Merge branch 'stable-3.0'

* stable-3.0:
  Fix eclipse project generation
  Always send an email when adding or deleting an SSH key
  AccountIT: Add test for adding GPG key to another account
  AccountIT: Add tests for modifying SSH keys of another account
  Remove GWT leftovers from .gitignore
  Update rules_closure to latest version
  Use bazelisk to switch between used bazel version
  Eclipse: Configure classpath to ignore warnings in generated classes
  Allow load labels to cross package boundaries by default

Change-Id: Iaf0aef486ef7dc189c11ab3cb0417600155c0b99

java/com/google/gerrit/server/mail/send/AddKeySender.java

@@ -17,13 +17,9 @@ package com.google.gerrit.server.mail.send;
 import com.google.common.base.Joiner;
 import com.google.gerrit.exceptions.EmailException;
 import com.google.gerrit.extensions.api.changes.RecipientType;
-import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.mail.Address;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.AccountSshKey;
-import com.google.gerrit.server.permissions.GlobalPermission;
-import com.google.gerrit.server.permissions.PermissionBackend;
-import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.inject.assistedinject.Assisted;
 import com.google.inject.assistedinject.AssistedInject;
 import java.util.List;
@@ -35,22 +31,14 @@ public class AddKeySender extends OutgoingEmail {
     AddKeySender create(IdentifiedUser user, List<String> gpgKey);
   }
 
-  private final PermissionBackend permissionBackend;
-  private final IdentifiedUser callingUser;
   private final IdentifiedUser user;
   private final AccountSshKey sshKey;
   private final List<String> gpgKeys;
 
   @AssistedInject
   public AddKeySender(
-      EmailArguments ea,
-      PermissionBackend permissionBackend,
-      IdentifiedUser callingUser,
-      @Assisted IdentifiedUser user,
-      @Assisted AccountSshKey sshKey) {
+      EmailArguments ea, @Assisted IdentifiedUser user, @Assisted AccountSshKey sshKey) {
     super(ea, "addkey");
-    this.permissionBackend = permissionBackend;
-    this.callingUser = callingUser;
     this.user = user;
     this.sshKey = sshKey;
     this.gpgKeys = null;
@@ -58,14 +46,8 @@ public class AddKeySender extends OutgoingEmail {
 
   @AssistedInject
   public AddKeySender(
-      EmailArguments ea,
-      PermissionBackend permissionBackend,
-      IdentifiedUser callingUser,
-      @Assisted IdentifiedUser user,
-      @Assisted List<String> gpgKeys) {
+      EmailArguments ea, @Assisted IdentifiedUser user, @Assisted List<String> gpgKeys) {
     super(ea, "addkey");
-    this.permissionBackend = permissionBackend;
-    this.callingUser = callingUser;
     this.user = user;
     this.sshKey = null;
     this.gpgKeys = gpgKeys;
@@ -85,20 +67,7 @@ public class AddKeySender extends OutgoingEmail {
       return false;
     }
 
-    if (user.equals(callingUser)) {
-      // Send email if the user self-added a key; this notification is necessary to alert
-      // the user if their account was compromised and a key was unexpectedly added.
-      return true;
-    }
-
-    try {
-      // Don't email if an administrator added a key on behalf of the user.
-      permissionBackend.user(callingUser).check(GlobalPermission.ADMINISTRATE_SERVER);
-      return false;
-    } catch (AuthException | PermissionBackendException e) {
-      // Send email if a non-administrator modified the keys, e.g. by MODIFY_ACCOUNT.
-      return true;
-    }
+    return true;
   }
 
   @Override

java/com/google/gerrit/server/mail/send/DeleteKeySender.java

@@ -17,13 +17,9 @@ package com.google.gerrit.server.mail.send;
 import com.google.common.base.Joiner;
 import com.google.gerrit.exceptions.EmailException;
 import com.google.gerrit.extensions.api.changes.RecipientType;
-import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.mail.Address;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.AccountSshKey;
-import com.google.gerrit.server.permissions.GlobalPermission;
-import com.google.gerrit.server.permissions.PermissionBackend;
-import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.inject.assistedinject.Assisted;
 import com.google.inject.assistedinject.AssistedInject;
 import java.util.Collections;
@@ -36,22 +32,14 @@ public class DeleteKeySender extends OutgoingEmail {
     DeleteKeySender create(IdentifiedUser user, List<String> gpgKeyFingerprints);
   }
 
-  private final PermissionBackend permissionBackend;
-  private final IdentifiedUser callingUser;
   private final IdentifiedUser user;
   private final AccountSshKey sshKey;
   private final List<String> gpgKeyFingerprints;
 
   @AssistedInject
   public DeleteKeySender(
-      EmailArguments ea,
-      PermissionBackend permissionBackend,
-      IdentifiedUser callingUser,
-      @Assisted IdentifiedUser user,
-      @Assisted AccountSshKey sshKey) {
+      EmailArguments ea, @Assisted IdentifiedUser user, @Assisted AccountSshKey sshKey) {
     super(ea, "deletekey");
-    this.permissionBackend = permissionBackend;
-    this.callingUser = callingUser;
     this.user = user;
     this.gpgKeyFingerprints = Collections.emptyList();
     this.sshKey = sshKey;
@@ -59,14 +47,8 @@ public class DeleteKeySender extends OutgoingEmail {
 
   @AssistedInject
   public DeleteKeySender(
-      EmailArguments ea,
-      PermissionBackend permissionBackend,
-      IdentifiedUser callingUser,
-      @Assisted IdentifiedUser user,
-      @Assisted List<String> gpgKeyFingerprints) {
+      EmailArguments ea, @Assisted IdentifiedUser user, @Assisted List<String> gpgKeyFingerprints) {
     super(ea, "deletekey");
-    this.permissionBackend = permissionBackend;
-    this.callingUser = callingUser;
     this.user = user;
     this.gpgKeyFingerprints = gpgKeyFingerprints;
     this.sshKey = null;
@@ -81,20 +63,7 @@ public class DeleteKeySender extends OutgoingEmail {
 
   @Override
   protected boolean shouldSendMessage() {
-    if (user.equals(callingUser)) {
-      // Send email if the user self-removed a key; this notification is necessary to alert
-      // the user if their account was compromised and a key was unexpectedly deleted.
-      return true;
-    }
-
-    try {
-      // Don't email if an administrator removed a key on behalf of the user.
-      permissionBackend.user(callingUser).check(GlobalPermission.ADMINISTRATE_SERVER);
-      return false;
-    } catch (AuthException | PermissionBackendException e) {
-      // Send email if a non-administrator modified the keys, e.g. by MODIFY_ACCOUNT.
-      return true;
-    }
+    return true;
   }
 
   @Override