opendev/gerrit
Code Issues Proposed changes

Cleanup check for 'Create Group' capability

Browse Source 
This should be done only once, inside of the common
PerformCreateGroup object and not by both the HTTP
and SSH interface glue.

Change-Id: I6f774fe318412a7220206b99d7279d5b061355ad
This commit is contained in:
Shawn O. Pearce
2011-06-16 18:49:26 -07:00
parent 98ce43f107
commit 9dbd055b52
3 changed files with 24 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/CreateGroup.java
View File

@@ -47,12 +47,6 @@ class CreateGroup extends Handler<AccountGroup.Id> {
@Override @Override
public AccountGroup.Id call() throws OrmException, NameAlreadyUsedException, public AccountGroup.Id call() throws OrmException, NameAlreadyUsedException,
PermissionDeniedException { PermissionDeniedException {
if (!user.getCapabilities().canCreateGroup()) {
throw new PermissionDeniedException(String.format(
"%s does not have \"Create Group\" capability.",
user.getUserName()));
}
final PerformCreateGroup performCreateGroup = performCreateGroupFactory.create(); final PerformCreateGroup performCreateGroup = performCreateGroupFactory.create();
final Account.Id me = user.getAccountId(); final Account.Id me = user.getAccountId();
return performCreateGroup.createGroup(groupName, null, false, null, Collections.singleton(me), null); return performCreateGroup.createGroup(groupName, null, false, null, Collections.singleton(me), null);

10
gerrit-server/src/main/java/com/google/gerrit/server/account/PerformCreateGroup.java
View File

@@ -15,6 +15,7 @@
package com.google.gerrit.server.account; package com.google.gerrit.server.account;
import com.google.gerrit.common.errors.NameAlreadyUsedException; import com.google.gerrit.common.errors.NameAlreadyUsedException;
import com.google.gerrit.common.errors.PermissionDeniedException;
import com.google.gerrit.reviewdb.Account; import com.google.gerrit.reviewdb.Account;
import com.google.gerrit.reviewdb.AccountGroup; import com.google.gerrit.reviewdb.AccountGroup;
import com.google.gerrit.reviewdb.AccountGroupInclude; import com.google.gerrit.reviewdb.AccountGroupInclude;
@@ -79,13 +80,20 @@ public class PerformCreateGroup {
* error * error
* @throws NameAlreadyUsedException is thrown in case a group with the given * @throws NameAlreadyUsedException is thrown in case a group with the given
* name already exists * name already exists
* @throws PermissionDeniedException user cannot create a group.
*/ */
public AccountGroup.Id createGroup(final String groupName, public AccountGroup.Id createGroup(final String groupName,
final String groupDescription, final boolean visibleToAll, final String groupDescription, final boolean visibleToAll,
final AccountGroup.Id ownerGroupId, final AccountGroup.Id ownerGroupId,
final Collection<? extends Account.Id> initialMembers, final Collection<? extends Account.Id> initialMembers,
final Collection<? extends AccountGroup.Id> initialGroups) final Collection<? extends AccountGroup.Id> initialGroups)
throws OrmException, NameAlreadyUsedException { throws OrmException, NameAlreadyUsedException, PermissionDeniedException {
if (!currentUser.getCapabilities().canCreateGroup()) {
throw new PermissionDeniedException(String.format(
"%s does not have \"Create Group\" capability.",
currentUser.getUserName()));
}
final AccountGroup.Id groupId = final AccountGroup.Id groupId =
new AccountGroup.Id(db.nextAccountGroupId()); new AccountGroup.Id(db.nextAccountGroupId());
final AccountGroup.NameKey nameKey = new AccountGroup.NameKey(groupName); final AccountGroup.NameKey nameKey = new AccountGroup.NameKey(groupName);

34
gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateGroupCommand.java
View File

@@ -15,12 +15,11 @@
package com.google.gerrit.sshd.commands; package com.google.gerrit.sshd.commands;
import com.google.gerrit.common.errors.NameAlreadyUsedException; import com.google.gerrit.common.errors.NameAlreadyUsedException;
import com.google.gerrit.common.errors.PermissionDeniedException;
import com.google.gerrit.reviewdb.Account; import com.google.gerrit.reviewdb.Account;
import com.google.gerrit.reviewdb.AccountGroup; import com.google.gerrit.reviewdb.AccountGroup;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.PerformCreateGroup; import com.google.gerrit.server.account.PerformCreateGroup;
import com.google.gerrit.sshd.BaseCommand; import com.google.gerrit.sshd.BaseCommand;
import com.google.gwtorm.client.OrmException;
import com.google.inject.Inject; import com.google.inject.Inject;
import org.apache.sshd.server.Environment; import org.apache.sshd.server.Environment;
@@ -62,9 +61,6 @@ final class CreateGroupCommand extends BaseCommand {
initialGroups.add(id); initialGroups.add(id);
} }
@Inject
private IdentifiedUser currentUser;
@Inject @Inject
private PerformCreateGroup.Factory performCreateGroupFactory; private PerformCreateGroup.Factory performCreateGroupFactory;
@@ -73,27 +69,21 @@ final class CreateGroupCommand extends BaseCommand {
startThread(new CommandRunnable() { startThread(new CommandRunnable() {
@Override @Override
public void run() throws Exception { public void run() throws Exception {
if (!currentUser.getCapabilities().canCreateGroup()) {
String msg = String.format(
"fatal: %s does not have \"Create Group\" capability.",
currentUser.getUserName());
throw new UnloggedFailure(BaseCommand.STATUS_NOT_ADMIN, msg);
}
parseCommandLine(); parseCommandLine();
createGroup();
}
});
}
private void createGroup() throws OrmException, UnloggedFailure {
final PerformCreateGroup performCreateGroup =
performCreateGroupFactory.create();
try { try {
performCreateGroup.createGroup(groupName, groupDescription, visibleToAll, performCreateGroupFactory.create().createGroup(groupName,
ownerGroupId, initialMembers, initialGroups); groupDescription,
visibleToAll,
ownerGroupId,
initialMembers,
initialGroups);
} catch (PermissionDeniedException e) {
throw die(e);
} catch (NameAlreadyUsedException e) { } catch (NameAlreadyUsedException e) {
throw die(e); throw die(e);
} }
} }
});
}
} }