Merge "DisablePlugin: Explicitly check for capability in apply()"

2017-10-03 14:51:17 +00:00
parent 82b90c796f e42f77645a
commit 8777d819d6
2 changed files with 28 additions and 5 deletions
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/plugin/PluginIT.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/plugin/PluginIT.java
@@ -28,6 +28,7 @@ import com.google.gerrit.extensions.api.plugins.PluginApi;
 import com.google.gerrit.extensions.api.plugins.Plugins.ListRequest;
 import com.google.gerrit.extensions.common.InstallPluginInput;
 import com.google.gerrit.extensions.common.PluginInfo;
 import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.extensions.restapi.BadRequestException;
 import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
 import com.google.gerrit.extensions.restapi.RawInput;
@@ -107,6 +108,15 @@ public class PluginIT extends AbstractDaemonTest {
    api = gApi.plugins().name("plugin-a");
    assertThat(api.get().disabled).isNull();
    assertPlugins(list().get(), PLUGINS);
    // Non-admin cannot disable
    setApiUser(user);
    try {
      gApi.plugins().name("plugin-a").disable();
      fail("Expected AuthException");
    } catch (AuthException expected) {
      // Expected
    }
  }
  @Test
--- a/gerrit-server/src/main/java/com/google/gerrit/server/plugins/DisablePlugin.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/plugins/DisablePlugin.java
@@ -15,29 +15,42 @@
 package com.google.gerrit.server.plugins;
 import com.google.common.collect.ImmutableSet;
 import com.google.gerrit.common.data.GlobalCapability;
 import com.google.gerrit.extensions.annotations.RequiresCapability;
 import com.google.gerrit.extensions.common.PluginInfo;
 import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
 import com.google.gerrit.extensions.restapi.RestApiException;
 import com.google.gerrit.extensions.restapi.RestModifyView;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.permissions.GlobalPermission;
 import com.google.gerrit.server.permissions.PermissionBackend;
 import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.plugins.DisablePlugin.Input;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
@Singleton
 public class DisablePlugin implements RestModifyView<PluginResource, Input> {
  public static class Input {}
  private final PluginLoader loader;
  private final Provider<IdentifiedUser> user;
  private final PermissionBackend permissionBackend;
  @Inject
-  DisablePlugin(PluginLoader loader) {
+  DisablePlugin(
      PluginLoader loader, Provider<IdentifiedUser> user, PermissionBackend permissionBackend) {
    this.loader = loader;
    this.user = user;
    this.permissionBackend = permissionBackend;
  }
  @Override
-  public PluginInfo apply(PluginResource resource, Input input) throws MethodNotAllowedException {
+  public PluginInfo apply(PluginResource resource, Input input) throws RestApiException {
    try {
      permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
    } catch (PermissionBackendException e) {
      throw new RestApiException("Could not check permission", e);
    }
    if (!loader.isRemoteAdminEnabled()) {
      throw new MethodNotAllowedException("remote plugin administration is disabled");
    }