackend
.user(anonymousUserProvider)
.user(anonymousUserProvider.get())
.project(nameKey)
.testOrFalse(ProjectPermission.READ)) {
env.set("GERRIT_ANONYMOUS_READ", "1");

6
java/com/google/gerrit/httpd/raw/CatServlet.java
View File

@@ -21,7 +21,6 @@ import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.Patch;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.PatchSetUtil;
import com.google.gerrit.server.edit.ChangeEdit;
import com.google.gerrit.server.edit.ChangeEditUtil;
@@ -54,7 +53,6 @@ import org.eclipse.jgit.lib.ObjectId;
@Singleton
public class CatServlet extends HttpServlet {
private final Provider<ReviewDb> requestDb;
private final Provider<CurrentUser> userProvider;
private final ChangeEditUtil changeEditUtil;
private final PatchSetUtil psUtil;
private final ChangeNotes.Factory changeNotesFactory;
@@ -64,14 +62,12 @@ public class CatServlet extends HttpServlet {
@Inject
CatServlet(
Provider<ReviewDb> sf,
Provider<CurrentUser> usrprv,
ChangeEditUtil ceu,
PatchSetUtil psu,
ChangeNotes.Factory cnf,
PermissionBackend pb,
ProjectCache pc) {
requestDb = sf;
userProvider = usrprv;
changeEditUtil = ceu;
psUtil = psu;
changeNotesFactory = cnf;
@@ -132,7 +128,7 @@ public class CatServlet extends HttpServlet {
try {
ChangeNotes notes = changeNotesFactory.createChecked(changeId);
permissionBackend
.user(userProvider)
.currentUser()
.change(notes)
.database(requestDb)
.check(ChangePermission.READ);

4
java/com/google/gerrit/httpd/restapi/RestApiServlet.java
View File

@@ -295,7 +295,7 @@ public class RestApiServlet extends HttpServlet {
RestCollection<RestResource, RestResource> rc = members.get();
globals
.permissionBackend
.user(globals.currentUser)
.user(globals.currentUser.get())
.checkAny(GlobalPermission.fromAnnotation(rc.getClass()));
viewData = new ViewData(null, null);
@@ -1189,7 +1189,7 @@ public class RestApiServlet extends HttpServlet {
throws AuthException, PermissionBackendException {
globals
.permissionBackend
.user(globals.currentUser)
.user(globals.currentUser.get())
.checkAny(GlobalPermission.fromAnnotation(d.pluginName, d.view.getClass()));
}

8
java/com/google/gerrit/httpd/rpc/project/ProjectAccessFactory.java
View File

@@ -131,7 +131,7 @@ class ProjectAccessFactory extends Handler<ProjectAccess> {
List<AccessSection> local = new ArrayList<>();
Set<String> ownerOf = new HashSet<>();
Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
PermissionBackend.ForProject perm = permissionBackend.user(user).project(projectName);
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(projectName);
boolean checkReadConfig = check(perm, RefNames.REFS_CONFIG, READ);
boolean canWriteProjectConfig = true;
try {
@@ -217,7 +217,7 @@ class ProjectAccessFactory extends Handler<ProjectAccess> {
detail.setInheritsFrom(config.getProject().getParent(allProjectsName));
if (projectName.equals(allProjectsName)
&& permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER)) {
&& permissionBackend.currentUser().testOrFalse(ADMINISTRATE_SERVER)) {
ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
}
@@ -265,7 +265,7 @@ class ProjectAccessFactory extends Handler<ProjectAccess> {
ResourceConflictException {
ProjectState state = projectCache.checkedGet(projectName);
try {
permissionBackend.user(user).project(projectName).check(ProjectPermission.ACCESS);
permissionBackend.currentUser().project(projectName).check(ProjectPermission.ACCESS);
} catch (AuthException e) {
throw new NoSuchProjectException(projectName);
}
@@ -285,7 +285,7 @@ class ProjectAccessFactory extends Handler<ProjectAccess> {
private boolean isAdmin() throws PermissionBackendException {
try {
permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
return true;
} catch (AuthException e) {
return false;

6
java/com/google/gerrit/metrics/dropwizard/MetricsCollection.java
View File

@@ -21,7 +21,6 @@ import com.google.gerrit.extensions.restapi.ChildCollection;
import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.ConfigResource;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
@@ -35,7 +34,6 @@ class MetricsCollection implements ChildCollection<ConfigResource, MetricResourc
private final DynamicMap<RestView<MetricResource>> views;
private final Provider<ListMetrics> list;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final DropWizardMetricMaker metrics;
@Inject
@@ -43,12 +41,10 @@ class MetricsCollection implements ChildCollection<ConfigResource, MetricResourc
DynamicMap<RestView<MetricResource>> views,
Provider<ListMetrics> list,
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
DropWizardMetricMaker metrics) {
this.views = views;
this.list = list;
this.permissionBackend = permissionBackend;
this.user = user;
this.metrics = metrics;
}
@@ -65,7 +61,7 @@ class MetricsCollection implements ChildCollection<ConfigResource, MetricResourc
@Override
public MetricResource parse(ConfigResource parent, IdString id)
throws ResourceNotFoundException, AuthException, PermissionBackendException {
permissionBackend.user(user).check(GlobalPermission.VIEW_CACHES);
permissionBackend.currentUser().check(GlobalPermission.VIEW_CACHES);
Metric metric = metrics.getMetric(id.get());
if (metric == null) {

2
java/com/google/gerrit/server/api/accounts/AccountsImpl.java
View File

@@ -100,7 +100,7 @@ public class AccountsImpl implements Accounts {
}
try {
CreateAccount impl = createAccount.create(in.username);
permissionBackend.user(self).checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
permissionBackend.currentUser().checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
AccountInfo info = impl.apply(TopLevelResource.INSTANCE, in).value();
return id(info._accountId);
} catch (Exception e) {

6
java/com/google/gerrit/server/api/groups/GroupsImpl.java
View File

@@ -26,7 +26,6 @@ import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.TopLevelResource;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
@@ -49,7 +48,6 @@ class GroupsImpl implements Groups {
private final ProjectsCollection projects;
private final Provider<ListGroups> listGroups;
private final Provider<QueryGroups> queryGroups;
private final Provider<CurrentUser> user;
private final PermissionBackend permissionBackend;
private final CreateGroup.Factory createGroup;
private final GroupApiImpl.Factory api;
@@ -61,7 +59,6 @@ class GroupsImpl implements Groups {
ProjectsCollection projects,
Provider<ListGroups> listGroups,
Provider<QueryGroups> queryGroups,
Provider<CurrentUser> user,
PermissionBackend permissionBackend,
CreateGroup.Factory createGroup,
GroupApiImpl.Factory api) {
@@ -70,7 +67,6 @@ class GroupsImpl implements Groups {
this.projects = projects;
this.listGroups = listGroups;
this.queryGroups = queryGroups;
this.user = user;
this.permissionBackend = permissionBackend;
this.createGroup = createGroup;
this.api = api;
@@ -95,7 +91,7 @@ class GroupsImpl implements Groups {
}
try {
CreateGroup impl = createGroup.create(in.name);
permissionBackend.user(user).checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
permissionBackend.currentUser().checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
GroupInfo info = impl.apply(TopLevelResource.INSTANCE, in);
return id(info.id);
} catch (Exception e) {

