Enable updating the full-name of manually created account
When Gerrit runs with LDAP backend, make it possible to update the full name of manually created account. Change-Id: I27aafaba263db1794fb808dccb7ccb46b393741f
This commit is contained in:
parent
d5db8c0109
commit
9a52469b2b
@ -20,7 +20,7 @@ import com.google.gwtorm.client.StringKey;
|
||||
/** Association of an external account identifier to a local {@link Account}. */
|
||||
public final class AccountExternalId {
|
||||
/**
|
||||
* Scheme used for {@link AuthType#LDAP}, {@link AuthType#HTTP},
|
||||
* Scheme used for {@link AuthType#LDAP}, {@link AuthType#CLIENT_SSL_CERT_LDAP},
|
||||
* {@link AuthType#HTTP_LDAP}, and {@link AuthType#LDAP_BIND} usernames.
|
||||
* <p>
|
||||
* The name {@code gerrit:} was a very poor choice.
|
||||
|
@ -14,6 +14,8 @@
|
||||
|
||||
package com.google.gerrit.server.account;
|
||||
|
||||
import static com.google.gerrit.reviewdb.client.AccountExternalId.SCHEME_GERRIT;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.DefaultInput;
|
||||
@ -23,10 +25,12 @@ import com.google.gerrit.extensions.restapi.Response;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
import com.google.gerrit.reviewdb.client.Account;
|
||||
import com.google.gerrit.reviewdb.client.Account.FieldName;
|
||||
import com.google.gerrit.reviewdb.client.AccountExternalId;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.PutName.Input;
|
||||
import com.google.gerrit.server.auth.ldap.LdapRealm;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@ -66,18 +70,21 @@ public class PutName implements RestModifyView<AccountResource, Input> {
|
||||
|
||||
public Response<String> apply(IdentifiedUser user, Input input)
|
||||
throws MethodNotAllowedException, ResourceNotFoundException, OrmException {
|
||||
if (!realm.allowsEdit(FieldName.FULL_NAME)) {
|
||||
throw new MethodNotAllowedException("realm does not allow editing name");
|
||||
}
|
||||
|
||||
if (input == null) {
|
||||
input = new Input();
|
||||
}
|
||||
|
||||
Account a = dbProvider.get().accounts().get(user.getAccountId());
|
||||
ReviewDb db = dbProvider.get();
|
||||
Account a = db.accounts().get(user.getAccountId());
|
||||
if (a == null) {
|
||||
throw new ResourceNotFoundException("account not found");
|
||||
}
|
||||
|
||||
if (!realm.allowsEdit(FieldName.FULL_NAME)
|
||||
&& !(realm instanceof LdapRealm && db.accountExternalIds().get(
|
||||
new AccountExternalId.Key(SCHEME_GERRIT, a.getUserName())) == null)) {
|
||||
throw new MethodNotAllowedException("realm does not allow editing name");
|
||||
}
|
||||
|
||||
a.setFullName(input.name);
|
||||
dbProvider.get().accounts().update(Collections.singleton(a));
|
||||
byIdCache.evict(a.getId());
|
||||
|
@ -59,7 +59,7 @@ import javax.naming.directory.DirContext;
|
||||
import javax.security.auth.login.LoginException;
|
||||
|
||||
@Singleton
|
||||
class LdapRealm implements Realm {
|
||||
public class LdapRealm implements Realm {
|
||||
static final Logger log = LoggerFactory.getLogger(LdapRealm.class);
|
||||
static final String LDAP = "com.sun.jndi.ldap.LdapCtxFactory";
|
||||
static final String USERNAME = "username";
|
||||
|
Loading…
Reference in New Issue
Block a user