Merge changes from topic 'permission-backend'
* changes: Convert modifyAccount to PermissionBackend Convert maintainServer to PermissionBackend Convert viewQueue to PermissionBackend
This commit is contained in:
David Pursehouse
@@ -511,7 +511,7 @@ public class AccountIT extends AbstractDaemonTest {
|
||||
|
||||
// user cannot delete email of admin
|
||||
exception.expect(AuthException.class);
|
||||
exception.expectMessage("not allowed to delete email address");
|
||||
exception.expectMessage("modify account not permitted");
|
||||
gApi.accounts().id(admin.id.get()).deleteEmail(admin.email);
|
||||
}
|
||||
|
||||
@@ -896,7 +896,7 @@ public class AccountIT extends AbstractDaemonTest {
|
||||
|
||||
// user cannot reindex any account
|
||||
exception.expect(AuthException.class);
|
||||
exception.expectMessage("not allowed to index account");
|
||||
exception.expectMessage("modify account not permitted");
|
||||
gApi.accounts().id(admin.username).index();
|
||||
}
|
||||
|
||||
|
||||
@@ -87,26 +87,11 @@ public class CapabilityControl {
|
||||
return canEmailReviewers;
|
||||
}
|
||||
|
||||
/** @return true if the user can modify an account for another user. */
|
||||
public boolean canModifyAccount() {
|
||||
return canPerform(GlobalCapability.MODIFY_ACCOUNT) || canAdministrateServer();
|
||||
}
|
||||
|
||||
/** @return true if the user can view all accounts. */
|
||||
public boolean canViewAllAccounts() {
|
||||
return canPerform(GlobalCapability.VIEW_ALL_ACCOUNTS) || canAdministrateServer();
|
||||
}
|
||||
|
||||
/** @return true if the user can perform basic server maintenance. */
|
||||
public boolean canMaintainServer() {
|
||||
return canPerform(GlobalCapability.MAINTAIN_SERVER) || canAdministrateServer();
|
||||
}
|
||||
|
||||
/** @return true if the user can view the entire queue. */
|
||||
public boolean canViewQueue() {
|
||||
return canPerform(GlobalCapability.VIEW_QUEUE) || canMaintainServer();
|
||||
}
|
||||
|
||||
/** @return true if the user can access the database (with gsql). */
|
||||
public boolean canAccessDatabase() {
|
||||
try {
|
||||
@@ -238,24 +223,23 @@ public class CapabilityControl {
|
||||
return canAdministrateServer();
|
||||
case EMAIL_REVIEWERS:
|
||||
return canEmailReviewers();
|
||||
case MAINTAIN_SERVER:
|
||||
return canMaintainServer();
|
||||
case MODIFY_ACCOUNT:
|
||||
return canModifyAccount();
|
||||
case VIEW_ALL_ACCOUNTS:
|
||||
return canViewAllAccounts();
|
||||
case VIEW_QUEUE:
|
||||
return canViewQueue();
|
||||
|
||||
case FLUSH_CACHES:
|
||||
case KILL_TASK:
|
||||
case RUN_GC:
|
||||
case VIEW_CACHES:
|
||||
return canPerform(perm.permissionName()) || canMaintainServer();
|
||||
case VIEW_QUEUE:
|
||||
return canPerform(perm.permissionName())
|
||||
|| canPerform(GlobalCapability.MAINTAIN_SERVER)
|
||||
|| canAdministrateServer();
|
||||
|
||||
case CREATE_ACCOUNT:
|
||||
case CREATE_GROUP:
|
||||
case CREATE_PROJECT:
|
||||
case MAINTAIN_SERVER:
|
||||
case MODIFY_ACCOUNT:
|
||||
case STREAM_EVENTS:
|
||||
case VIEW_CONNECTIONS:
|
||||
case VIEW_PLUGINS:
|
||||
|
||||
@@ -32,6 +32,9 @@ import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.gerrit.server.mail.send.OutgoingEmailValidator;
|
||||
import com.google.gerrit.server.mail.send.RegisterNewEmailSender;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -50,6 +53,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Realm realm;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountManager accountManager;
|
||||
private final RegisterNewEmailSender.Factory registerNewEmailFactory;
|
||||
private final PutPreferred putPreferred;
|
||||
@@ -60,6 +64,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
CreateEmail(
|
||||
Provider<CurrentUser> self,
|
||||
Realm realm,
|
||||
PermissionBackend permissionBackend,
|
||||
AuthConfig authConfig,
|
||||
AccountManager accountManager,
|
||||
RegisterNewEmailSender.Factory registerNewEmailFactory,
|
||||
@@ -67,6 +72,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
@Assisted String email) {
|
||||
this.self = self;
|
||||
this.realm = realm;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.accountManager = accountManager;
|
||||
this.registerNewEmailFactory = registerNewEmailFactory;
|
||||
this.putPreferred = putPreferred;
|
||||
@@ -78,9 +84,9 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
public Response<EmailInfo> apply(AccountResource rsrc, EmailInput input)
|
||||
throws AuthException, BadRequestException, ResourceConflictException,
|
||||
ResourceNotFoundException, OrmException, EmailException, MethodNotAllowedException,
|
||||
IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to add email address");
|
||||
IOException, ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser() || input.noConfirmation) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
if (input == null) {
|
||||
@@ -91,10 +97,6 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
throw new BadRequestException("invalid email address");
|
||||
}
|
||||
