Cleanup callers of PermissionBackend#user()
This commit moves callers of PermissionBackend#user() to call PermissionBackend#currentUser() in cases where the user for the previous call could only come from the Injector and where we don't already need a CurrentUser object in the class. It migrates callers that explicitly check permissions of absent users to call PermissionBackend#absentUser(). In cases where we check permissions of absent users that could also be unauthenticated, checks for anonymous users are made explicitly. Change-Id: I6b470790e89b69077650fed42cb61dfeeb404b6e
This commit is contained in:
Patrick Hiesel
@@ -296,7 +296,7 @@ public class RestApiServlet extends HttpServlet {
|
||||
RestCollection<RestResource, RestResource> rc = members.get();
|
||||
globals
|
||||
.permissionBackend
|
||||
.user(globals.currentUser.get())
|
||||
.currentUser()
|
||||
.checkAny(GlobalPermission.fromAnnotation(rc.getClass()));
|
||||
|
||||
viewData = new ViewData(null, null);
|
||||
@@ -1182,7 +1182,7 @@ public class RestApiServlet extends HttpServlet {
|
||||
throws AuthException, PermissionBackendException {
|
||||
globals
|
||||
.permissionBackend
|
||||
.user(globals.currentUser.get())
|
||||
.currentUser()
|
||||
.checkAny(GlobalPermission.fromAnnotation(d.pluginName, d.view.getClass()));
|
||||
}
|
||||
|
||||
|
||||
@@ -16,7 +16,6 @@ package com.google.gerrit.metrics.dropwizard;
|
||||
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
@@ -25,23 +24,21 @@ import org.kohsuke.args4j.Option;
|
||||
|
||||
class GetMetric implements RestReadView<MetricResource> {
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final CurrentUser user;
|
||||
private final DropWizardMetricMaker metrics;
|
||||
|
||||
@Option(name = "--data-only", usage = "return only values")
|
||||
boolean dataOnly;
|
||||
|
||||
@Inject
|
||||
GetMetric(PermissionBackend permissionBackend, CurrentUser user, DropWizardMetricMaker metrics) {
|
||||
GetMetric(PermissionBackend permissionBackend, DropWizardMetricMaker metrics) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.user = user;
|
||||
this.metrics = metrics;
|
||||
}
|
||||
|
||||
@Override
|
||||
public MetricJson apply(MetricResource resource)
|
||||
throws AuthException, PermissionBackendException {
|
||||
permissionBackend.user(user).check(GlobalPermission.VIEW_CACHES);
|
||||
permissionBackend.currentUser().check(GlobalPermission.VIEW_CACHES);
|
||||
return new MetricJson(
|
||||
resource.getMetric(), metrics.getAnnotations(resource.getName()), dataOnly);
|
||||
}
|
||||
|
||||
@@ -17,7 +17,6 @@ package com.google.gerrit.metrics.dropwizard;
|
||||
import com.codahale.metrics.Metric;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.ConfigResource;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
@@ -32,7 +31,6 @@ import org.kohsuke.args4j.Option;
|
||||
|
||||
class ListMetrics implements RestReadView<ConfigResource> {
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final CurrentUser user;
|
||||
private final DropWizardMetricMaker metrics;
|
||||
|
||||
@Option(name = "--data-only", usage = "return only values")
|
||||
@@ -47,17 +45,15 @@ class ListMetrics implements RestReadView<ConfigResource> {
|
||||
List<String> query = new ArrayList<>();
|
||||
|
||||
@Inject
|
||||
ListMetrics(
|
||||
PermissionBackend permissionBackend, CurrentUser user, DropWizardMetricMaker metrics) {
|
||||
ListMetrics(PermissionBackend permissionBackend, DropWizardMetricMaker metrics) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.user = user;