7
java/com/google/gerrit/server/args4j/ProjectHandler.java
View File

@@ -17,7 +17,6 @@ package com.google.gerrit.server.args4j;
import com.google.gerrit.common.ProjectUtil;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.ProjectPermission;
@@ -25,7 +24,6 @@ import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.assistedinject.Assisted;
import java.io.IOException;
import org.kohsuke.args4j.CmdLineException;
@@ -42,20 +40,17 @@ public class ProjectHandler extends OptionHandler<ProjectState> {
private final ProjectCache projectCache;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
@Inject
public ProjectHandler(
ProjectCache projectCache,
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
@Assisted final CmdLineParser parser,
@Assisted final OptionDef option,
@Assisted final Setter<ProjectState> setter) {
super(parser, option, setter);
this.projectCache = projectCache;
this.permissionBackend = permissionBackend;
this.user = user;
}
@Override
@@ -84,7 +79,7 @@ public class ProjectHandler extends OptionHandler<ProjectState> {
if (state == null) {
throw new CmdLineException(owner, String.format("project %s not found", nameWithoutSuffix));
}
permissionBackend.user(user).project(nameKey).check(ProjectPermission.ACCESS);
permissionBackend.currentUser().project(nameKey).check(ProjectPermission.ACCESS);
} catch (AuthException e) {
throw new CmdLineException(owner, new NoSuchProjectException(nameKey).getMessage());
} catch (PermissionBackendException | IOException e) {

2
java/com/google/gerrit/server/edit/ChangeEditModifier.java
View File

@@ -400,7 +400,7 @@ public class ChangeEditModifier {
}
try {
permissionBackend
.user(currentUser)
.currentUser()
.database(reviewDb)
.change(notes)
.check(ChangePermission.ADD_PATCH_SET);

8
java/com/google/gerrit/server/extensions/webui/UiActions.java
View File

@@ -31,13 +31,11 @@ import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.extensions.webui.PrivateInternals_UiActionDescription;
import com.google.gerrit.extensions.webui.UiAction;
import com.google.gerrit.extensions.webui.UiAction.Description;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendCondition;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.HashMap;
import java.util.Iterator;
@@ -57,12 +55,10 @@ public class UiActions {
}
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> userProvider;
@Inject
UiActions(PermissionBackend permissionBackend, Provider<CurrentUser> userProvider) {
UiActions(PermissionBackend permissionBackend) {
this.permissionBackend = permissionBackend;
this.userProvider = userProvider;
}
public <R extends RestResource> Iterable<UiAction.Description> from(
@@ -146,7 +142,7 @@ public class UiActions {
return null;
}
if (!globalRequired.isEmpty()) {
PermissionBackend.WithUser withUser = permissionBackend.user(userProvider);
PermissionBackend.WithUser withUser = permissionBackend.currentUser();
Iterator<GlobalOrPluginPermission> i = globalRequired.iterator();
BooleanCondition p = withUser.testCond(i.next());
while (i.hasNext()) {

6
java/com/google/gerrit/server/patch/PatchScriptFactory.java
View File

@@ -205,11 +205,7 @@ public class PatchScriptFactory implements Callable<PatchScript> {
PatchSet psEntityB = psb.get() == 0 ? new PatchSet(psb) : psUtil.get(db, notes, psb);
if (psEntityA != null || psEntityB != null) {
try {
permissionBackend
.user(userProvider)
.change(notes)
.database(db)
.check(ChangePermission.READ);
permissionBackend.currentUser().change(notes).database(db).check(ChangePermission.READ);
} catch (AuthException e) {
throw new NoSuchChangeException(changeId);
}

8
java/com/google/gerrit/server/permissions/PermissionBackend.java
View File

@@ -99,14 +99,6 @@ public abstract class PermissionBackend {
*/
public abstract WithUser user(CurrentUser user);
/**
* @return lightweight factory scoped to answer for the specified user. If an instance scoped to
* the current user is desired, use {@code currentUser()} instead.
*/
public <U extends CurrentUser> WithUser user(Provider<U> user) {
return user(checkNotNull(user, "Provider<CurrentUser>").get());
}
/**
* Bulk evaluate a set of {@link PermissionBackendCondition} for view handling.
*

9
java/com/google/gerrit/server/plugins/DisablePlugin.java
View File

@@ -19,33 +19,28 @@ import com.google.gerrit.extensions.common.Input;
import com.google.gerrit.extensions.common.PluginInfo;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
@Singleton
public class DisablePlugin implements RestModifyView<PluginResource, Input> {
private final PluginLoader loader;
private final Provider<IdentifiedUser> user;
private final PermissionBackend permissionBackend;
@Inject
DisablePlugin(
PluginLoader loader, Provider<IdentifiedUser> user, PermissionBackend permissionBackend) {
DisablePlugin(PluginLoader loader, PermissionBackend permissionBackend) {
this.loader = loader;
this.user = user;
this.permissionBackend = permissionBackend;
}
@Override
public PluginInfo apply(PluginResource resource, Input input) throws RestApiException {
try {
permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
} catch (PermissionBackendException e) {
throw new RestApiException("Could not check permission", e);
}

7
java/com/google/gerrit/server/project/ChildProjects.java
View File

@@ -20,13 +20,11 @@ import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Multimap;
import com.google.gerrit.extensions.common.ProjectInfo;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.ArrayList;
import java.util.HashMap;
@@ -38,7 +36,6 @@ import java.util.Map;
public class ChildProjects {
private final ProjectCache projectCache;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final AllProjectsName allProjects;
private final ProjectJson json;
@@ -46,12 +43,10 @@ public class ChildProjects {
ChildProjects(
ProjectCache projectCache,
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
AllProjectsName allProjectsName,
ProjectJson json) {
this.projectCache = projectCache;
this.permissionBackend = permissionBackend;
this.user = user;
this.allProjects = allProjectsName;
this.json = json;
}
@@ -60,7 +55,7 @@ public class ChildProjects {
public List<ProjectInfo> list(Project.NameKey parent) throws PermissionBackendException {
Map<Project.NameKey, Project> projects = readAllProjects();
Multimap<Project.NameKey, Project.NameKey> children = parentToChildren(projects);
PermissionBackend.WithUser perm = permissionBackend.user(user);
PermissionBackend.WithUser perm = permissionBackend.currentUser();
List<ProjectInfo> results = new ArrayList<>();
depthFirstFormat(results, perm, projects, children, parent);

4
java/com/google/gerrit/server/project/CreateRefControl.java
View File

@@ -75,7 +75,7 @@ public class CreateRefControl {
}
ps.checkStatePermitsWrite();
PermissionBackend.ForRef perm = permissionBackend.user(user).ref(branch);
PermissionBackend.ForRef perm = permissionBackend.user(user.get()).ref(branch);
if (object instanceof RevCommit) {
perm.check(RefPermission.CREATE);
checkCreateCommit(repo, (RevCommit) object, ps, perm);
@@ -105,7 +105,7 @@ public class CreateRefControl {
// If the tag has a PGP signature, allow a lower level of permission
// than if it doesn't have a PGP signature.
PermissionBackend.ForRef forRef = permissionBackend.user(user).ref(branch);
PermissionBackend.ForRef forRef = permissionBackend.user(user.get()).ref(branch);
if (tag.getFullMessage().contains("-----BEGIN PGP SIGNATURE-----\n")) {
forRef.check(RefPermission.CREATE_SIGNED_TAG);
} else {

8
java/com/google/gerrit/server/project/Reachable.java
View File

@@ -16,13 +16,11 @@ package com.google.gerrit.server.project;
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.IncludedInResolver;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackend.RefFilterOptions;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.Collection;
@@ -45,12 +43,10 @@ public class Reachable {
private static final Logger log = LoggerFactory.getLogger(Reachable.class);
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
@Inject
Reachable(PermissionBackend permissionBackend, Provider<CurrentUser> user) {
Reachable(PermissionBackend permissionBackend) {
this.permissionBackend = permissionBackend;
this.user = user;
}
/** @return true if a commit is reachable from a given set of refs. */
@@ -60,7 +56,7 @@ public class Reachable {
// TODO(hiesel) Convert interface to Project.NameKey
Map<String, Ref> filtered =
permissionBackend
.user(user)
.currentUser()
.project(state.getNameKey())
.filter(refs, repo, RefFilterOptions.builder().setFilterTagsSeparately(true).build());
return IncludedInResolver.includedInAny(repo, rw, commit, filtered.values());

