Merge branch 'stable-2.14' into stable-2.15
* stable-2.14: Fix more comparisons of current user Fix permissions checks on Gerrit API on current user GroupCacheImpl: Fix log message when UUID is not found Change-Id: Ida3dd1bd5fc2da5001059a0d5d8b36c83861f00a
This commit is contained in:
commit
62bd285eb0
@ -208,7 +208,7 @@ public class GpgKeys implements ChildCollection<AccountResource, GpgKey> {
|
||||
if (!BouncyCastleUtil.havePGP()) {
|
||||
throw new ResourceNotFoundException("GPG not enabled");
|
||||
}
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
throw new ResourceNotFoundException();
|
||||
}
|
||||
}
|
||||
|
@ -146,4 +146,17 @@ public abstract class CurrentUser {
|
||||
public ExternalId.Key getLastLoginExternalIdKey() {
|
||||
return get(lastLoginExternalIdPropertyKey);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the current user has the same account id of another.
|
||||
*
|
||||
* <p>Provide a generic interface for allowing subclasses to define whether two accounts represent
|
||||
* the same account id.
|
||||
*
|
||||
* @param other user to compare
|
||||
* @return true if the two users have the same account id
|
||||
*/
|
||||
public boolean hasSameAccountId(CurrentUser other) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -489,6 +489,11 @@ public class IdentifiedUser extends CurrentUser {
|
||||
realUser);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasSameAccountId(CurrentUser other) {
|
||||
return getAccountId().get() == other.getAccountId().get();
|
||||
}
|
||||
|
||||
private String guessHost() {
|
||||
String host = null;
|
||||
SocketAddress remotePeer = null;
|
||||
|
@ -76,7 +76,7 @@ public class AddSshKey implements RestModifyView<AccountResource, Input> {
|
||||
public Response<SshKeyInfo> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, BadRequestException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
return apply(rsrc.getUser(), input);
|
||||
|
@ -60,7 +60,7 @@ class Capabilities implements ChildCollection<AccountResource, AccountResource.C
|
||||
public Capability parse(AccountResource parent, IdString id)
|
||||
throws ResourceNotFoundException, AuthException, PermissionBackendException {
|
||||
IdentifiedUser target = parent.getUser();
|
||||
if (self.get() != target) {
|
||||
if (!self.get().hasSameAccountId(target)) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
|
@ -92,7 +92,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
input = new EmailInput();
|
||||
}
|
||||
|
||||
if (self.get() != rsrc.getUser() || input.noConfirmation) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser()) || input.noConfirmation) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
|
@ -46,7 +46,7 @@ public class DeleteActive implements RestModifyView<AccountResource, Input> {
|
||||
@Override
|
||||
public Response<?> apply(AccountResource rsrc, Input input)
|
||||
throws RestApiException, OrmException, IOException, ConfigInvalidException {
|
||||
if (self.get() == rsrc.getUser()) {
|
||||
if (self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
throw new ResourceConflictException("cannot deactivate own account");
|
||||
}
|
||||
return setInactiveFlag.deactivate(rsrc.getUser().getAccountId());
|
||||
|
@ -68,7 +68,7 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
|
||||
throws AuthException, ResourceNotFoundException, ResourceConflictException,
|
||||
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), rsrc.getEmail());
|
||||
|
@ -63,7 +63,7 @@ public class DeleteExternalIds implements RestModifyView<AccountResource, List<S
|
||||
public Response<?> apply(AccountResource resource, List<String> extIds)
|
||||
throws RestApiException, IOException, OrmException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != resource.getUser()) {
|
||||
if (!self.get().hasSameAccountId(resource.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
|
||||
}
|
||||
|
||||
|
@ -56,7 +56,7 @@ public class DeleteSshKey implements RestModifyView<AccountResource.SshKey, Inpu
|
||||
public Response<?> apply(AccountResource.SshKey rsrc, Input input)
|
||||
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
|
@ -61,7 +61,7 @@ public class DeleteWatchedProjects
|
||||
public Response<?> apply(AccountResource rsrc, List<ProjectWatchInfo> input)
|
||||
throws AuthException, UnprocessableEntityException, OrmException, IOException,
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
if (input == null) {
|
||||
|
@ -63,7 +63,7 @@ public class EmailsCollection
|
||||
@Override
|
||||
public AccountResource.Email parse(AccountResource rsrc, IdString id)
|
||||
throws ResourceNotFoundException, PermissionBackendException, AuthException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