|
||||
if (input.noConfirmation && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to use no_confirmation");
|
||||
}
|
||||
|
||||
if (!realm.allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL)) {
|
||||
throw new MethodNotAllowedException("realm does not allow adding emails");
|
||||
}
|
||||
@@ -105,7 +107,7 @@ public class CreateEmail implements RestModifyView<AccountResource, EmailInput>
|
||||
public Response<EmailInfo> apply(IdentifiedUser user, EmailInput input)
|
||||
throws AuthException, BadRequestException, ResourceConflictException,
|
||||
ResourceNotFoundException, OrmException, EmailException, MethodNotAllowedException,
|
||||
IOException, ConfigInvalidException {
|
||||
IOException, ConfigInvalidException, PermissionBackendException {
|
||||
if (input.email != null && !email.equals(input.email)) {
|
||||
throw new BadRequestException("email address must match URL");
|
||||
}
|
||||
|
||||
@@ -29,6 +29,9 @@ import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.DeleteEmail.Input;
|
||||
import com.google.gerrit.server.account.externalids.ExternalId;
|
||||
import com.google.gerrit.server.account.externalids.ExternalIds;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -43,6 +46,7 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Realm realm;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<ReviewDb> dbProvider;
|
||||
private final AccountManager accountManager;
|
||||
private final ExternalIds externalIds;
|
||||
@@ -51,11 +55,13 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
|
||||
DeleteEmail(
|
||||
Provider<CurrentUser> self,
|
||||
Realm realm,
|
||||
PermissionBackend permissionBackend,
|
||||
Provider<ReviewDb> dbProvider,
|
||||
AccountManager accountManager,
|
||||
ExternalIds externalIds) {
|
||||
this.self = self;
|
||||
this.realm = realm;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.dbProvider = dbProvider;
|
||||
this.accountManager = accountManager;
|
||||
this.externalIds = externalIds;
|
||||
@@ -64,9 +70,10 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
|
||||
@Override
|
||||
public Response<?> apply(AccountResource.Email rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, ResourceConflictException,
|
||||
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to delete email address");
|
||||
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), rsrc.getEmail());
|
||||
}
|
||||
|
||||
@@ -24,6 +24,9 @@ import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.AllUsersName;
|
||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||
import com.google.gerrit.server.git.UserConfigSections;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -35,22 +38,27 @@ import org.eclipse.jgit.lib.Repository;
|
||||
@Singleton
|
||||
public class GetEditPreferences implements RestReadView<AccountResource> {
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AllUsersName allUsersName;
|
||||
private final GitRepositoryManager gitMgr;
|
||||
|
||||
@Inject
|
||||
GetEditPreferences(
|
||||
Provider<CurrentUser> self, AllUsersName allUsersName, GitRepositoryManager gitMgr) {
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
AllUsersName allUsersName,
|
||||
GitRepositoryManager gitMgr) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.allUsersName = allUsersName;
|
||||
this.gitMgr = gitMgr;
|
||||
}
|
||||
|
||||
@Override
|
||||
public EditPreferencesInfo apply(AccountResource rsrc)
|
||||
throws AuthException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
throws AuthException, IOException, ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
return readFromGit(rsrc.getUser().getAccountId(), gitMgr, allUsersName, null);
|
||||
|
||||
@@ -19,6 +19,9 @@ import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.reviewdb.client.Account;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -26,18 +29,22 @@ import com.google.inject.Singleton;
|
||||
@Singleton
|
||||
public class GetPreferences implements RestReadView<AccountResource> {
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountCache accountCache;
|
||||
|
||||
@Inject
|
||||
GetPreferences(Provider<CurrentUser> self, AccountCache accountCache) {
|
||||
GetPreferences(
|
||||
Provider<CurrentUser> self, PermissionBackend permissionBackend, AccountCache accountCache) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.accountCache = accountCache;
|
||||
}
|
||||
|
||||
@Override
|
||||
public GeneralPreferencesInfo apply(AccountResource rsrc) throws AuthException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
public GeneralPreferencesInfo apply(AccountResource rsrc)
|
||||
throws AuthException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
Account.Id id = rsrc.getUser().getAccountId();
|
||||
|
||||
@@ -22,6 +22,9 @@ import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.reviewdb.client.AccountSshKey;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -35,20 +38,25 @@ import org.eclipse.jgit.errors.RepositoryNotFoundException;
|
||||