11
java/com/google/gerrit/server/project/SuggestParentCandidates.java
View File

@@ -17,13 +17,11 @@ package com.google.gerrit.server.project;
import static java.util.stream.Collectors.toList;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.HashSet;
import java.util.List;
@@ -33,24 +31,19 @@ import java.util.Set;
public class SuggestParentCandidates {
private final ProjectCache projectCache;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final AllProjectsName allProjects;
@Inject
SuggestParentCandidates(
ProjectCache projectCache,
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
AllProjectsName allProjects) {
ProjectCache projectCache, PermissionBackend permissionBackend, AllProjectsName allProjects) {
this.projectCache = projectCache;
this.permissionBackend = permissionBackend;
this.user = user;
this.allProjects = allProjects;
}
public List<Project.NameKey> getNameKeys() throws PermissionBackendException {
return permissionBackend
.user(user)
.currentUser()
.filter(ProjectPermission.ACCESS, parents())
.stream()
.sorted()

2
java/com/google/gerrit/server/restapi/account/AddSshKey.java
View File

@@ -75,7 +75,7 @@ public class AddSshKey implements RestModifyView<AccountResource, SshKeyInput> {
throws AuthException, BadRequestException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
return apply(rsrc.getUser(), input);
}

2
java/com/google/gerrit/server/restapi/account/Capabilities.java
View File

@@ -62,7 +62,7 @@ class Capabilities implements ChildCollection<AccountResource, AccountResource.C
throws ResourceNotFoundException, AuthException, PermissionBackendException {
IdentifiedUser target = parent.getUser();
if (self.get() != target) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
GlobalOrPluginPermission perm = parse(id);

2
java/com/google/gerrit/server/restapi/account/CreateEmail.java
View File

@@ -98,7 +98,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
}
if (self.get() != rsrc.getUser() || input.noConfirmation) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
if (!realm.allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL)) {

2
java/com/google/gerrit/server/restapi/account/DeleteEmail.java
View File

@@ -72,7 +72,7 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), rsrc.getEmail());
}

2
java/com/google/gerrit/server/restapi/account/DeleteExternalIds.java
View File

@@ -68,7 +68,7 @@ public class DeleteExternalIds implements RestModifyView<AccountResource, List<S
throws RestApiException, IOException, OrmException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != resource.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
}
if (extIds == null || extIds.size() == 0) {

2
java/com/google/gerrit/server/restapi/account/DeleteSshKey.java
View File

@@ -58,7 +58,7 @@ public class DeleteSshKey implements RestModifyView<AccountResource.SshKey, Inpu
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
authorizedKeys.deleteKey(rsrc.getUser().getAccountId(), rsrc.getSshKey().getKey().get());

2
java/com/google/gerrit/server/restapi/account/DeleteWatchedProjects.java
View File

@@ -62,7 +62,7 @@ public class DeleteWatchedProjects
throws AuthException, UnprocessableEntityException, OrmException, IOException,
ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
if (input == null) {
return Response.none();

2
java/com/google/gerrit/server/restapi/account/EmailsCollection.java
View File

@@ -65,7 +65,7 @@ public class EmailsCollection
public AccountResource.Email parse(AccountResource rsrc, IdString id)
throws ResourceNotFoundException, PermissionBackendException, AuthException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
if ("preferred".equals(id.get())) {

2
java/com/google/gerrit/server/restapi/account/GetCapabilities.java
View File

@@ -76,7 +76,7 @@ class GetCapabilities implements RestReadView<AccountResource> {
@Override
public Object apply(AccountResource rsrc) throws AuthException, PermissionBackendException {
PermissionBackend.WithUser perm = permissionBackend.user(self);
PermissionBackend.WithUser perm = permissionBackend.currentUser();
if (self.get() != rsrc.getUser()) {
perm.check(GlobalPermission.ADMINISTRATE_SERVER);
perm = permissionBackend.user(rsrc.getUser());

2
java/com/google/gerrit/server/restapi/account/GetDiffPreferences.java
View File

@@ -51,7 +51,7 @@ public class GetDiffPreferences implements RestReadView<AccountResource> {
public DiffPreferencesInfo apply(AccountResource rsrc)
throws RestApiException, ConfigInvalidException, IOException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
Account.Id id = rsrc.getUser().getAccountId();

2
java/com/google/gerrit/server/restapi/account/GetEditPreferences.java
View File

@@ -51,7 +51,7 @@ public class GetEditPreferences implements RestReadView<AccountResource> {
public EditPreferencesInfo apply(AccountResource rsrc)
throws RestApiException, IOException, ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
Account.Id id = rsrc.getUser().getAccountId();

2
java/com/google/gerrit/server/restapi/account/GetEmails.java
View File

@@ -45,7 +45,7 @@ public class GetEmails implements RestReadView<AccountResource> {
public List<EmailInfo> apply(AccountResource rsrc)
throws AuthException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
List<EmailInfo> emails = new ArrayList<>();

2
java/com/google/gerrit/server/restapi/account/GetExternalIds.java
View File

@@ -62,7 +62,7 @@ public class GetExternalIds implements RestReadView<AccountResource> {
public List<AccountExternalIdInfo> apply(AccountResource resource)
throws RestApiException, IOException, OrmException, PermissionBackendException {
if (self.get() != resource.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
}
Collection<ExternalId> ids = externalIds.byAccount(resource.getUser().getAccountId());

2
java/com/google/gerrit/server/restapi/account/GetPreferences.java
View File

@@ -49,7 +49,7 @@ public class GetPreferences implements RestReadView<AccountResource> {
public GeneralPreferencesInfo apply(AccountResource rsrc)
throws RestApiException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
Account.Id id = rsrc.getUser().getAccountId();

2
java/com/google/gerrit/server/restapi/account/GetSshKeys.java
View File

@@ -58,7 +58,7 @@ public class GetSshKeys implements RestReadView<AccountResource> {
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser());
}

2
java/com/google/gerrit/server/restapi/account/GetWatchedProjects.java
View File

@@ -62,7 +62,7 @@ public class GetWatchedProjects implements RestReadView<AccountResource> {
throws OrmException, AuthException, IOException, ConfigInvalidException,
PermissionBackendException, ResourceNotFoundException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
Account.Id accountId = rsrc.getUser().getAccountId();

2
java/com/google/gerrit/server/restapi/account/Index.java
View File

@@ -50,7 +50,7 @@ public class Index implements RestModifyView<AccountResource, Input> {
public Response<?> apply(AccountResource rsrc, Input input)
throws IOException, AuthException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
accountIndexer.get().index(rsrc.getUser().getAccountId());

2
java/com/google/gerrit/server/restapi/account/PostWatchedProjects.java
View File

@@ -69,7 +69,7 @@ public class PostWatchedProjects
throws OrmException, RestApiException, IOException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
Map<ProjectWatchKey, Set<NotifyType>> projectWatches = asMap(input);

4
java/com/google/gerrit/server/restapi/account/PutHttpPassword.java
View File

@@ -76,7 +76,7 @@ public class PutHttpPassword implements RestModifyView<AccountResource, HttpPass
throws AuthException, ResourceNotFoundException, ResourceConflictException, OrmException,
IOException, ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
if (input == null) {
@@ -91,7 +91,7 @@ public class PutHttpPassword implements RestModifyView<AccountResource, HttpPass
newPassword = null;
} else {
// Only administrators can explicitly set the password.
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
newPassword = input.httpPassword;
}
return apply(rsrc.getUser(), newPassword);

