opendev/gerrit
Code Issues Proposed changes

Merge "DisablePlugin: Explicitly check for capability in apply()"

Browse Source
This commit is contained in:
David Pursehouse
2017-10-03 14:51:17 +00:00
committed by Gerrit Code Review
parent 82b90c796f e42f77645a
commit 8777d819d6
2 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/plugin/PluginIT.java
View File

@@ -28,6 +28,7 @@ import com.google.gerrit.extensions.api.plugins.PluginApi;
import com.google.gerrit.extensions.api.plugins.Plugins.ListRequest;
import com.google.gerrit.extensions.common.InstallPluginInput;
import com.google.gerrit.extensions.common.PluginInfo;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
import com.google.gerrit.extensions.restapi.RawInput;
@@ -107,6 +108,15 @@ public class PluginIT extends AbstractDaemonTest {
api = gApi.plugins().name("plugin-a");
assertThat(api.get().disabled).isNull();
assertPlugins(list().get(), PLUGINS);
// Non-admin cannot disable
setApiUser(user);
try {
gApi.plugins().name("plugin-a").disable();
fail("Expected AuthException");
} catch (AuthException expected) {
// Expected
}
}
@Test

23
gerrit-server/src/main/java/com/google/gerrit/server/plugins/DisablePlugin.java
View File

@@ -15,29 +15,42 @@
package com.google.gerrit.server.plugins;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.extensions.annotations.RequiresCapability;
import com.google.gerrit.extensions.common.PluginInfo;
import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.plugins.DisablePlugin.Input;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
@Singleton
public class DisablePlugin implements RestModifyView<PluginResource, Input> {
public static class Input {}
private final PluginLoader loader;
private final Provider<IdentifiedUser> user;
private final PermissionBackend permissionBackend;
@Inject
DisablePlugin(PluginLoader loader) {
DisablePlugin(
PluginLoader loader, Provider<IdentifiedUser> user, PermissionBackend permissionBackend) {
this.loader = loader;
this.user = user;
this.permissionBackend = permissionBackend;
}
@Override
public PluginInfo apply(PluginResource resource, Input input) throws MethodNotAllowedException {
public PluginInfo apply(PluginResource resource, Input input) throws RestApiException {
try {
permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
} catch (PermissionBackendException e) {
throw new RestApiException("Could not check permission", e);
}
if (!loader.isRemoteAdminEnabled()) {
throw new MethodNotAllowedException("remote plugin administration is disabled");
}