public class GetSshKeys implements RestReadView<AccountResource> {
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final VersionedAuthorizedKeys.Accessor authorizedKeys;
|
||||
|
||||
@Inject
|
||||
GetSshKeys(Provider<CurrentUser> self, VersionedAuthorizedKeys.Accessor authorizedKeys) {
|
||||
GetSshKeys(
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
VersionedAuthorizedKeys.Accessor authorizedKeys) {
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.authorizedKeys = authorizedKeys;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SshKeyInfo> apply(AccountResource rsrc)
|
||||
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
|
||||
ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to get SSH keys");
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser());
|
||||
}
|
||||
|
||||
@@ -19,6 +19,9 @@ import com.google.gerrit.extensions.restapi.Response;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.account.Index.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -29,18 +32,22 @@ public class Index implements RestModifyView<AccountResource, Input> {
|
||||
public static class Input {}
|
||||
|
||||
private final AccountCache accountCache;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<CurrentUser> self;
|
||||
|
||||
@Inject
|
||||
Index(AccountCache accountCache, Provider<CurrentUser> self) {
|
||||
Index(
|
||||
AccountCache accountCache, PermissionBackend permissionBackend, Provider<CurrentUser> self) {
|
||||
this.accountCache = accountCache;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.self = self;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response<?> apply(AccountResource rsrc, Input input) throws IOException, AuthException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to index account");
|
||||
public Response<?> apply(AccountResource rsrc, Input input)
|
||||
throws IOException, AuthException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
// evicting the account from the cache, reindexes the account
|
||||
|
||||
@@ -27,6 +27,9 @@ import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.PutName.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.AtomicUpdate;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -42,6 +45,7 @@ public class PutName implements RestModifyView<AccountResource, Input> {
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Realm realm;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<ReviewDb> dbProvider;
|
||||
private final AccountCache byIdCache;
|
||||
|
||||
@@ -49,10 +53,12 @@ public class PutName implements RestModifyView<AccountResource, Input> {
|
||||
PutName(
|
||||
Provider<CurrentUser> self,
|
||||
Realm realm,
|
||||
PermissionBackend permissionBackend,
|
||||
Provider<ReviewDb> dbProvider,
|
||||
AccountCache byIdCache) {
|
||||
this.self = self;
|
||||
this.realm = realm;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.dbProvider = dbProvider;
|
||||
this.byIdCache = byIdCache;
|
||||
}
|
||||
@@ -60,9 +66,9 @@ public class PutName implements RestModifyView<AccountResource, Input> {
|
||||
@Override
|
||||
public Response<String> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, MethodNotAllowedException, ResourceNotFoundException, OrmException,
|
||||
IOException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to change name");
|
||||
IOException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), input);
|
||||
}
|
||||
|
||||
@@ -23,6 +23,9 @@ import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.PutPreferred.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.AtomicUpdate;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -37,20 +40,27 @@ public class PutPreferred implements RestModifyView<AccountResource.Email, Input
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<ReviewDb> dbProvider;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountCache byIdCache;
|
||||
|
||||
@Inject
|
||||
PutPreferred(Provider<CurrentUser> self, Provider<ReviewDb> dbProvider, AccountCache byIdCache) {
|
||||
PutPreferred(
|
||||
Provider<CurrentUser> self,
|
||||
Provider<ReviewDb> dbProvider,
|
||||
PermissionBackend permissionBackend,
|
||||
AccountCache byIdCache) {
|
||||
this.self = self;
|
||||
this.dbProvider = dbProvider;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.byIdCache = byIdCache;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response<String> apply(AccountResource.Email rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to set preferred email address");
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), rsrc.getEmail());
|
||||
}
|
||||
|
||||
@@ -25,6 +25,9 @@ import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.PutStatus.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.AtomicUpdate;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -46,20 +49,27 @@ public class PutStatus implements RestModifyView<AccountResource, Input> {
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<ReviewDb> dbProvider;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final AccountCache byIdCache;
