Check canEditAssignee with PermissionBackend

Change-Id: I373267a7272f35e972dde5c38cce6f753196350c

gerrit-server/src/main/java/com/google/gerrit/server/api/changes/ChangeApiImpl.java

@@ -494,7 +494,7 @@ class ChangeApiImpl implements ChangeApi {
   public AccountInfo setAssignee(AssigneeInput input) throws RestApiException {
     try {
       return putAssignee.apply(change, input);
-    } catch (UpdateException | IOException | OrmException e) {
+    } catch (UpdateException | IOException | OrmException | PermissionBackendException e) {
       throw new RestApiException("Cannot set assignee", e);
     }
   }
@@ -523,7 +523,7 @@ class ChangeApiImpl implements ChangeApi {
     try {
       Response<AccountInfo> r = deleteAssignee.apply(change, null);
       return r.isNone() ? null : r.value();
-    } catch (UpdateException | OrmException e) {
+    } catch (UpdateException | OrmException | PermissionBackendException e) {
       throw new RestApiException("Cannot delete assignee", e);
     }
   }

gerrit-server/src/main/java/com/google/gerrit/server/change/DeleteAssignee.java

@@ -16,7 +16,6 @@ package com.google.gerrit.server.change;
 
 import com.google.gerrit.common.TimeUtil;
 import com.google.gerrit.extensions.common.AccountInfo;
-import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.extensions.restapi.Response;
 import com.google.gerrit.extensions.restapi.RestApiException;
 import com.google.gerrit.extensions.restapi.RestModifyView;
@@ -30,6 +29,8 @@ import com.google.gerrit.server.account.AccountLoader;
 import com.google.gerrit.server.change.DeleteAssignee.Input;
 import com.google.gerrit.server.extensions.events.AssigneeChanged;
 import com.google.gerrit.server.notedb.ChangeUpdate;
+import com.google.gerrit.server.permissions.ChangePermission;
+import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.update.BatchUpdate;
 import com.google.gerrit.server.update.BatchUpdateOp;
 import com.google.gerrit.server.update.ChangeContext;
@@ -69,7 +70,9 @@ public class DeleteAssignee implements RestModifyView<ChangeResource, Input> {
 
   @Override
   public Response<AccountInfo> apply(ChangeResource rsrc, Input input)
-      throws RestApiException, UpdateException, OrmException {
+      throws RestApiException, UpdateException, OrmException, PermissionBackendException {
+    rsrc.permissions().check(ChangePermission.EDIT_ASSIGNEE);
+
     try (BatchUpdate bu =
         batchUpdateFactory.create(db.get(), rsrc.getProject(), rsrc.getUser(), TimeUtil.nowTs())) {
       Op op = new Op();
@@ -88,9 +91,6 @@ public class DeleteAssignee implements RestModifyView<ChangeResource, Input> {
 
     @Override
     public boolean updateChange(ChangeContext ctx) throws RestApiException, OrmException {
-      if (!ctx.getControl().canEditAssignee()) {
-        throw new AuthException("Delete Assignee not permitted");
-      }
       change = ctx.getChange();
       ChangeUpdate update = ctx.getUpdate(change.currentPatchSetId());
       Account.Id currentAssigneeId = change.getAssignee();

gerrit-server/src/main/java/com/google/gerrit/server/change/PutAssignee.java

@@ -31,6 +31,8 @@ import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.AccountLoader;
 import com.google.gerrit.server.account.AccountsCollection;
 import com.google.gerrit.server.change.PostReviewers.Addition;
+import com.google.gerrit.server.permissions.ChangePermission;
+import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.update.BatchUpdate;
 import com.google.gerrit.server.update.UpdateException;
 import com.google.gwtorm.server.OrmException;
@@ -68,10 +70,10 @@ public class PutAssignee
 
   @Override
   public AccountInfo apply(ChangeResource rsrc, AssigneeInput input)
-      throws RestApiException, UpdateException, OrmException, IOException {
-    if (!rsrc.getControl().canEditAssignee()) {
-      throw new AuthException("Changing Assignee not permitted");
-    }
+      throws RestApiException, UpdateException, OrmException, IOException,
+          PermissionBackendException {
+    rsrc.permissions().check(ChangePermission.EDIT_ASSIGNEE);
+
     if (input.assignee == null || input.assignee.trim().isEmpty()) {
       throw new BadRequestException("missing assignee field");
     }
@@ -114,9 +116,9 @@ public class PutAssignee
   }
 
   @Override
-  public UiAction.Description getDescription(ChangeResource resource) {
+  public UiAction.Description getDescription(ChangeResource rsrc) {
     return new UiAction.Description()
         .setLabel("Edit Assignee")
-        .setVisible(resource.getControl().canEditAssignee());
+        .setVisible(rsrc.permissions().testOrFalse(ChangePermission.EDIT_ASSIGNEE));
   }
 }

gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java

@@ -456,7 +456,7 @@ public class ChangeControl {
     return false;
   }
 
-  public boolean canEditAssignee() {
+  private boolean canEditAssignee() {
     return isOwner()
         || getProjectControl().isOwner()
         || getRefControl().canEditAssignee()

gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java

@@ -451,7 +451,7 @@ public class RefControl {
     return canPerform(Permission.EDIT_HASHTAGS);
   }
 
-  public boolean canEditAssignee() {
+  boolean canEditAssignee() {
     return canPerform(Permission.EDIT_ASSIGNEE);
   }