Convert modifyAccount to PermissionBackend
Update a few test messages to reflect check throwing a generic
AuthException("modify account not permitted") instead of the
prior custom text.
Change-Id: Ie3ddd250289618a43d2708264863f2e850fd54cb
This commit is contained in:
Shawn Pearce
committed by
David Pursehouse
David Pursehouse
parent
a3efaba361
commit
b168511335
@@ -87,11 +87,6 @@ public class CapabilityControl {
|
||||
return canEmailReviewers;
|
||||
}
|
||||
|
||||
/** @return true if the user can modify an account for another user. */
|
||||
public boolean canModifyAccount() {
|
||||
return canPerform(GlobalCapability.MODIFY_ACCOUNT) || canAdministrateServer();
|
||||
}
|
||||
|
||||
/** @return true if the user can view all accounts. */
|
||||
public boolean canViewAllAccounts() {
|
||||
return canPerform(GlobalCapability.VIEW_ALL_ACCOUNTS) || canAdministrateServer();
|
||||
@@ -228,8 +223,6 @@ public class CapabilityControl {
|
||||
return canAdministrateServer();
|
||||
case EMAIL_REVIEWERS:
|
||||
return canEmailReviewers();
|
||||
case MODIFY_ACCOUNT:
|
||||
return canModifyAccount();
|
||||
case VIEW_ALL_ACCOUNTS:
|
||||
return canViewAllAccounts();
|
||||
|
||||
@@ -246,6 +239,7 @@ public class CapabilityControl {
|
||||
case CREATE_GROUP:
|
||||
case CREATE_PROJECT:
|
||||
case MAINTAIN_SERVER:
|
||||
case MODIFY_ACCOUNT:
|
||||
case STREAM_EVENTS:
|
||||
case VIEW_CONNECTIONS:
|
||||
case VIEW_PLUGINS:
|
||||
|
||||
@@ -32,6 +32,9 @@ import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.gerrit.server.mail.send.OutgoingEmailValidator;
|
||||
import com.google.gerrit.server.mail.send.RegisterNewEmailSender;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -50,6 +53,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Realm realm;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountManager accountManager;
|
||||
private final RegisterNewEmailSender.Factory registerNewEmailFactory;
|
||||
private final PutPreferred putPreferred;
|
||||
@@ -60,6 +64,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
CreateEmail(
|
||||
Provider<CurrentUser> self,
|
||||
Realm realm,
|
||||
PermissionBackend permissionBackend,
|
||||
AuthConfig authConfig,
|
||||
AccountManager accountManager,
|
||||
RegisterNewEmailSender.Factory registerNewEmailFactory,
|
||||
@@ -67,6 +72,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
@Assisted String email) {
|
||||
this.self = self;
|
||||
this.realm = realm;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.accountManager = accountManager;
|
||||
this.registerNewEmailFactory = registerNewEmailFactory;
|
||||
this.putPreferred = putPreferred;
|
||||
@@ -78,9 +84,9 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
public Response<EmailInfo> apply(AccountResource rsrc, EmailInput input)
|
||||
throws AuthException, BadRequestException, ResourceConflictException,
|
||||
ResourceNotFoundException, OrmException, EmailException, MethodNotAllowedException,
|
||||
IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to add email address");
|
||||
IOException, ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser() || input.noConfirmation) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
if (input == null) {
|
||||
@@ -91,10 +97,6 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
throw new BadRequestException("invalid email address");
|
||||
}
|
||||
|
||||
if (input.noConfirmation && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to use no_confirmation");
|
||||
}
|
||||
|
||||
if (!realm.allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL)) {
|
||||
throw new MethodNotAllowedException("realm does not allow adding emails");
|
||||
}
|
||||
@@ -105,7 +107,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
public Response<EmailInfo> apply(IdentifiedUser user, EmailInput input)
|
||||
throws AuthException, BadRequestException, ResourceConflictException,
|
||||
ResourceNotFoundException, OrmException, EmailException, MethodNotAllowedException,
|
||||
IOException, ConfigInvalidException {
|
||||
IOException, ConfigInvalidException, PermissionBackendException {
|
||||
if (input.email != null && !email.equals(input.email)) {
|
||||
throw new BadRequestException("email address must match URL");
|
||||
}
|
||||
|
||||
@@ -29,6 +29,9 @@ import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.DeleteEmail.Input;
|
||||
import com.google.gerrit.server.account.externalids.ExternalId;
|
||||
import com.google.gerrit.server.account.externalids.ExternalIds;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -43,6 +46,7 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Realm realm;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<ReviewDb> dbProvider;
|
||||
private final AccountManager accountManager;
|
||||
private final ExternalIds externalIds;
|
||||
@@ -51,11 +55,13 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
|
||||
DeleteEmail(
|
||||
Provider<CurrentUser> self,
|
||||
Realm realm,
|
||||
PermissionBackend permissionBackend,
|
||||
Provider<ReviewDb> dbProvider,
|
||||
AccountManager accountManager,
|
||||
ExternalIds externalIds) {
|
||||
this.self = self;
|
||||
this.realm = realm;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.dbProvider = dbProvider;