2
java/com/google/gerrit/server/restapi/account/PutName.java
View File

@@ -63,7 +63,7 @@ public class PutName implements RestModifyView<AccountResource, NameInput> {
throws AuthException, MethodNotAllowedException, ResourceNotFoundException, OrmException,
IOException, PermissionBackendException, ConfigInvalidException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), input);
}

2
java/com/google/gerrit/server/restapi/account/PutPreferred.java
View File

@@ -57,7 +57,7 @@ public class PutPreferred implements RestModifyView<AccountResource.Email, Input
throws AuthException, ResourceNotFoundException, OrmException, IOException,
PermissionBackendException, ConfigInvalidException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), rsrc.getEmail());
}

2
java/com/google/gerrit/server/restapi/account/PutStatus.java
View File

@@ -57,7 +57,7 @@ public class PutStatus implements RestModifyView<AccountResource, StatusInput> {
throws AuthException, ResourceNotFoundException, OrmException, IOException,
PermissionBackendException, ConfigInvalidException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), input);
}

2
java/com/google/gerrit/server/restapi/account/PutUsername.java
View File

@@ -75,7 +75,7 @@ public class PutUsername implements RestModifyView<AccountResource, UsernameInpu
ResourceConflictException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
if (!realm.allowsEdit(AccountFieldName.USER_NAME)) {

4
java/com/google/gerrit/server/restapi/account/QueryAccounts.java
View File

@@ -170,7 +170,7 @@ public class QueryAccounts implements RestReadView<TopLevelResource> {
}
boolean modifyAccountCapabilityChecked = false;
if (options.contains(ListAccountsOption.ALL_EMAILS)) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
modifyAccountCapabilityChecked = true;
fillOptions.add(FillOptions.EMAIL);
fillOptions.add(FillOptions.SECONDARY_EMAILS);
@@ -180,7 +180,7 @@ public class QueryAccounts implements RestReadView<TopLevelResource> {
fillOptions.add(FillOptions.EMAIL);
if (modifyAccountCapabilityChecked
|| permissionBackend.user(self).test(GlobalPermission.MODIFY_ACCOUNT)) {
|| permissionBackend.currentUser().test(GlobalPermission.MODIFY_ACCOUNT)) {
fillOptions.add(FillOptions.SECONDARY_EMAILS);
}
}

2
java/com/google/gerrit/server/restapi/account/SetDiffPreferences.java
View File

@@ -58,7 +58,7 @@ public class SetDiffPreferences implements RestModifyView<AccountResource, DiffP
throws RestApiException, ConfigInvalidException, RepositoryNotFoundException, IOException,
PermissionBackendException, OrmException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
if (input == null) {

2
java/com/google/gerrit/server/restapi/account/SetEditPreferences.java
View File

@@ -59,7 +59,7 @@ public class SetEditPreferences implements RestModifyView<AccountResource, EditP
throws RestApiException, RepositoryNotFoundException, IOException, ConfigInvalidException,
PermissionBackendException, OrmException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
if (input == null) {

2
java/com/google/gerrit/server/restapi/account/SetPreferences.java
View File

@@ -64,7 +64,7 @@ public class SetPreferences implements RestModifyView<AccountResource, GeneralPr
throws RestApiException, IOException, ConfigInvalidException, PermissionBackendException,
OrmException {
if (self.get() != rsrc.getUser()) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
checkDownloadScheme(input.downloadScheme);

2
java/com/google/gerrit/server/restapi/account/SshKeys.java
View File

@@ -68,7 +68,7 @@ public class SshKeys implements ChildCollection<AccountResource, AccountResource
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
try {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
} catch (AuthException e) {
// If lacking MODIFY_ACCOUNT claim the resource does not exist.
throw new ResourceNotFoundException();

2
java/com/google/gerrit/server/restapi/change/ChangesCollection.java
View File

@@ -137,7 +137,7 @@ public class ChangesCollection
private boolean canRead(ChangeNotes notes) throws PermissionBackendException, IOException {
try {
permissionBackend.user(user).change(notes).database(db).check(ChangePermission.READ);
permissionBackend.currentUser().change(notes).database(db).check(ChangePermission.READ);
} catch (AuthException e) {
return false;
}

8
java/com/google/gerrit/server/restapi/change/Check.java
View File

@@ -22,7 +22,6 @@ import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.ChangeJson;
import com.google.gerrit.server.change.ChangeResource;
import com.google.gerrit.server.permissions.GlobalPermission;
@@ -32,7 +31,6 @@ import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.IOException;
import javax.inject.Singleton;
@@ -40,13 +38,11 @@ import javax.inject.Singleton;
public class Check
implements RestReadView<ChangeResource>, RestModifyView<ChangeResource, FixInput> {
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final ChangeJson.Factory jsonFactory;
@Inject
Check(PermissionBackend permissionBackend, Provider<CurrentUser> user, ChangeJson.Factory json) {
Check(PermissionBackend permissionBackend, ChangeJson.Factory json) {
this.permissionBackend = permissionBackend;
this.user = user;
this.jsonFactory = json;
}
@@ -59,7 +55,7 @@ public class Check
public Response<ChangeInfo> apply(ChangeResource rsrc, FixInput input)
throws RestApiException, OrmException, PermissionBackendException, NoSuchProjectException,
IOException {
PermissionBackend.WithUser perm = permissionBackend.user(user);
PermissionBackend.WithUser perm = permissionBackend.currentUser();
if (!rsrc.isUserOwner()) {
try {
perm.project(rsrc.getProject()).check(ProjectPermission.READ_CONFIG);

9
java/com/google/gerrit/server/restapi/change/CherryPick.java
View File

@@ -25,7 +25,6 @@ import com.google.gerrit.extensions.webui.UiAction;
import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.ChangeJson;
import com.google.gerrit.server.change.RevisionResource;
import com.google.gerrit.server.git.IntegrationException;
@@ -44,7 +43,6 @@ import com.google.gerrit.server.update.RetryingRestModifyView;
import com.google.gerrit.server.update.UpdateException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import org.eclipse.jgit.errors.ConfigInvalidException;
@@ -57,7 +55,6 @@ public class CherryPick
implements UiAction<RevisionResource> {
private static final Logger log = LoggerFactory.getLogger(CherryPick.class);
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final CherryPickChange cherryPickChange;
private final ChangeJson.Factory json;
private final ContributorAgreementsChecker contributorAgreements;
@@ -66,7 +63,6 @@ public class CherryPick
@Inject
CherryPick(
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
RetryHelper retryHelper,
CherryPickChange cherryPickChange,
ChangeJson.Factory json,
@@ -74,7 +70,6 @@ public class CherryPick
ProjectCache projectCache) {
super(retryHelper);
this.permissionBackend = permissionBackend;
this.user = user;
this.cherryPickChange = cherryPickChange;
this.json = json;
this.contributorAgreements = contributorAgreements;
@@ -97,7 +92,7 @@ public class CherryPick
contributorAgreements.check(rsrc.getProject(), rsrc.getUser());
permissionBackend
.user(user)
.currentUser()
.project(rsrc.getChange().getProject())
.ref(refName)
.check(RefPermission.CREATE_CHANGE);
@@ -134,7 +129,7 @@ public class CherryPick
and(
rsrc.isCurrent() && projectStatePermitsWrite,
permissionBackend
.user(user)
.currentUser()
.project(rsrc.getProject())
.testCond(ProjectPermission.CREATE_CHANGE)));
}

