opendev/gerrit
Code Issues Proposed changes

Remove isVisibleToAll from GroupDescription

Browse Source 
The notion of who can view a group is a security detail that
belongs delegated to the group backend and should not be part
of the public GroupDescription.Basic interface.

Drop it and move the code into the internal group backend only.

Change-Id: Ia967e957147860fe98d1a4d74b005d63f48e4343
This commit is contained in:
Shawn Pearce
2013-02-07 20:48:58 -08:00
parent 9021d245c8
commit b39b746f40
5 changed files with 8 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
gerrit-server/src/main/java/com/google/gerrit/server/account/GroupControl.java
View File

@@ -103,7 +103,8 @@ public class GroupControl {
/** Can this user see this group exists? */
public boolean isVisible() {
return group.isVisibleToAll()
AccountGroup accountGroup = GroupDescriptions.toAccountGroup(group);
return (accountGroup != null && accountGroup.isVisibleToAll())
|| user.getEffectiveGroups().contains(group.getGroupUUID())
|| isOwner();
}
@@ -149,6 +150,8 @@ public class GroupControl {
}
private boolean canSeeMembers() {
return group.isVisibleToAll() || isOwner();
AccountGroup accountGroup = GroupDescriptions.toAccountGroup(group);
return (accountGroup != null && accountGroup.isVisibleToAll())
|| isOwner();
}
}