|
||||
this.metrics = metrics;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, MetricJson> apply(ConfigResource resource)
|
||||
throws AuthException, PermissionBackendException {
|
||||
permissionBackend.user(user).check(GlobalPermission.VIEW_CACHES);
|
||||
permissionBackend.currentUser().check(GlobalPermission.VIEW_CACHES);
|
||||
|
||||
SortedMap<String, MetricJson> out = new TreeMap<>();
|
||||
List<String> prefixes = new ArrayList<>(query.size());
|
||||
|
||||
@@ -267,9 +267,12 @@ public class ApprovalsUtil {
|
||||
|
||||
private boolean canSee(ReviewDb db, ChangeNotes notes, Account.Id accountId) {
|
||||
try {
|
||||
IdentifiedUser user = userFactory.create(accountId);
|
||||
return projectCache.checkedGet(notes.getProjectName()).statePermitsRead()
|
||||
&& permissionBackend.user(user).change(notes).database(db).test(ChangePermission.READ);
|
||||
&& permissionBackend
|
||||
.absentUser(accountId)
|
||||
.change(notes)
|
||||
.database(db)
|
||||
.test(ChangePermission.READ);
|
||||
} catch (IOException | PermissionBackendException e) {
|
||||
log.warn(
|
||||
String.format(
|
||||
|
||||
@@ -48,7 +48,6 @@ import com.google.gerrit.extensions.restapi.ResourceConflictException;
|
||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||
import com.google.gerrit.extensions.restapi.TopLevelResource;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.project.ProjectJson;
|
||||
@@ -88,7 +87,6 @@ public class ProjectApiImpl implements ProjectApi {
|
||||
ProjectApiImpl create(String name);
|
||||
}
|
||||
|
||||
private final CurrentUser user;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final CreateProject.Factory createProjectFactory;
|
||||
private final ProjectApiImpl.Factory projectApi;
|
||||
@@ -123,7 +121,6 @@ public class ProjectApiImpl implements ProjectApi {
|
||||
|
||||
@AssistedInject
|
||||
ProjectApiImpl(
|
||||
CurrentUser user,
|
||||
PermissionBackend permissionBackend,
|
||||
CreateProject.Factory createProjectFactory,
|
||||
ProjectApiImpl.Factory projectApi,
|
||||
@@ -155,7 +152,6 @@ public class ProjectApiImpl implements ProjectApi {
|
||||
SetParent setParent,
|
||||
@Assisted ProjectResource project) {
|
||||
this(
|
||||
user,
|
||||
permissionBackend,
|
||||
createProjectFactory,
|
||||
projectApi,
|
||||
@@ -191,7 +187,6 @@ public class ProjectApiImpl implements ProjectApi {
|
||||
|
||||
@AssistedInject
|
||||
ProjectApiImpl(
|
||||
CurrentUser user,
|
||||
PermissionBackend permissionBackend,
|
||||
CreateProject.Factory createProjectFactory,
|
||||
ProjectApiImpl.Factory projectApi,
|
||||
@@ -223,7 +218,6 @@ public class ProjectApiImpl implements ProjectApi {
|
||||
SetParent setParent,
|
||||
@Assisted String name) {
|
||||
this(
|
||||
user,
|
||||
permissionBackend,
|
||||
createProjectFactory,
|
||||
projectApi,
|
||||
@@ -258,7 +252,6 @@ public class ProjectApiImpl implements ProjectApi {
|
||||
}
|
||||
|
||||
private ProjectApiImpl(
|
||||
CurrentUser user,
|
||||
PermissionBackend permissionBackend,
|
||||
CreateProject.Factory createProjectFactory,
|
||||
ProjectApiImpl.Factory projectApi,
|
||||
@@ -290,7 +283,6 @@ public class ProjectApiImpl implements ProjectApi {
|
||||
GetParent getParent,
|
||||
SetParent setParent,
|
||||
String name) {
|
||||
this.user = user;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.createProjectFactory = createProjectFactory;
|
||||
this.projectApi = projectApi;
|
||||
@@ -339,7 +331,7 @@ public class ProjectApiImpl implements ProjectApi {
|
||||