2
java/com/google/gerrit/server/restapi/change/CherryPickCommit.java
View File

@@ -90,7 +90,7 @@ public class CherryPickCommit
String refName = RefNames.fullName(destination);
contributorAgreements.check(projectName, user.get());
permissionBackend
.user(user)
.currentUser()
.project(projectName)
.ref(refName)
.check(RefPermission.CREATE_CHANGE);

8
java/com/google/gerrit/server/restapi/change/CreateChange.java
View File

@@ -192,7 +192,11 @@ public class CreateChange
Project.NameKey project = rsrc.getNameKey();
String refName = RefNames.fullName(input.branch);
permissionBackend.user(user).project(project).ref(refName).check(RefPermission.CREATE_CHANGE);
permissionBackend
.currentUser()
.project(project)
.ref(refName)
.check(RefPermission.CREATE_CHANGE);
rsrc.getProjectState().checkStatePermitsWrite();
try (Repository git = gitManager.openRepository(project);
@@ -208,7 +212,7 @@ public class CreateChange
}
ChangeNotes change = Iterables.getOnlyElement(notes);
try {
permissionBackend.user(user).change(change).database(db).check(ChangePermission.READ);
permissionBackend.currentUser().change(change).database(db).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException("Read not permitted for " + input.baseChange);
}

2
java/com/google/gerrit/server/restapi/change/CreateMergePatchSet.java
View File

@@ -210,7 +210,7 @@ public class CreateMergePatchSet
}
ChangeNotes change = Iterables.getOnlyElement(notes);
try {
permissionBackend.user(user).change(change).database(db).check(ChangePermission.READ);
permissionBackend.currentUser().change(change).database(db).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException("Read not permitted for " + baseChange);
}

6
java/com/google/gerrit/server/restapi/change/Index.java
View File

@@ -18,7 +18,6 @@ import com.google.gerrit.extensions.common.Input;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.ChangeResource;
import com.google.gerrit.server.index.change.ChangeIndexer;
import com.google.gerrit.server.permissions.GlobalPermission;
@@ -38,7 +37,6 @@ public class Index extends RetryingRestModifyView<ChangeResource, Input, Respons
private final Provider<ReviewDb> db;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final ChangeIndexer indexer;
@Inject
@@ -46,12 +44,10 @@ public class Index extends RetryingRestModifyView<ChangeResource, Input, Respons
Provider<ReviewDb> db,
RetryHelper retryHelper,
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
ChangeIndexer indexer) {
super(retryHelper);
this.db = db;
this.permissionBackend = permissionBackend;
this.user = user;
this.indexer = indexer;
}
@@ -59,7 +55,7 @@ public class Index extends RetryingRestModifyView<ChangeResource, Input, Respons
protected Response<?> applyImpl(
BatchUpdate.Factory updateFactory, ChangeResource rsrc, Input input)
throws IOException, AuthException, OrmException, PermissionBackendException {
permissionBackend.user(user).check(GlobalPermission.MAINTAIN_SERVER);
permissionBackend.currentUser().check(GlobalPermission.MAINTAIN_SERVER);
indexer.index(db.get(), rsrc.getChange());
return Response.none();
}

2
java/com/google/gerrit/server/restapi/change/PostReviewers.java
View File

@@ -360,7 +360,7 @@ public class PostReviewers
ListMultimap<RecipientType, Account.Id> accountsToNotify)
throws PermissionBackendException {
if (!permissionBackend
.user(anonymousProvider)
.user(anonymousProvider.get())
.change(rsrc.getNotes())
.database(dbProvider)
.test(ChangePermission.READ)) {

9
java/com/google/gerrit/server/restapi/change/RelatedChangesSorter.java
View File

@@ -29,7 +29,6 @@ import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.permissions.ChangePermission;
import com.google.gerrit.server.permissions.PermissionBackend;
@@ -64,20 +63,17 @@ class RelatedChangesSorter {
private final PermissionBackend permissionBackend;
private final Provider<ReviewDb> dbProvider;
private final ProjectCache projectCache;
private final Provider<CurrentUser> currentUserProvider;
@Inject
RelatedChangesSorter(
GitRepositoryManager repoManager,
PermissionBackend permissionBackend,
Provider<ReviewDb> dbProvider,
ProjectCache projectCache,
Provider<CurrentUser> currentUserProvider) {
ProjectCache projectCache) {
this.repoManager = repoManager;
this.permissionBackend = permissionBackend;
this.dbProvider = dbProvider;
this.projectCache = projectCache;
this.currentUserProvider = currentUserProvider;
}
public List<PatchSetData> sort(List<ChangeData> in, PatchSet startPs)
@@ -239,8 +235,7 @@ class RelatedChangesSorter {
}
private boolean isVisible(PatchSetData psd) throws PermissionBackendException, IOException {
PermissionBackend.WithUser perm =
permissionBackend.user(currentUserProvider).database(dbProvider);
PermissionBackend.WithUser perm = permissionBackend.currentUser().database(dbProvider);
try {
perm.change(psd.data()).check(ChangePermission.READ);
} catch (AuthException e) {

2
java/com/google/gerrit/server/restapi/change/ReviewersUtil.java
View File

@@ -286,7 +286,7 @@ public class ReviewersUtil {
private List<SuggestedReviewerInfo> loadAccounts(List<Account.Id> accountIds)
throws OrmException, PermissionBackendException {
Set<FillOptions> fillOptions =
permissionBackend.user(self).test(GlobalPermission.MODIFY_ACCOUNT)
permissionBackend.currentUser().test(GlobalPermission.MODIFY_ACCOUNT)
? EnumSet.of(FillOptions.SECONDARY_EMAILS)
: EnumSet.noneOf(FillOptions.class);
fillOptions.addAll(AccountLoader.DETAILED_OPTIONS);

2
java/com/google/gerrit/server/restapi/change/SetReadyForReview.java
View File

@@ -67,7 +67,7 @@ public class SetReadyForReview extends RetryingRestModifyView<ChangeResource, In
throws RestApiException, UpdateException, PermissionBackendException {
Change change = rsrc.getChange();
if (!rsrc.isUserOwner()
&& !permissionBackend.user(self).test(GlobalPermission.ADMINISTRATE_SERVER)) {
&& !permissionBackend.currentUser().test(GlobalPermission.ADMINISTRATE_SERVER)) {
throw new AuthException("not allowed to set ready for review");
}

6
java/com/google/gerrit/server/restapi/change/SetWorkInProgress.java
View File

@@ -24,7 +24,6 @@ import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.Change.Status;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.ChangeUtil;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.ChangeResource;
import com.google.gerrit.server.change.WorkInProgressOp;
import com.google.gerrit.server.change.WorkInProgressOp.Input;
@@ -44,7 +43,6 @@ public class SetWorkInProgress extends RetryingRestModifyView<ChangeResource, In
implements UiAction<ChangeResource> {
private final WorkInProgressOp.Factory opFactory;
private final Provider<ReviewDb> db;
private final Provider<CurrentUser> self;
private final PermissionBackend permissionBackend;
@Inject
@@ -52,12 +50,10 @@ public class SetWorkInProgress extends RetryingRestModifyView<ChangeResource, In
WorkInProgressOp.Factory opFactory,
RetryHelper retryHelper,
Provider<ReviewDb> db,
Provider<CurrentUser> self,
PermissionBackend permissionBackend) {
super(retryHelper);
this.opFactory = opFactory;
this.db = db;
this.self = self;
this.permissionBackend = permissionBackend;
}
@@ -68,7 +64,7 @@ public class SetWorkInProgress extends RetryingRestModifyView<ChangeResource, In
Change change = rsrc.getChange();
if (!rsrc.isUserOwner()
&& !permissionBackend.user(self).test(GlobalPermission.ADMINISTRATE_SERVER)) {
&& !permissionBackend.currentUser().test(GlobalPermission.ADMINISTRATE_SERVER)) {
throw new AuthException("not allowed to set work in progress");
}