|
||||
this.accountManager = accountManager;
|
||||
this.externalIds = externalIds;
|
||||
@@ -64,9 +70,10 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
|
||||
@Override
|
||||
public Response<?> apply(AccountResource.Email rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, ResourceConflictException,
|
||||
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to delete email address");
|
||||
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), rsrc.getEmail());
|
||||
}
|
||||
|
||||
@@ -24,6 +24,9 @@ import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.AllUsersName;
|
||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||
import com.google.gerrit.server.git.UserConfigSections;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -35,22 +38,27 @@ import org.eclipse.jgit.lib.Repository;
|
||||
@Singleton
|
||||
public class GetEditPreferences implements RestReadView<AccountResource> {
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AllUsersName allUsersName;
|
||||
private final GitRepositoryManager gitMgr;
|
||||
|
||||
@Inject
|
||||
GetEditPreferences(
|
||||
Provider<CurrentUser> self, AllUsersName allUsersName, GitRepositoryManager gitMgr) {
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
AllUsersName allUsersName,
|
||||
GitRepositoryManager gitMgr) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.allUsersName = allUsersName;
|
||||
this.gitMgr = gitMgr;
|
||||
}
|
||||
|
||||
@Override
|
||||
public EditPreferencesInfo apply(AccountResource rsrc)
|
||||
throws AuthException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
throws AuthException, IOException, ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
return readFromGit(rsrc.getUser().getAccountId(), gitMgr, allUsersName, null);
|
||||
|
||||
@@ -19,6 +19,9 @@ import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.reviewdb.client.Account;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -26,18 +29,22 @@ import com.google.inject.Singleton;
|
||||
@Singleton
|
||||
public class GetPreferences implements RestReadView<AccountResource> {
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountCache accountCache;
|
||||
|
||||
@Inject
|
||||
GetPreferences(Provider<CurrentUser> self, AccountCache accountCache) {
|
||||
GetPreferences(
|
||||
Provider<CurrentUser> self, PermissionBackend permissionBackend, AccountCache accountCache) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.accountCache = accountCache;
|
||||
}
|
||||
|
||||
@Override
|
||||
public GeneralPreferencesInfo apply(AccountResource rsrc) throws AuthException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
public GeneralPreferencesInfo apply(AccountResource rsrc)
|
||||
throws AuthException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
Account.Id id = rsrc.getUser().getAccountId();
|
||||
|
||||
@@ -22,6 +22,9 @@ import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.reviewdb.client.AccountSshKey;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -35,20 +38,25 @@ import org.eclipse.jgit.errors.RepositoryNotFoundException;
|
||||
public class GetSshKeys implements RestReadView<AccountResource> {
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final VersionedAuthorizedKeys.Accessor authorizedKeys;
|
||||
|
||||
@Inject
|
||||
GetSshKeys(Provider<CurrentUser> self, VersionedAuthorizedKeys.Accessor authorizedKeys) {
|
||||
GetSshKeys(
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
VersionedAuthorizedKeys.Accessor authorizedKeys) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.authorizedKeys = authorizedKeys;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SshKeyInfo> apply(AccountResource rsrc)
|
||||
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
|
||||
ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to get SSH keys");
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser());
|
||||
}
|
||||
|
||||
@@ -19,6 +19,9 @@ import com.google.gerrit.extensions.restapi.Response;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.account.Index.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -29,18 +32,22 @@ public class Index implements RestModifyView<AccountResource, Input> {
|
||||
public static class Input {}
|
||||
|
||||
private final AccountCache accountCache;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<CurrentUser> self;
|
||||
|
||||
@Inject
|
||||
Index(AccountCache accountCache, Provider<CurrentUser> self) {
|
||||
Index(
|
||||
AccountCache accountCache, PermissionBackend permissionBackend, Provider<CurrentUser> self) {
|
||||
this.accountCache = accountCache;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.self = self;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response<?> apply(AccountResource rsrc, Input input) throws IOException, AuthException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to index account");
|
||||
public Response<?> apply(AccountResource rsrc, Input input)
|
||||
throws IOException, AuthException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
// evicting the account from the cache, reindexes the account
|
||||
|
||||