throw new BadRequestException("name must match input.name");
|
||||
}
|
||||
CreateProject impl = createProjectFactory.create(name);
|
||||
permissionBackend.user(user).checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
|
||||
permissionBackend.currentUser().checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
|
||||
impl.apply(TopLevelResource.INSTANCE, in);
|
||||
return projectApi.create(projects.parse(name));
|
||||
} catch (Exception e) {
|
||||
|
||||
@@ -39,7 +39,6 @@ import com.google.gerrit.reviewdb.client.PatchSetInfo;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.ApprovalsUtil;
|
||||
import com.google.gerrit.server.ChangeMessagesUtil;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.PatchSetUtil;
|
||||
import com.google.gerrit.server.config.SendEmailExecutor;
|
||||
import com.google.gerrit.server.events.CommitReceivedEvent;
|
||||
@@ -93,7 +92,6 @@ public class ChangeInserter implements InsertChangeOp {
|
||||
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final ProjectCache projectCache;
|
||||
private final IdentifiedUser.GenericFactory userFactory;
|
||||
private final PatchSetInfoFactory patchSetInfoFactory;
|
||||
private final PatchSetUtil psUtil;
|
||||
private final ApprovalsUtil approvalsUtil;
|
||||
@@ -143,7 +141,6 @@ public class ChangeInserter implements InsertChangeOp {
|
||||
ChangeInserter(
|
||||
PermissionBackend permissionBackend,
|
||||
ProjectCache projectCache,
|
||||
IdentifiedUser.GenericFactory userFactory,
|
||||
PatchSetInfoFactory patchSetInfoFactory,
|
||||
PatchSetUtil psUtil,
|
||||
ApprovalsUtil approvalsUtil,
|
||||
@@ -159,7 +156,6 @@ public class ChangeInserter implements InsertChangeOp {
|
||||
@Assisted String refName) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.projectCache = projectCache;
|
||||
this.userFactory = userFactory;
|
||||
this.patchSetInfoFactory = patchSetInfoFactory;
|
||||
this.psUtil = psUtil;
|
||||
this.approvalsUtil = approvalsUtil;
|
||||
@@ -465,9 +461,8 @@ public class ChangeInserter implements InsertChangeOp {
|
||||
.filter(
|
||||
accountId -> {
|
||||
try {
|
||||
IdentifiedUser user = userFactory.create(accountId);
|
||||
return permissionBackend
|
||||
.user(user)
|
||||
.absentUser(accountId)
|
||||
.change(notes)
|
||||
.database(db)
|
||||
.test(ChangePermission.READ)
|
||||
|
||||
@@ -27,7 +27,6 @@ import com.google.gerrit.reviewdb.client.Patch;
|
||||
import com.google.gerrit.reviewdb.client.PatchSet;
|
||||
import com.google.gerrit.reviewdb.client.PatchSetInfo;
|
||||
import com.google.gerrit.reviewdb.client.Project;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.StarredChangesUtil;
|
||||
import com.google.gerrit.server.account.ProjectWatches.NotifyType;
|
||||
import com.google.gerrit.server.mail.MailHeader;
|
||||
@@ -100,8 +99,7 @@ public abstract class ChangeEmail extends NotificationEmail {
|
||||
|
||||
/** Is the from user in an email squelching group? */
|
||||
try {
|
||||
IdentifiedUser user = args.identifiedUserFactory.create(id);
|
||||
args.permissionBackend.user(user).check(GlobalPermission.EMAIL_REVIEWERS);
|
||||
args.permissionBackend.absentUser(id).check(GlobalPermission.EMAIL_REVIEWERS);
|
||||
} catch (AuthException | PermissionBackendException e) {
|
||||
emailOnlyAuthors = true;
|
||||
}
|
||||
|
||||
@@ -17,6 +17,7 @@ package com.google.gerrit.server.query.change;
|
||||
import com.google.gerrit.index.query.IsVisibleToPredicate;
|
||||
import com.google.gerrit.reviewdb.client.Change;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.AnonymousUser;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.index.IndexUtils;