2
java/com/google/gerrit/server/restapi/change/SuggestChangeReviewers.java
View File

@@ -88,7 +88,7 @@ public class SuggestChangeReviewers extends SuggestReviewers
private VisibilityControl getVisibility(ChangeResource rsrc) {
// Use the destination reference, not the change, as private changes deny anyone who is not
// already a reviewer.
PermissionBackend.ForRef perm = permissionBackend.user(self).ref(rsrc.getChange().getDest());
PermissionBackend.ForRef perm = permissionBackend.currentUser().ref(rsrc.getChange().getDest());
return new VisibilityControl() {
@Override
public boolean isVisibleTo(Account.Id account) throws OrmException {

6
java/com/google/gerrit/server/restapi/config/CachesCollection.java
View File

@@ -27,7 +27,6 @@ import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.CacheResource;
import com.google.gerrit.server.config.ConfigResource;
import com.google.gerrit.server.permissions.GlobalPermission;
@@ -45,7 +44,6 @@ public class CachesCollection
private final DynamicMap<RestView<CacheResource>> views;
private final Provider<ListCaches> list;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> self;
private final DynamicMap<Cache<?, ?>> cacheMap;
private final PostCaches postCaches;
@@ -54,13 +52,11 @@ public class CachesCollection
DynamicMap<RestView<CacheResource>> views,
Provider<ListCaches> list,
PermissionBackend permissionBackend,
Provider<CurrentUser> self,
DynamicMap<Cache<?, ?>> cacheMap,
PostCaches postCaches) {
this.views = views;
this.list = list;
this.permissionBackend = permissionBackend;
this.self = self;
this.cacheMap = cacheMap;
this.postCaches = postCaches;
}
@@ -73,7 +69,7 @@ public class CachesCollection
@Override
public CacheResource parse(ConfigResource parent, IdString id)
throws AuthException, ResourceNotFoundException, PermissionBackendException {
permissionBackend.user(self).check(GlobalPermission.VIEW_CACHES);
permissionBackend.currentUser().check(GlobalPermission.VIEW_CACHES);
String cacheName = id.get();
String pluginName = "gerrit";

7
java/com/google/gerrit/server/restapi/config/CheckConsistency.java
View File

@@ -22,7 +22,6 @@ import com.google.gerrit.extensions.api.config.ConsistencyCheckInput;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.account.AccountsConsistencyChecker;
import com.google.gerrit.server.account.externalids.ExternalIdsConsistencyChecker;
import com.google.gerrit.server.config.ConfigResource;
@@ -32,7 +31,6 @@ import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import org.eclipse.jgit.errors.ConfigInvalidException;
@@ -40,7 +38,6 @@ import org.eclipse.jgit.errors.ConfigInvalidException;
@Singleton
public class CheckConsistency implements RestModifyView<ConfigResource, ConsistencyCheckInput> {
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final AccountsConsistencyChecker accountsConsistencyChecker;
private final ExternalIdsConsistencyChecker externalIdsConsistencyChecker;
private final GroupsConsistencyChecker groupsConsistencyChecker;
@@ -48,12 +45,10 @@ public class CheckConsistency implements RestModifyView<ConfigResource, Consiste
@Inject
CheckConsistency(
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
AccountsConsistencyChecker accountsConsistencyChecker,
ExternalIdsConsistencyChecker externalIdsConsistencyChecker,
GroupsConsistencyChecker groupsChecker) {
this.permissionBackend = permissionBackend;
this.user = user;
this.accountsConsistencyChecker = accountsConsistencyChecker;
this.externalIdsConsistencyChecker = externalIdsConsistencyChecker;
this.groupsConsistencyChecker = groupsChecker;
@@ -63,7 +58,7 @@ public class CheckConsistency implements RestModifyView<ConfigResource, Consiste
public ConsistencyCheckInfo apply(ConfigResource resource, ConsistencyCheckInput input)
throws RestApiException, IOException, OrmException, PermissionBackendException,
ConfigInvalidException {
permissionBackend.user(user).check(GlobalPermission.ACCESS_DATABASE);
permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
if (input == null
|| (input.checkAccounts == null

8
java/com/google/gerrit/server/restapi/config/FlushCache.java
View File

@@ -22,13 +22,11 @@ import com.google.gerrit.extensions.common.Input;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.CacheResource;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
@RequiresAnyCapability({FLUSH_CACHES, MAINTAIN_SERVER})
@@ -38,19 +36,17 @@ public class FlushCache implements RestModifyView<CacheResource, Input> {
public static final String WEB_SESSIONS = "web_sessions";
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> self;
@Inject
public FlushCache(PermissionBackend permissionBackend, Provider<CurrentUser> self) {
public FlushCache(PermissionBackend permissionBackend) {
this.permissionBackend = permissionBackend;
this.self = self;
}
@Override
public Response<String> apply(CacheResource rsrc, Input input)
throws AuthException, PermissionBackendException {
if (WEB_SESSIONS.equals(rsrc.getName())) {
permissionBackend.user(self).check(GlobalPermission.MAINTAIN_SERVER);
permissionBackend.currentUser().check(GlobalPermission.MAINTAIN_SERVER);
}
rsrc.getCache().invalidateAll();

6
java/com/google/gerrit/server/restapi/project/BranchesCollection.java
View File

@@ -24,7 +24,6 @@ import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
@@ -45,7 +44,6 @@ public class BranchesCollection
private final DynamicMap<RestView<BranchResource>> views;
private final Provider<ListBranches> list;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final GitRepositoryManager repoManager;
private final CreateBranch.Factory createBranchFactory;
@@ -54,13 +52,11 @@ public class BranchesCollection
DynamicMap<RestView<BranchResource>> views,
Provider<ListBranches> list,
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
GitRepositoryManager repoManager,
CreateBranch.Factory createBranchFactory) {
this.views = views;
this.list = list;
this.permissionBackend = permissionBackend;
this.user = user;
this.repoManager = repoManager;
this.createBranchFactory = createBranchFactory;
}
@@ -86,7 +82,7 @@ public class BranchesCollection
// rights on the symbolic reference itself. This check prevents seeing a hidden
// branch simply because the symbolic reference name was visible.
permissionBackend
.user(user)
.currentUser()
.project(project)
.ref(ref.isSymbolic() ? ref.getTarget().getName() : ref.getName())
.check(RefPermission.READ);

2
java/com/google/gerrit/server/restapi/project/CreateBranch.java
View File

@@ -179,7 +179,7 @@ public class CreateBranch implements RestModifyView<ProjectResource, BranchInput
info.ref = ref;
info.revision = revid.getName();
info.canDelete =
permissionBackend.user(identifiedUser).ref(name).testOrFalse(RefPermission.DELETE)
permissionBackend.currentUser().ref(name).testOrFalse(RefPermission.DELETE)
&& rsrc.getProjectState().statePermitsWrite()
? true
: null;