|
||||
|
||||
@Inject
|
||||
PutStatus(Provider<CurrentUser> self, Provider<ReviewDb> dbProvider, AccountCache byIdCache) {
|
||||
PutStatus(
|
||||
Provider<CurrentUser> self,
|
||||
Provider<ReviewDb> dbProvider,
|
||||
PermissionBackend permissionBackend,
|
||||
AccountCache byIdCache) {
|
||||
this.self = self;
|
||||
this.dbProvider = dbProvider;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.byIdCache = byIdCache;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response<String> apply(AccountResource rsrc, Input input)
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("not allowed to set status");
|
||||
throws AuthException, ResourceNotFoundException, OrmException, IOException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
return apply(rsrc.getUser(), input);
|
||||
}
|
||||
|
||||
@@ -29,6 +29,9 @@ import com.google.gerrit.server.config.AllUsersName;
|
||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||
import com.google.gerrit.server.git.MetaDataUpdate;
|
||||
import com.google.gerrit.server.git.UserConfigSections;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -41,6 +44,7 @@ public class SetDiffPreferences implements RestModifyView<AccountResource, DiffP
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
|
||||
private final AllUsersName allUsersName;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final GitRepositoryManager gitMgr;
|
||||
|
||||
@Inject
|
||||
@@ -48,19 +52,21 @@ public class SetDiffPreferences implements RestModifyView<AccountResource, DiffP
|
||||
Provider<CurrentUser> self,
|
||||
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
|
||||
AllUsersName allUsersName,
|
||||
PermissionBackend permissionBackend,
|
||||
GitRepositoryManager gitMgr) {
|
||||
this.self = self;
|
||||
this.metaDataUpdateFactory = metaDataUpdateFactory;
|
||||
this.allUsersName = allUsersName;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.gitMgr = gitMgr;
|
||||
}
|
||||
|
||||
@Override
|
||||
public DiffPreferencesInfo apply(AccountResource rsrc, DiffPreferencesInfo in)
|
||||
throws AuthException, BadRequestException, ConfigInvalidException,
|
||||
RepositoryNotFoundException, IOException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
RepositoryNotFoundException, IOException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
if (in == null) {
|
||||
|
||||
@@ -28,6 +28,9 @@ import com.google.gerrit.server.config.AllUsersName;
|
||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||
import com.google.gerrit.server.git.MetaDataUpdate;
|
||||
import com.google.gerrit.server.git.UserConfigSections;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -40,6 +43,7 @@ public class SetEditPreferences implements RestModifyView<AccountResource, EditP
|
||||
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final GitRepositoryManager gitMgr;
|
||||
private final AllUsersName allUsersName;
|
||||
|
||||
@@ -47,10 +51,12 @@ public class SetEditPreferences implements RestModifyView<AccountResource, EditP
|
||||
SetEditPreferences(
|
||||
Provider<CurrentUser> self,
|
||||
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
|
||||
PermissionBackend permissionBackend,
|
||||
GitRepositoryManager gitMgr,
|
||||
AllUsersName allUsersName) {
|
||||
this.self = self;
|
||||
this.metaDataUpdateFactory = metaDataUpdateFactory;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.gitMgr = gitMgr;
|
||||
this.allUsersName = allUsersName;
|
||||
}
|
||||
@@ -58,9 +64,9 @@ public class SetEditPreferences implements RestModifyView<AccountResource, EditP
|
||||
@Override
|
||||
public EditPreferencesInfo apply(AccountResource rsrc, EditPreferencesInfo in)
|
||||
throws AuthException, BadRequestException, RepositoryNotFoundException, IOException,
|
||||
ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
if (in == null) {
|
||||
|
||||
@@ -36,6 +36,9 @@ import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.AllUsersName;
|
||||
import com.google.gerrit.server.git.MetaDataUpdate;
|
||||
import com.google.gerrit.server.git.UserConfigSections;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -51,6 +54,7 @@ import org.eclipse.jgit.lib.Config;
|
||||
public class SetPreferences implements RestModifyView<AccountResource, GeneralPreferencesInfo> {
|
||||
private final Provider<CurrentUser> self;
|
||||
private final AccountCache cache;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final GeneralPreferencesLoader loader;
|
||||
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
|
||||
private final AllUsersName allUsersName;
|
||||
@@ -60,6 +64,7 @@ public class SetPreferences implements RestModifyView<AccountResource, GeneralPr
|
||||
SetPreferences(
|
||||
Provider<CurrentUser> self,
|
||||
AccountCache cache,
|
||||
PermissionBackend permissionBackend,
|
||||
GeneralPreferencesLoader loader,
|
||||
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
|
||||
AllUsersName allUsersName,
|
||||