@@ -27,6 +27,9 @@ import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.PutName.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.AtomicUpdate;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -42,6 +45,7 @@ public class PutName implements RestModifyView<AccountResource, Input> {
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Realm realm;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<ReviewDb> dbProvider;
|
||||
private final AccountCache byIdCache;
|
||||
|
||||
@@ -49,10 +53,12 @@ public class PutName implements RestModifyView<AccountResource, Input> {
|
||||
PutName(
|
||||
Provider<CurrentUser> self,
|
||||
Realm realm,
|
||||
PermissionBackend permissionBackend,
|
||||
Provider<ReviewDb> dbProvider,
|
||||
AccountCache byIdCache) {
|
||||
this.self = self;
|
||||
this.realm = realm;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.dbProvider = dbProvider;
|
||||
this.byIdCache = byIdCache;
|
||||
}
|
||||
@@ -60,9 +66,9 @@ public class PutName implements RestModifyView<AccountResource, Input> {
|
||||
@Override
|
||||
public Response<String> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, MethodNotAllowedException, ResourceNotFoundException, OrmException,
|
||||
IOException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to change name");
|
||||
IOException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), input);
|
||||
}
|
||||
|
||||
@@ -23,6 +23,9 @@ import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.PutPreferred.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.AtomicUpdate;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -37,20 +40,27 @@ public class PutPreferred implements RestModifyView<AccountResource.Email, Input
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<ReviewDb> dbProvider;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountCache byIdCache;
|
||||
|
||||
@Inject
|
||||
PutPreferred(Provider<CurrentUser> self, Provider<ReviewDb> dbProvider, AccountCache byIdCache) {
|
||||
PutPreferred(
|
||||
Provider<CurrentUser> self,
|
||||
Provider<ReviewDb> dbProvider,
|
||||
PermissionBackend permissionBackend,
|
||||
AccountCache byIdCache) {
|
||||
this.self = self;
|
||||
this.dbProvider = dbProvider;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.byIdCache = byIdCache;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response<String> apply(AccountResource.Email rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to set preferred email address");
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), rsrc.getEmail());
|
||||
}
|
||||
|
||||
@@ -25,6 +25,9 @@ import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.PutStatus.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.AtomicUpdate;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -46,20 +49,27 @@ public class PutStatus implements RestModifyView<AccountResource, Input> {
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<ReviewDb> dbProvider;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountCache byIdCache;
|
||||
|
||||
@Inject
|
||||
PutStatus(Provider<CurrentUser> self, Provider<ReviewDb> dbProvider, AccountCache byIdCache) {
|
||||
PutStatus(
|
||||
Provider<CurrentUser> self,
|
||||
Provider<ReviewDb> dbProvider,
|
||||
PermissionBackend permissionBackend,
|
||||
AccountCache byIdCache) {
|
||||
this.self = self;
|
||||
this.dbProvider = dbProvider;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.byIdCache = byIdCache;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response<String> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to set status");
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), input);
|
||||
}
|
||||
|
||||
@@ -29,6 +29,9 @@ import com.google.gerrit.server.config.AllUsersName;
|
||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||
import com.google.gerrit.server.git.MetaDataUpdate;
|
||||
import com.google.gerrit.server.git.UserConfigSections;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -41,6 +44,7 @@ public class SetDiffPreferences implements RestModifyView<AccountResource, DiffP
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
|
||||
private final AllUsersName allUsersName;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final GitRepositoryManager gitMgr;
|
||||
|
||||
@Inject
|
||||
@@ -48,19 +52,21 @@ public class SetDiffPreferences implements RestModifyView<AccountResource, DiffP
|
||||
Provider<CurrentUser> self,
|
||||
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
|
||||
AllUsersName allUsersName,
|
||||
PermissionBackend permissionBackend,
|
||||
GitRepositoryManager gitMgr) {
|
||||
this.self = self;
|
||||
this.metaDataUpdateFactory = metaDataUpdateFactory;
|
||||
this.allUsersName = allUsersName;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.gitMgr = gitMgr;
|
||||
}
|
||||
|
||||
@Override
|
||||
public DiffPreferencesInfo apply(AccountResource rsrc, DiffPreferencesInfo in)
|
||||
throws AuthException, BadRequestException, ConfigInvalidException,
|
||||
RepositoryNotFoundException, IOException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
RepositoryNotFoundException, IOException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
if (in == null) {
|
||||
|
||||
@@ -28,6 +28,9 @@ import com.google.gerrit.server.config.AllUsersName;