14
java/com/google/gerrit/server/restapi/project/CreateTag.java
View File

@@ -26,7 +26,6 @@ import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.WebLinks;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
@@ -39,7 +38,6 @@ import com.google.gerrit.server.project.ProjectResource;
import com.google.gerrit.server.project.RefUtil;
import com.google.gerrit.server.project.RefUtil.InvalidRevisionException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.assistedinject.Assisted;
import java.io.IOException;
import java.util.TimeZone;
@@ -63,7 +61,6 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
}
private final PermissionBackend permissionBackend;
private final Provider<IdentifiedUser> identifiedUser;
private final GitRepositoryManager repoManager;
private final TagCache tagCache;
private final GitReferenceUpdated referenceUpdated;
@@ -73,14 +70,12 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
@Inject
CreateTag(
PermissionBackend permissionBackend,
Provider<IdentifiedUser> identifiedUser,
GitRepositoryManager repoManager,
TagCache tagCache,
GitReferenceUpdated referenceUpdated,
WebLinks webLinks,
@Assisted String ref) {
this.permissionBackend = permissionBackend;
this.identifiedUser = identifiedUser;
this.repoManager = repoManager;
this.tagCache = tagCache;
this.referenceUpdated = referenceUpdated;
@@ -103,7 +98,7 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
ref = RefUtil.normalizeTagRef(ref);
PermissionBackend.ForRef perm =
permissionBackend.user(identifiedUser).project(resource.getNameKey()).ref(ref);
permissionBackend.currentUser().project(resource.getNameKey()).ref(ref);
try (Repository repo = repoManager.openRepository(resource.getNameKey())) {
ObjectId revid = RefUtil.parseBaseRevision(repo, resource.getNameKey(), input.revision);
@@ -134,7 +129,10 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
if (isAnnotated) {
tag.setMessage(input.message)
.setTagger(
identifiedUser.get().newCommitterIdent(TimeUtil.nowTs(), TimeZone.getDefault()));
resource
.getUser()
.asIdentifiedUser()
.newCommitterIdent(TimeUtil.nowTs(), TimeZone.getDefault()));
}
Ref result = tag.call();
@@ -145,7 +143,7 @@ public class CreateTag implements RestModifyView<ProjectResource, TagInput> {
ref,
ObjectId.zeroId(),
result.getObjectId(),
identifiedUser.get().state());
resource.getUser().asIdentifiedUser().state());
try (RevWalk w = new RevWalk(repo)) {
return ListTags.createTagInfo(perm, result, w, resource.getProjectState(), links);
}

6
java/com/google/gerrit/server/restapi/project/DeleteBranch.java
View File

@@ -21,7 +21,6 @@ import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.RefPermission;
@@ -38,25 +37,22 @@ public class DeleteBranch implements RestModifyView<BranchResource, Input> {
private final Provider<InternalChangeQuery> queryProvider;
private final DeleteRef.Factory deleteRefFactory;
private final Provider<CurrentUser> user;
private final PermissionBackend permissionBackend;
@Inject
DeleteBranch(
Provider<InternalChangeQuery> queryProvider,
DeleteRef.Factory deleteRefFactory,
Provider<CurrentUser> user,
PermissionBackend permissionBackend) {
this.queryProvider = queryProvider;
this.deleteRefFactory = deleteRefFactory;
this.user = user;
this.permissionBackend = permissionBackend;
}
@Override
public Response<?> apply(BranchResource rsrc, Input input)
throws RestApiException, OrmException, IOException, PermissionBackendException {
permissionBackend.user(user).ref(rsrc.getBranchKey()).check(RefPermission.DELETE);
permissionBackend.currentUser().ref(rsrc.getBranchKey()).check(RefPermission.DELETE);
rsrc.getProjectState().checkStatePermitsWrite();
if (!queryProvider.get().setLimit(1).byBranchOpen(rsrc.getBranchKey()).isEmpty()) {

2
java/com/google/gerrit/server/restapi/project/DeleteRef.java
View File

@@ -222,7 +222,7 @@ public class DeleteRef {
try {
permissionBackend
.user(identifiedUser)
.currentUser()
.project(project.getNameKey())
.ref(refName)
.check(RefPermission.DELETE);

11
java/com/google/gerrit/server/restapi/project/DeleteTag.java
View File

@@ -18,7 +18,6 @@ import com.google.gerrit.extensions.common.Input;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.RefPermission;
@@ -26,7 +25,6 @@ import com.google.gerrit.server.project.RefUtil;
import com.google.gerrit.server.project.TagResource;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
@@ -34,16 +32,11 @@ import java.io.IOException;
public class DeleteTag implements RestModifyView<TagResource, Input> {
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final DeleteRef.Factory deleteRefFactory;
@Inject
DeleteTag(
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
DeleteRef.Factory deleteRefFactory) {
DeleteTag(PermissionBackend permissionBackend, DeleteRef.Factory deleteRefFactory) {
this.permissionBackend = permissionBackend;
this.user = user;
this.deleteRefFactory = deleteRefFactory;
}
@@ -52,7 +45,7 @@ public class DeleteTag implements RestModifyView<TagResource, Input> {
throws OrmException, RestApiException, IOException, PermissionBackendException {
String tag = RefUtil.normalizeTagRef(resource.getTagInfo().ref);
permissionBackend
.user(user)
.currentUser()
.project(resource.getNameKey())
.ref(tag)
.check(RefPermission.DELETE);

10
java/com/google/gerrit/server/restapi/project/GetAccess.java
View File

@@ -137,7 +137,7 @@ public class GetAccess implements RestReadView<ProjectResource> {
Project.NameKey projectName = rsrc.getNameKey();
ProjectAccessInfo info = new ProjectAccessInfo();
ProjectState projectState = projectCache.checkedGet(projectName);
PermissionBackend.ForProject perm = permissionBackend.user(user).project(projectName);
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(projectName);
ProjectConfig config;
try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
@@ -160,12 +160,12 @@ public class GetAccess implements RestReadView<ProjectResource> {
config.commit(md);
projectCache.evict(config.getProject());
projectState = projectCache.checkedGet(projectName);
perm = permissionBackend.user(user).project(projectName);
perm = permissionBackend.currentUser().project(projectName);
} else if (config.getRevision() != null
&& !config.getRevision().equals(projectState.getConfig().getRevision())) {
projectCache.evict(config.getProject());
projectState = projectCache.checkedGet(projectName);
perm = permissionBackend.user(user).project(projectName);
perm = permissionBackend.currentUser().project(projectName);
}
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(e.getMessage());
@@ -239,7 +239,7 @@ public class GetAccess implements RestReadView<ProjectResource> {
}
if (info.ownerOf.isEmpty()
&& permissionBackend.user(user).test(GlobalPermission.ADMINISTRATE_SERVER)) {
&& permissionBackend.currentUser().test(GlobalPermission.ADMINISTRATE_SERVER)) {
// Special case: If the section list is empty, this project has no current
// access control information. Fall back to site administrators.
info.ownerOf.add(AccessSection.ALL);
@@ -255,7 +255,7 @@ public class GetAccess implements RestReadView<ProjectResource> {
}
if (projectName.equals(allProjectsName)
&& permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER)) {
&& permissionBackend.currentUser().testOrFalse(ADMINISTRATE_SERVER)) {
info.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
}

6
java/com/google/gerrit/server/restapi/project/ListBranches.java
View File

@@ -40,7 +40,6 @@ import com.google.gerrit.server.project.ProjectResource;
import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.project.RefFilter;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
@@ -58,7 +57,6 @@ import org.kohsuke.args4j.Option;
public class ListBranches implements RestReadView<ProjectResource> {
private final GitRepositoryManager repoManager;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final DynamicMap<RestView<BranchResource>> branchViews;
private final UiActions uiActions;
private final WebLinks webLinks;
@@ -112,13 +110,11 @@ public class ListBranches implements RestReadView<ProjectResource> {
public ListBranches(
GitRepositoryManager repoManager,
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
DynamicMap<RestView<BranchResource>> branchViews,
UiActions uiActions,
WebLinks webLinks) {
this.repoManager = repoManager;
this.permissionBackend = permissionBackend;
this.user = user;
this.branchViews = branchViews;
this.uiActions = uiActions;
this.webLinks = webLinks;
@@ -183,7 +179,7 @@ public class ListBranches implements RestReadView<ProjectResource> {
}
}
PermissionBackend.ForProject perm = permissionBackend.user(user).project(rsrc.getNameKey());
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(rsrc.getNameKey());
List<BranchInfo> branches = new ArrayList<>(refs.size());
for (Ref ref : refs) {
if (ref.isSymbolic()) {