|
||||
import com.google.gerrit.server.notedb.ChangeNotes;
|
||||
@@ -40,19 +41,22 @@ public class ChangeIsVisibleToPredicate extends IsVisibleToPredicate<ChangeData>
|
||||
protected final CurrentUser user;
|
||||
protected final PermissionBackend permissionBackend;
|
||||
protected final ProjectCache projectCache;
|
||||
private final Provider<AnonymousUser> anonymousUserProvider;
|
||||
|
||||
public ChangeIsVisibleToPredicate(
|
||||
Provider<ReviewDb> db,
|
||||
ChangeNotes.Factory notesFactory,
|
||||
CurrentUser user,
|
||||
PermissionBackend permissionBackend,
|
||||
ProjectCache projectCache) {
|
||||
ProjectCache projectCache,
|
||||
Provider<AnonymousUser> anonymousUserProvider) {
|
||||
super(ChangeQueryBuilder.FIELD_VISIBLETO, IndexUtils.describe(user));
|
||||
this.db = db;
|
||||
this.notesFactory = notesFactory;
|
||||
this.user = user;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.projectCache = projectCache;
|
||||
this.anonymousUserProvider = anonymousUserProvider;
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -81,13 +85,12 @@ public class ChangeIsVisibleToPredicate extends IsVisibleToPredicate<ChangeData>
|
||||
}
|
||||
|
||||
boolean visible;
|
||||
PermissionBackend.WithUser withUser =
|
||||
user.isIdentifiedUser()
|
||||
? permissionBackend.absentUser(user.getAccountId())
|
||||
: permissionBackend.user(anonymousUserProvider.get());
|
||||
try {
|
||||
visible =
|
||||
permissionBackend
|
||||
.user(user)
|
||||
.indexedChange(cd, notes)
|
||||
.database(db)
|
||||
.test(ChangePermission.READ);
|
||||
visible = withUser.indexedChange(cd, notes).database(db).test(ChangePermission.READ);
|
||||
} catch (PermissionBackendException e) {
|
||||
Throwable cause = e.getCause();
|
||||
if (cause instanceof RepositoryNotFoundException) {
|
||||
|
||||
@@ -44,6 +44,7 @@ import com.google.gerrit.reviewdb.client.Branch;
|
||||
import com.google.gerrit.reviewdb.client.Change;
|
||||
import com.google.gerrit.reviewdb.client.RefNames;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.AnonymousUser;
|
||||
import com.google.gerrit.server.CommentsUtil;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
@@ -214,6 +215,7 @@ public class ChangeQueryBuilder extends QueryBuilder<ChangeData> {
|
||||
final StarredChangesUtil starredChangesUtil;
|
||||
final SubmitDryRun submitDryRun;
|
||||
final GroupMembers groupMembers;
|
||||
final Provider<AnonymousUser> anonymousUserProvider;
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
|
||||
@@ -246,7 +248,8 @@ public class ChangeQueryBuilder extends QueryBuilder<ChangeData> {
|
||||
StarredChangesUtil starredChangesUtil,
|
||||
AccountCache accountCache,
|
||||
NotesMigration notesMigration,
|
||||
GroupMembers groupMembers) {
|
||||
GroupMembers groupMembers,
|
||||
Provider<AnonymousUser> anonymousUserProvider) {
|
||||
this(
|
||||
db,
|
||||
queryProvider,
|
||||
@@ -274,7 +277,8 @@ public class ChangeQueryBuilder extends QueryBuilder<ChangeData> {
|
||||
starredChangesUtil,
|
||||
accountCache,
|
||||
notesMigration,
|
||||
groupMembers);
|
||||
groupMembers,
|
||||
anonymousUserProvider);
|
||||
}
|
||||
|
||||
private Arguments(
|
||||
@@ -304,7 +308,8 @@ public class ChangeQueryBuilder extends QueryBuilder<ChangeData> {
|
||||
StarredChangesUtil starredChangesUtil,
|
||||
AccountCache accountCache,
|
||||
NotesMigration notesMigration,
|
||||
GroupMembers groupMembers) {
|
||||
GroupMembers groupMembers,
|
||||