|
@ -73,11 +73,11 @@ class GetCapabilities implements RestReadView<AccountResource> {
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object apply(AccountResource rsrc) throws AuthException, PermissionBackendException {
|
||||
public Object apply(AccountResource resource) throws AuthException, PermissionBackendException {
|
||||
PermissionBackend.WithUser perm = permissionBackend.user(self);
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(resource.getUser())) {
|
||||
perm.check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
perm = permissionBackend.user(rsrc.getUser());
|
||||
perm = permissionBackend.user(resource.getUser());
|
||||
}
|
||||
|
||||
Map<String, Object> have = new LinkedHashMap<>();
|
||||
@ -85,7 +85,7 @@ class GetCapabilities implements RestReadView<AccountResource> {
|
||||
have.put(p.permissionName(), true);
|
||||
}
|
||||
|
||||
AccountLimits limits = limitsFactory.create(rsrc.getUser());
|
||||
AccountLimits limits = limitsFactory.create(resource.getUser());
|
||||
addRanges(have, limits);
|
||||
addPriority(have, limits);
|
||||
|
||||
|
@ -63,7 +63,7 @@ public class GetDiffPreferences implements RestReadView<AccountResource> {
|
||||
@Override
|
||||
public DiffPreferencesInfo apply(AccountResource rsrc)
|
||||
throws AuthException, ConfigInvalidException, IOException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
|
@ -57,7 +57,7 @@ public class GetEditPreferences implements RestReadView<AccountResource> {
|
||||
@Override
|
||||
public EditPreferencesInfo apply(AccountResource rsrc)
|
||||
throws AuthException, IOException, ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
|
@ -59,7 +59,7 @@ public class GetExternalIds implements RestReadView<AccountResource> {
|
||||
@Override
|
||||
public List<AccountExternalIdInfo> apply(AccountResource resource)
|
||||
throws RestApiException, IOException, OrmException, PermissionBackendException {
|
||||
if (self.get() != resource.getUser()) {
|
||||
if (!self.get().hasSameAccountId(resource.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
|
||||
}
|
||||
|
||||
|
@ -53,7 +53,7 @@ class GetOAuthToken implements RestReadView<AccountResource> {
|
||||
@Override
|
||||
public OAuthTokenInfo apply(AccountResource rsrc)
|
||||
throws AuthException, ResourceNotFoundException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
throw new AuthException("not allowed to get access token");
|
||||
}
|
||||
Account a = rsrc.getUser().getAccount();
|
||||
|
@ -43,7 +43,7 @@ public class GetPreferences implements RestReadView<AccountResource> {
|
||||
@Override
|
||||
public GeneralPreferencesInfo apply(AccountResource rsrc)
|
||||
throws AuthException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,7 @@ public class GetSshKeys implements RestReadView<AccountResource> {
|
||||
public List<SshKeyInfo> apply(AccountResource rsrc)
|
||||
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser());
|
||||
|
@ -59,7 +59,7 @@ public class GetWatchedProjects implements RestReadView<AccountResource> {
|
||||
public List<ProjectWatchInfo> apply(AccountResource rsrc)
|
||||
throws OrmException, AuthException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
|
@ -46,7 +46,7 @@ public class Index implements RestModifyView<AccountResource, Input> {
|
||||
@Override
|
||||
public Response<?> apply(AccountResource rsrc, Input input)
|
||||
throws IOException, AuthException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
|
@ -69,7 +69,7 @@ public class PostWatchedProjects
|
||||
public List<ProjectWatchInfo> apply(AccountResource rsrc, List<ProjectWatchInfo> input)
|
||||
throws OrmException, RestApiException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
|
@ -70,7 +70,7 @@ public class PutAgreement implements RestModifyView<AccountResource, AgreementIn
|
||||
throw new MethodNotAllowedException("contributor agreements disabled");
|
||||
}
|
||||
|
||||
if (self.get() != resource.getUser()) {
|
||||
if (!self.get().hasSameAccountId(resource.getUser())) {
|
||||
throw new AuthException("not allowed to enter contributor agreement");
|
||||
}
|
||||
|
||||
|
@ -78,7 +78,7 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
|
||||
public Response<String> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, ResourceConflictException, OrmException,
|
||||
IOException, ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
|
@ -63,7 +63,7 @@ public class PutName implements RestModifyView<AccountResource, Input> {
|
||||
public Response<String> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, MethodNotAllowedException, ResourceNotFoundException, OrmException,
|
||||
IOException, PermissionBackendException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), input);