|
||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||
import com.google.gerrit.server.git.MetaDataUpdate;
|
||||
import com.google.gerrit.server.git.UserConfigSections;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -40,6 +43,7 @@ public class SetEditPreferences implements RestModifyView<AccountResource, EditP
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final GitRepositoryManager gitMgr;
|
||||
private final AllUsersName allUsersName;
|
||||
|
||||
@@ -47,10 +51,12 @@ public class SetEditPreferences implements RestModifyView<AccountResource, EditP
|
||||
SetEditPreferences(
|
||||
Provider<CurrentUser> self,
|
||||
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
|
||||
PermissionBackend permissionBackend,
|
||||
GitRepositoryManager gitMgr,
|
||||
AllUsersName allUsersName) {
|
||||
this.self = self;
|
||||
this.metaDataUpdateFactory = metaDataUpdateFactory;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.gitMgr = gitMgr;
|
||||
this.allUsersName = allUsersName;
|
||||
}
|
||||
@@ -58,9 +64,9 @@ public class SetEditPreferences implements RestModifyView<AccountResource, EditP
|
||||
@Override
|
||||
public EditPreferencesInfo apply(AccountResource rsrc, EditPreferencesInfo in)
|
||||
throws AuthException, BadRequestException, RepositoryNotFoundException, IOException,
|
||||
ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
if (in == null) {
|
||||
|
||||
@@ -36,6 +36,9 @@ import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.AllUsersName;
|
||||
import com.google.gerrit.server.git.MetaDataUpdate;
|
||||
import com.google.gerrit.server.git.UserConfigSections;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -51,6 +54,7 @@ import org.eclipse.jgit.lib.Config;
|
||||
public class SetPreferences implements RestModifyView<AccountResource, GeneralPreferencesInfo> {
|
||||
private final Provider<CurrentUser> self;
|
||||
private final AccountCache cache;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final GeneralPreferencesLoader loader;
|
||||
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
|
||||
private final AllUsersName allUsersName;
|
||||
@@ -60,6 +64,7 @@ public class SetPreferences implements RestModifyView<AccountResource, GeneralPr
|
||||
SetPreferences(
|
||||
Provider<CurrentUser> self,
|
||||
AccountCache cache,
|
||||
PermissionBackend permissionBackend,
|
||||
GeneralPreferencesLoader loader,
|
||||
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
|
||||
AllUsersName allUsersName,
|
||||
@@ -67,6 +72,7 @@ public class SetPreferences implements RestModifyView<AccountResource, GeneralPr
|
||||
this.self = self;
|
||||
this.loader = loader;
|
||||
this.cache = cache;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.metaDataUpdateFactory = metaDataUpdateFactory;
|
||||
this.allUsersName = allUsersName;
|
||||
this.downloadSchemes = downloadSchemes;
|
||||
@@ -74,9 +80,10 @@ public class SetPreferences implements RestModifyView<AccountResource, GeneralPr
|
||||
|
||||
@Override
|
||||
public GeneralPreferencesInfo apply(AccountResource rsrc, GeneralPreferencesInfo i)
|
||||
throws AuthException, BadRequestException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
throws AuthException, BadRequestException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
checkDownloadScheme(i.downloadScheme);
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
package com.google.gerrit.server.account;
|
||||
|
||||
import com.google.gerrit.extensions.registration.DynamicMap;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.ChildCollection;
|
||||
import com.google.gerrit.extensions.restapi.IdString;
|
||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||
@@ -22,6 +23,9 @@ import com.google.gerrit.extensions.restapi.RestView;
|
||||
import com.google.gerrit.reviewdb.client.AccountSshKey;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -34,6 +38,7 @@ public class SshKeys implements ChildCollection<AccountResource, AccountResource
|
||||
private final DynamicMap<RestView<AccountResource.SshKey>> views;
|
||||
private final GetSshKeys list;
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final VersionedAuthorizedKeys.Accessor authorizedKeys;
|
||||
|
||||
@Inject
|
||||
@@ -41,10 +46,12 @@ public class SshKeys implements ChildCollection<AccountResource, AccountResource
|
||||
DynamicMap<RestView<AccountResource.SshKey>> views,
|
||||
GetSshKeys list,
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
VersionedAuthorizedKeys.Accessor authorizedKeys) {
|
||||
this.views = views;
|
||||
this.list = list;
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.authorizedKeys = authorizedKeys;
|
||||
}
|
||||
|
||||
@@ -55,9 +62,15 @@ public class SshKeys implements ChildCollection<AccountResource, AccountResource
|
||||
|
||||
@Override
|
||||
public AccountResource.SshKey parse(AccountResource rsrc, IdString id)
|
||||
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new ResourceNotFoundException();
|
||||
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
try {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
} catch (AuthException e) {
|
||||
// If lacking MODIFY_ACCOUNT claim the resource does not exist.