Provider<AnonymousUser> anonymousUserProvider) {
|
||||
this.db = db;
|
||||
this.queryProvider = queryProvider;
|
||||
this.rewriter = rewriter;
|
||||
@@ -332,6 +337,7 @@ public class ChangeQueryBuilder extends QueryBuilder<ChangeData> {
|
||||
this.hasOperands = hasOperands;
|
||||
this.notesMigration = notesMigration;
|
||||
this.groupMembers = groupMembers;
|
||||
this.anonymousUserProvider = anonymousUserProvider;
|
||||
}
|
||||
|
||||
Arguments asUser(CurrentUser otherUser) {
|
||||
@@ -362,7 +368,8 @@ public class ChangeQueryBuilder extends QueryBuilder<ChangeData> {
|
||||
starredChangesUtil,
|
||||
accountCache,
|
||||
notesMigration,
|
||||
groupMembers);
|
||||
groupMembers,
|
||||
anonymousUserProvider);
|
||||
}
|
||||
|
||||
Arguments asUser(Account.Id otherId) {
|
||||
@@ -909,7 +916,12 @@ public class ChangeQueryBuilder extends QueryBuilder<ChangeData> {
|
||||
|
||||
public Predicate<ChangeData> visibleto(CurrentUser user) {
|
||||
return new ChangeIsVisibleToPredicate(
|
||||
args.db, args.notesFactory, user, args.permissionBackend, args.projectCache);
|
||||
args.db,
|
||||
args.notesFactory,
|
||||
user,
|
||||
args.permissionBackend,
|
||||
args.projectCache,
|
||||
args.anonymousUserProvider);
|
||||
}
|
||||
|
||||
public Predicate<ChangeData> is_visible() throws QueryParseException {
|
||||
|
||||
@@ -26,6 +26,7 @@ import com.google.gerrit.index.query.Predicate;
|
||||
import com.google.gerrit.index.query.QueryProcessor;
|
||||
import com.google.gerrit.metrics.MetricMaker;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.AnonymousUser;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.account.AccountLimits;
|
||||
import com.google.gerrit.server.index.change.ChangeIndexCollection;
|
||||
@@ -65,6 +66,7 @@ public class ChangeQueryProcessor extends QueryProcessor<ChangeData>
|
||||
private final DynamicMap<ChangeAttributeFactory> attributeFactories;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final ProjectCache projectCache;
|
||||
private final Provider<AnonymousUser> anonymousUserProvider;
|
||||
|
||||
static {
|
||||
// It is assumed that basic rewrites do not touch visibleto predicates.
|
||||
@@ -85,7 +87,8 @@ public class ChangeQueryProcessor extends QueryProcessor<ChangeData>
|
||||
ChangeNotes.Factory notesFactory,
|
||||
DynamicMap<ChangeAttributeFactory> attributeFactories,
|
||||
PermissionBackend permissionBackend,
|
||||
ProjectCache projectCache) {
|
||||
ProjectCache projectCache,
|
||||
Provider<AnonymousUser> anonymousUserProvider) {
|
||||
super(
|
||||
metricMaker,
|
||||
ChangeSchemaDefinitions.INSTANCE,
|
||||
@@ -100,6 +103,7 @@ public class ChangeQueryProcessor extends QueryProcessor<ChangeData>
|
||||
this.attributeFactories = attributeFactories;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.projectCache = projectCache;
|
||||
this.anonymousUserProvider = anonymousUserProvider;
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -143,7 +147,12 @@ public class ChangeQueryProcessor extends QueryProcessor<ChangeData>
|
||||
return new AndChangeSource(
|
||||
pred,
|
||||
new ChangeIsVisibleToPredicate(
|
||||
db, notesFactory, userProvider.get(), permissionBackend, projectCache),
|
||||
db,
|
||||
notesFactory,
|
||||
userProvider.get(),
|
||||
permissionBackend,
|
||||
projectCache,
|
||||
anonymousUserProvider),
|
||||
start);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -123,7 +123,7 @@ public class EqualsLabelPredicate extends ChangeIndexPredicate {
|
||||
// Check the user has 'READ' permission.