|
||||
|
@ -55,7 +55,7 @@ public class PutPreferred implements RestModifyView<AccountResource.Email, Input
|
||||
public Response<String> apply(AccountResource.Email rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
||||
PermissionBackendException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), rsrc.getEmail());
|
||||
|
@ -64,7 +64,7 @@ public class PutStatus implements RestModifyView<AccountResource, Input> {
|
||||
public Response<String> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
||||
PermissionBackendException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), input);
|
||||
|
@ -62,7 +62,7 @@ public class PutUsername implements RestModifyView<AccountResource, Input> {
|
||||
throws AuthException, MethodNotAllowedException, UnprocessableEntityException,
|
||||
ResourceConflictException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
|
||||
}
|
||||
|
||||
|
@ -65,7 +65,7 @@ public class SetDiffPreferences implements RestModifyView<AccountResource, DiffP
|
||||
public DiffPreferencesInfo apply(AccountResource rsrc, DiffPreferencesInfo in)
|
||||
throws AuthException, BadRequestException, ConfigInvalidException,
|
||||
RepositoryNotFoundException, IOException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
|
@ -65,7 +65,7 @@ public class SetEditPreferences implements RestModifyView<AccountResource, EditP
|
||||
public EditPreferencesInfo apply(AccountResource rsrc, EditPreferencesInfo in)
|
||||
throws AuthException, BadRequestException, RepositoryNotFoundException, IOException,
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
|
@ -83,7 +83,7 @@ public class SetPreferences implements RestModifyView<AccountResource, GeneralPr
|
||||
public GeneralPreferencesInfo apply(AccountResource rsrc, GeneralPreferencesInfo i)
|
||||
throws AuthException, BadRequestException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
|
@ -64,7 +64,7 @@ public class SshKeys implements ChildCollection<AccountResource, AccountResource
|
||||
public AccountResource.SshKey parse(AccountResource rsrc, IdString id)
|
||||
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
try {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
} catch (AuthException e) {
|
||||
|
@ -134,7 +134,7 @@ public class StarredChanges
|
||||
@Override
|
||||
public Response<?> apply(AccountResource rsrc, EmptyInput in)
|
||||
throws RestApiException, OrmException, IOException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
throw new AuthException("not allowed to add starred change");
|
||||
}
|
||||
try {
|
||||
@ -167,7 +167,7 @@ public class StarredChanges
|
||||
@Override
|
||||
public Response<?> apply(AccountResource.StarredChange rsrc, EmptyInput in)
|
||||
throws AuthException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
throw new AuthException("not allowed update starred changes");
|
||||
}
|
||||
return Response.none();
|
||||
@ -188,7 +188,7 @@ public class StarredChanges
|
||||
@Override
|
||||
public Response<?> apply(AccountResource.StarredChange rsrc, EmptyInput in)
|
||||
throws AuthException, OrmException, IOException, IllegalLabelException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
throw new AuthException("not allowed remove starred change");
|
||||
}
|
||||
starredChangesUtil.star(
|
||||
|
@ -98,7 +98,7 @@ public class Stars implements ChildCollection<AccountResource, AccountResource.S
|
||||
@SuppressWarnings("unchecked")
|
||||
public List<ChangeInfo> apply(AccountResource rsrc)
|
||||
throws BadRequestException, AuthException, OrmException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
throw new AuthException("not allowed to list stars of another account");
|
||||
}
|
||||
QueryChanges query = changes.list();
|
||||
@ -120,7 +120,7 @@ public class Stars implements ChildCollection<AccountResource, AccountResource.S
|
||||
|
||||
@Override
|
||||
public SortedSet<String> apply(AccountResource.Star rsrc) throws AuthException, OrmException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
throw new AuthException("not allowed to get stars of another account");
|
||||
}
|
||||
return starredChangesUtil.getLabels(self.get().getAccountId(), rsrc.getChange().getId());
|
||||
@ -141,7 +141,7 @@ public class Stars implements ChildCollection<AccountResource, AccountResource.S
|
||||
@Override
|
||||
public Collection<String> apply(AccountResource.Star rsrc, StarsInput in)
|
||||
throws AuthException, BadRequestException, OrmException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
if (!self.get().hasSameAccountId(rsrc.getUser())) {
|
||||
throw new AuthException("not allowed to update stars of another account");
|
||||
}
|
||||
try {
|
||||
|
Loading…
Reference in New Issue
Block a user