@@ -67,6 +72,7 @@ public class SetPreferences implements RestModifyView<AccountResource, GeneralPr
|
||||
this.self = self;
|
||||
this.loader = loader;
|
||||
this.cache = cache;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.metaDataUpdateFactory = metaDataUpdateFactory;
|
||||
this.allUsersName = allUsersName;
|
||||
this.downloadSchemes = downloadSchemes;
|
||||
@@ -74,9 +80,10 @@ public class SetPreferences implements RestModifyView<AccountResource, GeneralPr
|
||||
|
||||
@Override
|
||||
public GeneralPreferencesInfo apply(AccountResource rsrc, GeneralPreferencesInfo i)
|
||||
throws AuthException, BadRequestException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throw new AuthException("requires Modify Account capability");
|
||||
throws AuthException, BadRequestException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
}
|
||||
|
||||
checkDownloadScheme(i.downloadScheme);
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
package com.google.gerrit.server.account;
|
||||
|
||||
import com.google.gerrit.extensions.registration.DynamicMap;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.ChildCollection;
|
||||
import com.google.gerrit.extensions.restapi.IdString;
|
||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||
@@ -22,6 +23,9 @@ import com.google.gerrit.extensions.restapi.RestView;
|
||||
import com.google.gerrit.reviewdb.client.AccountSshKey;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -34,6 +38,7 @@ public class SshKeys implements ChildCollection<AccountResource, AccountResource
|
||||
private final DynamicMap<RestView<AccountResource.SshKey>> views;
|
||||
private final GetSshKeys list;
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final VersionedAuthorizedKeys.Accessor authorizedKeys;
|
||||
|
||||
@Inject
|
||||
@@ -41,10 +46,12 @@ public class SshKeys implements ChildCollection<AccountResource, AccountResource
|
||||
DynamicMap<RestView<AccountResource.SshKey>> views,
|
||||
GetSshKeys list,
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
VersionedAuthorizedKeys.Accessor authorizedKeys) {
|
||||
this.views = views;
|
||||
this.list = list;
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.authorizedKeys = authorizedKeys;
|
||||
}
|
||||
|
||||
@@ -55,10 +62,16 @@ public class SshKeys implements ChildCollection<AccountResource, AccountResource
|
||||
|
||||
@Override
|
||||
public AccountResource.SshKey parse(AccountResource rsrc, IdString id)
|
||||
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException {
|
||||
if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
|
||||
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
try {
|
||||
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
|
||||
} catch (AuthException e) {
|
||||
// If lacking MODIFY_ACCOUNT claim the resource does not exist.
|
||||
throw new ResourceNotFoundException();
|
||||
}
|
||||
}
|
||||
return parse(rsrc.getUser(), id);
|
||||
}
|
||||
|
||||
|
||||
@@ -71,6 +71,7 @@ import com.google.gerrit.server.account.StarredChanges;
|
||||
import com.google.gerrit.server.account.Stars;
|
||||
import com.google.gerrit.server.change.ChangeResource;
|
||||
import com.google.gerrit.server.change.ChangesCollection;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.assistedinject.Assisted;
|
||||
@@ -234,14 +235,18 @@ public class AccountApiImpl implements AccountApi {
|
||||
|
||||
@Override
|
||||
public GeneralPreferencesInfo getPreferences() throws RestApiException {
|
||||
try {
|
||||
return getPreferences.apply(account);
|
||||
} catch (PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot get preferences", e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public GeneralPreferencesInfo setPreferences(GeneralPreferencesInfo in) throws RestApiException {
|
||||
try {
|
||||
return setPreferences.apply(account, in);
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
} catch (IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot set preferences", e);
|
||||
}
|
||||
}
|
||||
@@ -259,7 +264,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public DiffPreferencesInfo setDiffPreferences(DiffPreferencesInfo in) throws RestApiException {
|
||||
try {
|
||||
return setDiffPreferences.apply(account, in);
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
} catch (IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot set diff preferences", e);
|
||||
}
|
||||
}
|
||||
@@ -268,7 +273,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public EditPreferencesInfo getEditPreferences() throws RestApiException {
|
||||
try {
|
||||
return getEditPreferences.apply(account);
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
} catch (IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot query edit preferences", e);
|
||||
}
|
||||
}
|
||||
@@ -277,7 +282,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public EditPreferencesInfo setEditPreferences(EditPreferencesInfo in) throws RestApiException {
|
||||
try {
|
||||
return setEditPreferences.apply(account, in);