|
||||
try {
|
||||
PermissionBackend.ForChange perm =
|
||||
permissionBackend.user(reviewer).database(dbProvider).change(cd);
|
||||
permissionBackend.absentUser(approver).database(dbProvider).change(cd);
|
||||
ProjectState projectState = projectCache.checkedGet(cd.project());
|
||||
return projectState != null
|
||||
&& projectState.statePermitsRead()
|
||||
|
||||
@@ -80,7 +80,10 @@ public class ReviewerJson {
|
||||
ReviewerInfo info =
|
||||
format(
|
||||
new ReviewerInfo(rsrc.getReviewerUser().getAccountId().get()),
|
||||
permissionBackend.user(rsrc.getReviewerUser()).database(db).change(cd),
|
||||
permissionBackend
|
||||
.absentUser(rsrc.getReviewerUser().getAccountId())
|
||||
.database(db)
|
||||
.change(cd),
|
||||
cd);
|
||||
loader.put(info);
|
||||
infos.add(info);
|
||||
|
||||
@@ -18,7 +18,6 @@ import com.google.common.base.Throwables;
|
||||
import com.google.common.util.concurrent.Atomics;
|
||||
import com.google.gerrit.extensions.api.access.GlobalOrPluginPermission;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
@@ -33,7 +32,6 @@ import org.apache.sshd.server.Environment;
|
||||
/** Command that executes some other command. */
|
||||
public class AliasCommand extends BaseCommand {
|
||||
private final DispatchCommandProvider root;
|
||||
private final CurrentUser currentUser;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final CommandName command;
|
||||
private final AtomicReference<Command> atomicCmd;
|
||||
@@ -41,11 +39,9 @@ public class AliasCommand extends BaseCommand {
|
||||
AliasCommand(
|
||||
@CommandName(Commands.ROOT) DispatchCommandProvider root,
|
||||
PermissionBackend permissionBackend,
|
||||
CurrentUser currentUser,
|
||||
CommandName command) {
|
||||
this.root = root;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.currentUser = currentUser;
|
||||
this.command = command;
|
||||
this.atomicCmd = Atomics.newReference();
|
||||
}
|
||||
@@ -114,7 +110,7 @@ public class AliasCommand extends BaseCommand {
|
||||
try {
|
||||
Set<GlobalOrPluginPermission> check = GlobalPermission.fromAnnotation(cmd.getClass());
|
||||
try {
|
||||
permissionBackend.user(currentUser).checkAny(check);
|
||||
permissionBackend.currentUser().checkAny(check);
|
||||
} catch (AuthException err) {
|
||||
throw new UnloggedFailure(BaseCommand.STATUS_NOT_ADMIN, "fatal: " + err.getMessage());
|
||||
}
|
||||
|
||||
@@ -14,7 +14,6 @@
|
||||
|
||||
package com.google.gerrit.sshd;
|
||||
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -29,7 +28,6 @@ public class AliasCommandProvider implements Provider<Command> {
|
||||
private DispatchCommandProvider root;
|
||||
|
||||
@Inject private PermissionBackend permissionBackend;
|
||||
@Inject private CurrentUser currentUser;
|
||||
|
||||
public AliasCommandProvider(CommandName command) {
|
||||
this.command = command;
|
||||
@@ -37,6 +35,6 @@ public class AliasCommandProvider implements Provider<Command> {
|
||||
|
||||
@Override
|
||||
public Command get() {
|
||||
return new AliasCommand(root, permissionBackend, currentUser, command);
|
||||
return new AliasCommand(root, permissionBackend, command);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,7 +20,6 @@ import com.google.gerrit.reviewdb.client.Change;
|
||||
import com.google.gerrit.reviewdb.client.Project;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.ChangeFinder;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.change.ChangeResource;
|
||||
import com.google.gerrit.server.notedb.ChangeNotes;
|
||||
import com.google.gerrit.server.permissions.ChangePermission;
|
||||
@@ -39,7 +38,6 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class ChangeArgumentParser {
|
||||
private final CurrentUser currentUser;
|
||||
private final ChangesCollection changesCollection;
|
||||
private final ChangeFinder changeFinder;
|
||||
private final ReviewDb db;
|
||||
@@ -48,13 +46,11 @@ public class ChangeArgumentParser {
|
||||
|
||||
@Inject
|
||||
ChangeArgumentParser(
|
||||
CurrentUser currentUser,
|
||||
ChangesCollection changesCollection,
|
||||
ChangeFinder changeFinder,
|
||||
ReviewDb db,
|
||||
ChangeNotes.Factory changeNotesFactory,
|
||||
