Check canEditAssignee with PermissionBackend

Change-Id: I373267a7272f35e972dde5c38cce6f753196350c
2017-02-18 15:46:21 -08:00
parent 03c48e308c
commit 6b9563f3ce
5 changed files with 17 additions and 15 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/ChangeApiImpl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/ChangeApiImpl.java
@@ -494,7 +494,7 @@ class ChangeApiImpl implements ChangeApi {
  public AccountInfo setAssignee(AssigneeInput input) throws RestApiException {
    try {
      return putAssignee.apply(change, input);
-    } catch (UpdateException | IOException | OrmException e) {
+    } catch (UpdateException | IOException | OrmException | PermissionBackendException e) {
      throw new RestApiException("Cannot set assignee", e);
    }
  }
@@ -523,7 +523,7 @@ class ChangeApiImpl implements ChangeApi {
    try {
      Response<AccountInfo> r = deleteAssignee.apply(change, null);
      return r.isNone() ? null : r.value();
-    } catch (UpdateException | OrmException e) {
+    } catch (UpdateException | OrmException | PermissionBackendException e) {
      throw new RestApiException("Cannot delete assignee", e);
    }
  }
--- a/gerrit-server/src/main/java/com/google/gerrit/server/change/DeleteAssignee.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/change/DeleteAssignee.java
@@ -16,7 +16,6 @@ package com.google.gerrit.server.change;
 import com.google.gerrit.common.TimeUtil;
 import com.google.gerrit.extensions.common.AccountInfo;
 import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.extensions.restapi.Response;
 import com.google.gerrit.extensions.restapi.RestApiException;
 import com.google.gerrit.extensions.restapi.RestModifyView;
@@ -30,6 +29,8 @@ import com.google.gerrit.server.account.AccountLoader;
 import com.google.gerrit.server.change.DeleteAssignee.Input;
 import com.google.gerrit.server.extensions.events.AssigneeChanged;
 import com.google.gerrit.server.notedb.ChangeUpdate;
 import com.google.gerrit.server.permissions.ChangePermission;
 import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.update.BatchUpdate;
 import com.google.gerrit.server.update.BatchUpdateOp;
 import com.google.gerrit.server.update.ChangeContext;
@@ -69,7 +70,9 @@ public class DeleteAssignee implements RestModifyView<ChangeResource, Input> {
  @Override
  public Response<AccountInfo> apply(ChangeResource rsrc, Input input)
-      throws RestApiException, UpdateException, OrmException {
+      throws RestApiException, UpdateException, OrmException, PermissionBackendException {
    rsrc.permissions().check(ChangePermission.EDIT_ASSIGNEE);
    try (BatchUpdate bu =
        batchUpdateFactory.create(db.get(), rsrc.getProject(), rsrc.getUser(), TimeUtil.nowTs())) {
      Op op = new Op();
@@ -88,9 +91,6 @@ public class DeleteAssignee implements RestModifyView<ChangeResource, Input> {
    @Override
    public boolean updateChange(ChangeContext ctx) throws RestApiException, OrmException {
      if (!ctx.getControl().canEditAssignee()) {
        throw new AuthException("Delete Assignee not permitted");
      }
      change = ctx.getChange();
      ChangeUpdate update = ctx.getUpdate(change.currentPatchSetId());
      Account.Id currentAssigneeId = change.getAssignee();
--- a/gerrit-server/src/main/java/com/google/gerrit/server/change/PutAssignee.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/change/PutAssignee.java
@@ -31,6 +31,8 @@ import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.AccountLoader;
 import com.google.gerrit.server.account.AccountsCollection;
 import com.google.gerrit.server.change.PostReviewers.Addition;
 import com.google.gerrit.server.permissions.ChangePermission;
 import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.update.BatchUpdate;
 import com.google.gerrit.server.update.UpdateException;
 import com.google.gwtorm.server.OrmException;
@@ -68,10 +70,10 @@ public class PutAssignee
  @Override
  public AccountInfo apply(ChangeResource rsrc, AssigneeInput input)
-      throws RestApiException, UpdateException, OrmException, IOException {
+      throws RestApiException, UpdateException, OrmException, IOException,
-    if (!rsrc.getControl().canEditAssignee()) {
+          PermissionBackendException {
-      throw new AuthException("Changing Assignee not permitted");
+    rsrc.permissions().check(ChangePermission.EDIT_ASSIGNEE);
-    }
+
    if (input.assignee == null || input.assignee.trim().isEmpty()) {
      throw new BadRequestException("missing assignee field");
    }
@@ -114,9 +116,9 @@ public class PutAssignee
  }
  @Override
-  public UiAction.Description getDescription(ChangeResource resource) {
+  public UiAction.Description getDescription(ChangeResource rsrc) {
    return new UiAction.Description()
        .setLabel("Edit Assignee")
-        .setVisible(resource.getControl().canEditAssignee());
+        .setVisible(rsrc.permissions().testOrFalse(ChangePermission.EDIT_ASSIGNEE));
  }
 }
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
@@ -456,7 +456,7 @@ public class ChangeControl {
    return false;
  }
-  public boolean canEditAssignee() {
+  private boolean canEditAssignee() {
    return isOwner()
        || getProjectControl().isOwner()
        || getRefControl().canEditAssignee()
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
@@ -451,7 +451,7 @@ public class RefControl {
    return canPerform(Permission.EDIT_HASHTAGS);
  }
-  public boolean canEditAssignee() {
+  boolean canEditAssignee() {
    return canPerform(Permission.EDIT_ASSIGNEE);
  }