|
||||
} catch (IOException | ConfigInvalidException e) {
|
||||
} catch (IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot set edit preferences", e);
|
||||
}
|
||||
}
|
||||
@@ -372,7 +377,11 @@ public class AccountApiImpl implements AccountApi {
|
||||
AccountResource.Email rsrc = new AccountResource.Email(account.getUser(), input.email);
|
||||
try {
|
||||
createEmailFactory.create(input.email).apply(rsrc, input);
|
||||
} catch (EmailException | OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (EmailException
|
||||
| OrmException
|
||||
| IOException
|
||||
| ConfigInvalidException
|
||||
| PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot add email", e);
|
||||
}
|
||||
}
|
||||
@@ -382,7 +391,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
AccountResource.Email rsrc = new AccountResource.Email(account.getUser(), email);
|
||||
try {
|
||||
deleteEmail.apply(rsrc, null);
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot delete email", e);
|
||||
}
|
||||
}
|
||||
@@ -392,7 +401,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
PutStatus.Input in = new PutStatus.Input(status);
|
||||
try {
|
||||
putStatus.apply(account, in);
|
||||
} catch (OrmException | IOException e) {
|
||||
} catch (OrmException | IOException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot set status", e);
|
||||
}
|
||||
}
|
||||
@@ -401,7 +410,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public List<SshKeyInfo> listSshKeys() throws RestApiException {
|
||||
try {
|
||||
return getSshKeys.apply(account);
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot list SSH keys", e);
|
||||
}
|
||||
}
|
||||
@@ -423,7 +432,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
AccountResource.SshKey sshKeyRes =
|
||||
sshKeys.parse(account, IdString.fromDecoded(Integer.toString(seq)));
|
||||
deleteSshKey.apply(sshKeyRes, null);
|
||||
} catch (OrmException | IOException | ConfigInvalidException e) {
|
||||
} catch (OrmException | IOException | ConfigInvalidException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot delete SSH key", e);
|
||||
}
|
||||
}
|
||||
@@ -476,7 +485,7 @@ public class AccountApiImpl implements AccountApi {
|
||||
public void index() throws RestApiException {
|
||||
try {
|
||||
index.apply(account, new Index.Input());
|
||||
} catch (IOException e) {
|
||||
} catch (IOException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot index account", e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -572,7 +572,7 @@ class ChangeApiImpl implements ChangeApi {
|
||||
public ChangeInfo check(FixInput fix) throws RestApiException {
|
||||
try {
|
||||
return check.apply(change, fix).value();
|
||||
} catch (OrmException e) {
|
||||
} catch (OrmException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot check change", e);
|
||||
}
|
||||
}
|
||||
@@ -581,7 +581,7 @@ class ChangeApiImpl implements ChangeApi {
|
||||
public void index() throws RestApiException {
|
||||
try {
|
||||
index.apply(change, new Index.Input());
|
||||
} catch (IOException | OrmException e) {
|
||||
} catch (IOException | OrmException | PermissionBackendException e) {
|
||||
throw new RestApiException("Cannot index change", e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,21 +17,29 @@ package com.google.gerrit.server.change;
|
||||
import com.google.gerrit.extensions.api.changes.FixInput;
|
||||
import com.google.gerrit.extensions.client.ListChangesOption;
|
||||
import com.google.gerrit.extensions.common.ChangeInfo;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.Response;
|
||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.project.ChangeControl;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
|
||||
public class Check
|
||||
implements RestReadView<ChangeResource>, RestModifyView<ChangeResource, FixInput> {
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<CurrentUser> user;
|
||||
private final ChangeJson.Factory jsonFactory;
|
||||
|
||||
@Inject
|
||||
Check(ChangeJson.Factory json) {
|
||||
Check(PermissionBackend permissionBackend, Provider<CurrentUser> user, ChangeJson.Factory json) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.user = user;
|
||||
this.jsonFactory = json;
|
||||
}
|
||||
|
||||
@@ -42,12 +50,10 @@ public class Check
|
||||
|
||||
@Override
|
||||
public Response<ChangeInfo> apply(ChangeResource rsrc, FixInput input)
|
||||
throws RestApiException, OrmException {
|
||||
throws RestApiException, OrmException, PermissionBackendException {
|
||||
ChangeControl ctl = rsrc.getControl();
|
||||
if (!ctl.isOwner()
|
||||
&& !ctl.getProjectControl().isOwner()
|
||||
&& !ctl.getUser().getCapabilities().canMaintainServer()) {
|
||||
throw new AuthException("Cannot fix change");
|
||||
if (!ctl.isOwner() && !ctl.getProjectControl().isOwner()) {
|
||||
permissionBackend.user(user).check(GlobalPermission.MAINTAIN_SERVER);
|
||||
}
|
||||
return Response.withMustRevalidate(newChangeJson().fix(input).format(rsrc));
|
||||
}
|
||||
|
||||