PermissionBackend permissionBackend) {
|
||||
this.currentUser = currentUser;
|
||||
this.changesCollection = changesCollection;
|
||||
this.changeFinder = changeFinder;
|
||||
this.db = db;
|
||||
@@ -83,7 +79,7 @@ public class ChangeArgumentParser {
|
||||
List<ChangeNotes> toAdd = new ArrayList<>(changes.size());
|
||||
boolean canMaintainServer;
|
||||
try {
|
||||
permissionBackend.user(currentUser).check(GlobalPermission.MAINTAIN_SERVER);
|
||||
permissionBackend.currentUser().check(GlobalPermission.MAINTAIN_SERVER);
|
||||
canMaintainServer = true;
|
||||
} catch (AuthException | PermissionBackendException e) {
|
||||
canMaintainServer = false;
|
||||
@@ -93,7 +89,7 @@ public class ChangeArgumentParser {
|
||||
&& inProject(projectState, notes.getProjectName())
|
||||
&& (canMaintainServer
|
||||
|| (permissionBackend
|
||||
.user(currentUser)
|
||||
.currentUser()
|
||||
.change(notes)
|
||||
.database(db)
|
||||
.test(ChangePermission.READ)
|
||||
|
||||
@@ -19,7 +19,6 @@ import com.google.common.base.Throwables;
|
||||
import com.google.common.collect.Sets;
|
||||
import com.google.common.util.concurrent.Atomics;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.args4j.SubcommandHandler;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
@@ -42,7 +41,6 @@ final class DispatchCommand extends BaseCommand {
|
||||
DispatchCommand create(Map<String, CommandProvider> map);
|
||||
}
|
||||
|
||||
private final CurrentUser currentUser;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Map<String, CommandProvider> commands;
|
||||
private final AtomicReference<Command> atomicCmd;
|
||||
@@ -54,11 +52,7 @@ final class DispatchCommand extends BaseCommand {
|
||||
private List<String> args = new ArrayList<>();
|
||||
|
||||
@Inject
|
||||
DispatchCommand(
|
||||
CurrentUser user,
|
||||
PermissionBackend permissionBackend,
|
||||
@Assisted Map<String, CommandProvider> all) {
|
||||
this.currentUser = user;
|
||||
DispatchCommand(PermissionBackend permissionBackend, @Assisted Map<String, CommandProvider> all) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
commands = all;
|
||||
atomicCmd = Atomics.newReference();
|
||||
@@ -125,7 +119,7 @@ final class DispatchCommand extends BaseCommand {
|
||||
}
|
||||
try {
|
||||
permissionBackend
|
||||
.user(currentUser)
|
||||
.currentUser()
|
||||
.checkAny(GlobalPermission.fromAnnotation(pluginName, cmd.getClass()));
|
||||
} catch (AuthException e) {
|
||||
throw new UnloggedFailure(BaseCommand.STATUS_NOT_ADMIN, e.getMessage());
|
||||
|
||||
@@ -17,7 +17,6 @@ package com.google.gerrit.sshd.commands;
|
||||
import com.google.gerrit.common.data.GlobalCapability;
|
||||
import com.google.gerrit.extensions.annotations.RequiresCapability;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
@@ -34,7 +33,6 @@ import org.kohsuke.args4j.Option;
|
||||
final class AdminQueryShell extends SshCommand {
|
||||
@Inject private PermissionBackend permissionBackend;
|
||||
@Inject private QueryShell.Factory factory;
|
||||
@Inject private IdentifiedUser currentUser;
|
||||
|
||||
@Option(name = "--format", usage = "Set output format")
|
||||
private QueryShell.OutputFormat format = QueryShell.OutputFormat.PRETTY;
|
||||
@@ -45,7 +43,7 @@ final class AdminQueryShell extends SshCommand {
|
||||
@Override
|
||||
protected void run() throws Failure {
|
||||
try {
|
||||
permissionBackend.user(currentUser).check(GlobalPermission.ACCESS_DATABASE);
|
||||
permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
|
||||
} catch (AuthException err) {
|
||||
throw die(err.getMessage());
|
||||
} catch (PermissionBackendException e) {
|
||||
|
||||
@@ -27,7 +27,7 @@ public class FakeQueryBuilder extends ChangeQueryBuilder {
|
||||
new FakeQueryBuilder.Definition<>(FakeQueryBuilder.class),
|
||||
new ChangeQueryBuilder.Arguments(
|
||||
null, null, null, null, null, null, null, null, null, null, null, null, null, null,
|
||||
null, null, null, null, null, indexes, null, null, null, null, null, null, null));
|
||||
null, null, null, null, null, indexes, null, null, null, null, null, null, null, null));
|
||||
}
|
||||
|
||||
@Operator
|
||||
|
||||
Reference in New Issue
Block a user