7
java/com/google/gerrit/server/restapi/project/ListChildProjects.java
View File

@@ -20,7 +20,6 @@ import com.google.gerrit.extensions.common.ProjectInfo;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
@@ -31,7 +30,6 @@ import com.google.gerrit.server.project.ProjectJson;
import com.google.gerrit.server.project.ProjectResource;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -44,7 +42,6 @@ public class ListChildProjects implements RestReadView<ProjectResource> {
private final ProjectCache projectCache;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final AllProjectsName allProjects;
private final ProjectJson json;
private final ChildProjects childProjects;
@@ -53,13 +50,11 @@ public class ListChildProjects implements RestReadView<ProjectResource> {
ListChildProjects(
ProjectCache projectCache,
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
AllProjectsName allProjectsName,
ProjectJson json,
ChildProjects childProjects) {
this.projectCache = projectCache;
this.permissionBackend = permissionBackend;
this.user = user;
this.allProjects = allProjectsName;
this.json = json;
this.childProjects = childProjects;
@@ -90,7 +85,7 @@ public class ListChildProjects implements RestReadView<ProjectResource> {
}
}
return permissionBackend
.user(user)
.currentUser()
.filter(ProjectPermission.ACCESS, children.keySet())
.stream()
.sorted()

13
java/com/google/gerrit/server/restapi/project/ListDashboards.java
View File

@@ -20,7 +20,6 @@ import com.google.gerrit.extensions.api.projects.DashboardInfo;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
@@ -29,7 +28,6 @@ import com.google.gerrit.server.permissions.RefPermission;
import com.google.gerrit.server.project.ProjectResource;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
@@ -53,19 +51,14 @@ public class ListDashboards implements RestReadView<ProjectResource> {
private final GitRepositoryManager gitManager;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
@Option(name = "--inherited", usage = "include inherited dashboards")
private boolean inherited;
@Inject
ListDashboards(
GitRepositoryManager gitManager,
PermissionBackend permissionBackend,
Provider<CurrentUser> user) {
ListDashboards(GitRepositoryManager gitManager, PermissionBackend permissionBackend) {
this.gitManager = gitManager;
this.permissionBackend = permissionBackend;
this.user = user;
}
@Override
@@ -98,13 +91,13 @@ public class ListDashboards implements RestReadView<ProjectResource> {
tree.put(ps.getNameKey(), ps);
}
tree.keySet()
.retainAll(permissionBackend.user(user).filter(ProjectPermission.ACCESS, tree.keySet()));
.retainAll(permissionBackend.currentUser().filter(ProjectPermission.ACCESS, tree.keySet()));
return tree.values();
}
private List<DashboardInfo> scan(ProjectState state, String project, boolean setDefault)
throws ResourceNotFoundException, IOException, PermissionBackendException {
PermissionBackend.ForProject perm = permissionBackend.user(user).project(state.getNameKey());
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(state.getNameKey());
try (Repository git = gitManager.openRepository(state.getNameKey());
RevWalk rw = new RevWalk(git)) {
List<DashboardInfo> all = new ArrayList<>();

14
java/com/google/gerrit/server/restapi/project/ListTags.java
View File

@@ -24,7 +24,6 @@ import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CommonConverters;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.WebLinks;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.permissions.PermissionBackend;
@@ -35,7 +34,6 @@ import com.google.gerrit.server.project.ProjectResource;
import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.project.RefFilter;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.IOException;
import java.sql.Timestamp;
import java.util.ArrayList;
@@ -58,7 +56,6 @@ import org.kohsuke.args4j.Option;
public class ListTags implements RestReadView<ProjectResource> {
private final GitRepositoryManager repoManager;
private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> user;
private final WebLinks links;
@Option(
@@ -108,13 +105,9 @@ public class ListTags implements RestReadView<ProjectResource> {
@Inject
public ListTags(
GitRepositoryManager repoManager,
PermissionBackend permissionBackend,
Provider<CurrentUser> user,
WebLinks webLinks) {
GitRepositoryManager repoManager, PermissionBackend permissionBackend, WebLinks webLinks) {
this.repoManager = repoManager;
this.permissionBackend = permissionBackend;
this.user = user;
this.links = webLinks;
}
@@ -133,7 +126,8 @@ public class ListTags implements RestReadView<ProjectResource> {
List<TagInfo> tags = new ArrayList<>();
PermissionBackend.ForProject perm = permissionBackend.user(user).project(resource.getNameKey());
PermissionBackend.ForProject perm =
permissionBackend.currentUser().project(resource.getNameKey());
try (Repository repo = getRepository(resource.getNameKey());
RevWalk rw = new RevWalk(repo)) {
Map<String, Ref> all =
@@ -236,7 +230,7 @@ public class ListTags implements RestReadView<ProjectResource> {
Project.NameKey project, Repository repo, Map<String, Ref> tags)
throws PermissionBackendException {
return permissionBackend
.user(user)
.currentUser()
.project(project)
.filter(
tags,

4
java/com/google/gerrit/server/restapi/project/ProjectsCollection.java
View File

@@ -151,7 +151,7 @@ public class ProjectsCollection
if (checkAccess) {
try {
permissionBackend.user(user).project(nameKey).check(ProjectPermission.ACCESS);
permissionBackend.currentUser().project(nameKey).check(ProjectPermission.ACCESS);
} catch (AuthException e) {
return null; // Pretend like not found on access denied.
}
@@ -161,7 +161,7 @@ public class ProjectsCollection
// ACTIVE). Individual views should still check for checkStatePermitsRead() and this should
// just serve as a safety net in case the individual check is forgotten.
try {
permissionBackend.user(user).project(nameKey).check(ProjectPermission.WRITE_CONFIG);
permissionBackend.currentUser().project(nameKey).check(ProjectPermission.WRITE_CONFIG);
} catch (AuthException e) {
state.checkStatePermitsRead();
}

5
java/com/google/gerrit/server/restapi/project/PutConfig.java
View File

@@ -111,7 +111,10 @@ public class PutConfig implements RestModifyView<ProjectResource, ConfigInput> {
@Override
public ConfigInfo apply(ProjectResource rsrc, ConfigInput input)
throws RestApiException, PermissionBackendException {
permissionBackend.user(user).project(rsrc.getNameKey()).check(ProjectPermission.WRITE_CONFIG);
permissionBackend
.currentUser()
.project(rsrc.getNameKey())
.check(ProjectPermission.WRITE_CONFIG);
return apply(rsrc.getProjectState(), input);
}

4
java/com/google/gerrit/server/restapi/project/SetAccess.java
View File

@@ -97,12 +97,12 @@ public class SetAccess implements RestModifyView<ProjectResource, ProjectAccessI
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
if (isGlobalCapabilities) {
if (!checkedAdmin) {
permissionBackend.user(identifiedUser).check(GlobalPermission.ADMINISTRATE_SERVER);
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
checkedAdmin = true;
}
} else {
permissionBackend
.user(identifiedUser)
.currentUser()
.project(rsrc.getNameKey())
.ref(section.getName())
.check(RefPermission.WRITE_CONFIG);

2
plugins/replication

Submodule plugins/replication updated: d8f5bcec21...9a24a2368a