@@ -18,8 +18,12 @@ import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.Response;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.change.Index.Input;
|
||||
import com.google.gerrit.server.index.change.ChangeIndexer;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.project.ChangeControl;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@@ -32,20 +36,28 @@ public class Index implements RestModifyView<ChangeResource, Input> {
|
||||
public static class Input {}
|
||||
|
||||
private final Provider<ReviewDb> db;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<CurrentUser> user;
|
||||
private final ChangeIndexer indexer;
|
||||
|
||||
@Inject
|
||||
Index(Provider<ReviewDb> db, ChangeIndexer indexer) {
|
||||
Index(
|
||||
Provider<ReviewDb> db,
|
||||
PermissionBackend permissionBackend,
|
||||
Provider<CurrentUser> user,
|
||||
ChangeIndexer indexer) {
|
||||
this.db = db;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.user = user;
|
||||
this.indexer = indexer;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response<?> apply(ChangeResource rsrc, Input input)
|
||||
throws IOException, AuthException, OrmException {
|
||||
throws IOException, AuthException, OrmException, PermissionBackendException {
|
||||
ChangeControl ctl = rsrc.getControl();
|
||||
if (!ctl.isOwner() && !ctl.getUser().getCapabilities().canMaintainServer()) {
|
||||
throw new AuthException("Only change owner or server maintainer can reindex");
|
||||
if (!ctl.isOwner()) {
|
||||
permissionBackend.user(user).check(GlobalPermission.MAINTAIN_SERVER);
|
||||
}
|
||||
indexer.index(db.get(), rsrc.getChange());
|
||||
return Response.none();
|
||||
|
||||
@@ -23,6 +23,9 @@ import com.google.gerrit.extensions.restapi.Response;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.FlushCache.Input;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -34,17 +37,20 @@ public class FlushCache implements RestModifyView<CacheResource, Input> {
|
||||
|
||||
public static final String WEB_SESSIONS = "web_sessions";
|
||||
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<CurrentUser> self;
|
||||
|
||||
@Inject
|
||||
public FlushCache(Provider<CurrentUser> self) {
|
||||
public FlushCache(PermissionBackend permissionBackend, Provider<CurrentUser> self) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.self = self;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Response<String> apply(CacheResource rsrc, Input input) throws AuthException {
|
||||
if (WEB_SESSIONS.equals(rsrc.getName()) && !self.get().getCapabilities().canMaintainServer()) {
|
||||
throw new AuthException(String.format("only site maintainers can flush %s", WEB_SESSIONS));
|
||||
public Response<String> apply(CacheResource rsrc, Input input)
|
||||
throws AuthException, PermissionBackendException {
|
||||
if (WEB_SESSIONS.equals(rsrc.getName())) {
|
||||
permissionBackend.user(self).check(GlobalPermission.MAINTAIN_SERVER);
|
||||
}
|
||||
|
||||
rsrc.getCache().invalidateAll();
|
||||
|
||||
@@ -19,11 +19,13 @@ import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.reviewdb.client.Project;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.git.TaskInfoFactory;
|
||||
import com.google.gerrit.server.git.WorkQueue;
|
||||
import com.google.gerrit.server.git.WorkQueue.ProjectTask;
|
||||
import com.google.gerrit.server.git.WorkQueue.Task;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.gerrit.server.project.ProjectState;
|
||||
import com.google.gerrit.server.util.IdGenerator;
|
||||
@@ -41,30 +43,40 @@ import java.util.concurrent.TimeUnit;
|
||||
|
||||
@Singleton
|
||||
public class ListTasks implements RestReadView<ConfigResource> {
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final WorkQueue workQueue;
|
||||
private final ProjectCache projectCache;
|
||||
private final Provider<IdentifiedUser> self;
|
||||
private final Provider<CurrentUser> self;
|
||||
|
||||
@Inject
|
||||
public ListTasks(WorkQueue workQueue, ProjectCache projectCache, Provider<IdentifiedUser> self) {
|
||||
public ListTasks(
|
||||
PermissionBackend permissionBackend,
|
||||
WorkQueue workQueue,
|
||||
ProjectCache projectCache,
|
||||
Provider<CurrentUser> self) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.workQueue = workQueue;
|
||||
this.projectCache = projectCache;
|
||||
this.self = self;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<TaskInfo> apply(ConfigResource resource) throws AuthException {
|
||||
public List<TaskInfo> apply(ConfigResource resource)
|
||||
throws AuthException, PermissionBackendException {
|
||||
CurrentUser user = self.get();
|
||||
if (!user.isIdentifiedUser()) {
|
||||
throw new AuthException("Authentication required");
|
||||
}
|
||||
|
||||
List<TaskInfo> allTasks = getTasks();
|
||||
if (user.getCapabilities().canViewQueue()) {
|
||||
try {
|
||||
permissionBackend.user(user).check(GlobalPermission.VIEW_QUEUE);
|
||||
return allTasks;
|
||||
} catch (AuthException e) {
|
||||
// Fall through to filter tasks.