|
||||
throw new ResourceNotFoundException();
|
||||
}
|
||||
}
|
||||
return parse(rsrc.getUser(), id);
|
||||
}
|
||||
|
||||
@@ -71,6 +71,7 @@ import com.google.gerrit.server.account.StarredChanges;
|
||||
import com.google.gerrit.server.account.Stars;
|
||||
import com.google.gerrit.server.change.ChangeResource;
|
||||
import com.google.gerrit.server.change.ChangesCollection;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.assistedinject.Assisted;
|
||||
@@ -234,14 +235,18 @@ public class AccountApiImpl implements AccountApi {
|
||||
|
||||
@Override
|
||||
public GeneralPreferencesInfo getPreferences() throws RestApiException {
|
||||
return getPreferences.apply(account);
|
||||
try {
|
||||
return getPreferences.apply(account);
|
||||
} catch (PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot get preferences", e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public GeneralPreferencesInfo setPreferences(GeneralPreferencesInfo in) throws RestApiException {
|
||||
try {
|
||||
return setPreferences.apply(account, in);
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
} catch (IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot set preferences", e);
|
||||
}
|
||||
}
|
||||
@@ -259,7 +264,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public DiffPreferencesInfo setDiffPreferences(DiffPreferencesInfo in) throws RestApiException {
|
||||
try {
|
||||
return setDiffPreferences.apply(account, in);
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
} catch (IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot set diff preferences", e);
|
||||
}
|
||||
}
|
||||
@@ -268,7 +273,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public EditPreferencesInfo getEditPreferences() throws RestApiException {
|
||||
try {
|
||||
return getEditPreferences.apply(account);
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
} catch (IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot query edit preferences", e);
|
||||
}
|
||||
}
|
||||
@@ -277,7 +282,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public EditPreferencesInfo setEditPreferences(EditPreferencesInfo in) throws RestApiException {
|
||||
try {
|
||||
return setEditPreferences.apply(account, in);
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
} catch (IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot set edit preferences", e);
|
||||
}
|
||||
}
|
||||
@@ -372,7 +377,11 @@ public class AccountApiImpl implements AccountApi {
|
||||
AccountResource.Email rsrc = new AccountResource.Email(account.getUser(), input.email);
|
||||
try {
|
||||
createEmailFactory.create(input.email).apply(rsrc, input);
|
||||
} catch (EmailException | OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (EmailException
|
||||
| OrmException
|
||||
| IOException
|
||||
| ConfigInvalidException
|
||||
| PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot add email", e);
|
||||
}
|
||||
}
|
||||
@@ -382,7 +391,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
AccountResource.Email rsrc = new AccountResource.Email(account.getUser(), email);
|
||||
try {
|
||||
deleteEmail.apply(rsrc, null);
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot delete email", e);
|
||||
}
|
||||
}
|
||||
@@ -392,7 +401,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
PutStatus.Input in = new PutStatus.Input(status);
|
||||
try {
|
||||
putStatus.apply(account, in);
|
||||
} catch (OrmException | IOException e) {
|
||||
} catch (OrmException | IOException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot set status", e);
|
||||
}
|
||||
}
|
||||
@@ -401,7 +410,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public List<SshKeyInfo> listSshKeys() throws RestApiException {
|
||||
try {
|
||||
return getSshKeys.apply(account);
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot list SSH keys", e);
|
||||
}
|
||||
}
|
||||
@@ -423,7 +432,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
AccountResource.SshKey sshKeyRes =
|
||||
sshKeys.parse(account, IdString.fromDecoded(Integer.toString(seq)));
|
||||
deleteSshKey.apply(sshKeyRes, null);
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot delete SSH key", e);
|
||||
}
|
||||
}
|
||||
@@ -476,7 +485,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public void index() throws RestApiException {
|
||||
try {
|
||||
index.apply(account, new Index.Input());
|
||||
} catch (IOException e) {
|
||||
} catch (IOException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot index account", e);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user