Merge "DefaultRefFilter: Look up user ref from repo"

java/com/google/gerrit/server/permissions/DefaultRefFilter.java

@@ -208,7 +208,7 @@ class DefaultRefFilter {
     logger.atFinest().log("Filter refs (refs = %s)", refs);
 
     if (projectState.isAllUsers()) {
-      refs = addUsersSelfSymref(refs);
+      refs = addUsersSelfSymref(repo, refs);
     }
 
     // TODO(hiesel): Remove when optimization is done.
@@ -397,10 +397,12 @@ class DefaultRefFilter {
     return refs;
   }
 
-  private Map<String, Ref> addUsersSelfSymref(Map<String, Ref> refs) {
+  private Map<String, Ref> addUsersSelfSymref(Repository repo, Map<String, Ref> refs)
+      throws PermissionBackendException {
     if (user.isIdentifiedUser()) {
       String refName = RefNames.refsUsers(user.getAccountId());
-      Ref r = refs.get(refName);
+      try {
+        Ref r = repo.exactRef(refName);
         if (r == null) {
           logger.atWarning().log("User ref %s not found", refName);
           return refs;
@@ -410,6 +412,9 @@ class DefaultRefFilter {
         refs = new HashMap<>(refs);
         refs.put(s.getName(), s);
         logger.atFinest().log("Added %s as alias for user ref %s", REFS_USERS_SELF, refName);
+      } catch (IOException e) {
+        throw new PermissionBackendException(e);
+      }
     }
     return refs;
   }

javatests/com/google/gerrit/acceptance/api/accounts/AccountIT.java

@@ -131,6 +131,8 @@ import com.google.gerrit.server.git.meta.MetaDataUpdate;
 import com.google.gerrit.server.index.account.AccountIndexer;
 import com.google.gerrit.server.index.account.StalenessChecker;
 import com.google.gerrit.server.notedb.Sequences;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackend.RefFilterOptions;
 import com.google.gerrit.server.project.ProjectConfig;
 import com.google.gerrit.server.project.RefPattern;
 import com.google.gerrit.server.query.account.InternalAccountQuery;
@@ -217,6 +219,7 @@ public class AccountIT extends AbstractDaemonTest {
   @Inject private Sequences seq;
   @Inject private StalenessChecker stalenessChecker;
   @Inject private VersionedAuthorizedKeys.Accessor authorizedKeys;
+  @Inject private PermissionBackend permissionBackend;
 
   @Inject protected Emails emails;
 
@@ -1370,6 +1373,19 @@ public class AccountIT extends AbstractDaemonTest {
         .contains("Remote does not have " + otherUserRefName + " available for fetch.");
   }
 
+  @Test
+  public void refsUsersSelfIsAdvertised() throws Exception {
+    try (Repository allUsersRepo = repoManager.openRepository(allUsers)) {
+      assertThat(
+              permissionBackend
+                  .currentUser()
+                  .project(allUsers)
+                  .filter(ImmutableList.of(), allUsersRepo, RefFilterOptions.defaults())
+                  .keySet())
+          .containsExactly(RefNames.REFS_USERS_SELF);
+    }
+  }
+
   @Test
   public void pushToUserBranch() throws Exception {
     TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);