|
||||
}
|
||||
Map<String, Boolean> visibilityCache = new HashMap<>();
|
||||
|
||||
Map<String, Boolean> visibilityCache = new HashMap<>();
|
||||
List<TaskInfo> visibleTasks = new ArrayList<>();
|
||||
for (TaskInfo task : allTasks) {
|
||||
if (task.projectName != null) {
|
||||
|
||||
@@ -26,6 +26,7 @@ import com.google.gerrit.extensions.restapi.Response;
|
||||
import com.google.gerrit.extensions.restapi.RestModifyView;
|
||||
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
|
||||
import com.google.gerrit.server.config.PostCaches.Input;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
import java.util.ArrayList;
|
||||
@@ -66,7 +67,8 @@ public class PostCaches implements RestModifyView<ConfigResource, Input> {
|
||||
|
||||
@Override
|
||||
public Response<String> apply(ConfigResource rsrc, Input input)
|
||||
throws AuthException, BadRequestException, UnprocessableEntityException {
|
||||
throws AuthException, BadRequestException, UnprocessableEntityException,
|
||||
PermissionBackendException {
|
||||
if (input == null || input.operation == null) {
|
||||
throw new BadRequestException("operation must be specified");
|
||||
}
|
||||
@@ -90,7 +92,7 @@ public class PostCaches implements RestModifyView<ConfigResource, Input> {
|
||||
}
|
||||
}
|
||||
|
||||
private void flushAll() throws AuthException {
|
||||
private void flushAll() throws AuthException, PermissionBackendException {
|
||||
for (DynamicMap.Entry<Cache<?, ?>> e : cacheMap) {
|
||||
CacheResource cacheResource =
|
||||
new CacheResource(e.getPluginName(), e.getExportName(), e.getProvider());
|
||||
@@ -101,7 +103,8 @@ public class PostCaches implements RestModifyView<ConfigResource, Input> {
|
||||
}
|
||||
}
|
||||
|
||||
private void flush(List<String> cacheNames) throws UnprocessableEntityException, AuthException {
|
||||
private void flush(List<String> cacheNames)
|
||||
throws UnprocessableEntityException, AuthException, PermissionBackendException {
|
||||
List<CacheResource> cacheResources = new ArrayList<>(cacheNames.size());
|
||||
|
||||
for (String n : cacheNames) {
|
||||
|
||||
@@ -21,10 +21,12 @@ import com.google.gerrit.extensions.restapi.IdString;
|
||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||
import com.google.gerrit.extensions.restapi.RestView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.git.WorkQueue;
|
||||
import com.google.gerrit.server.git.WorkQueue.ProjectTask;
|
||||
import com.google.gerrit.server.git.WorkQueue.Task;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.gerrit.server.project.ProjectState;
|
||||
import com.google.inject.Inject;
|
||||
@@ -36,7 +38,8 @@ public class TasksCollection implements ChildCollection<ConfigResource, TaskReso
|
||||
private final DynamicMap<RestView<TaskResource>> views;
|
||||
private final ListTasks list;
|
||||
private final WorkQueue workQueue;
|
||||
private final Provider<IdentifiedUser> self;
|
||||
private final Provider<CurrentUser> self;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final ProjectCache projectCache;
|
||||
|
||||
@Inject
|
||||
@@ -44,12 +47,14 @@ public class TasksCollection implements ChildCollection<ConfigResource, TaskReso
|
||||
DynamicMap<RestView<TaskResource>> views,
|
||||
ListTasks list,
|
||||
WorkQueue workQueue,
|
||||
Provider<IdentifiedUser> self,
|
||||
Provider<CurrentUser> self,
|
||||
PermissionBackend permissionBackend,
|
||||
ProjectCache projectCache) {
|
||||
this.views = views;
|
||||
this.list = list;
|
||||
this.workQueue = workQueue;
|
||||
this.self = self;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.projectCache = projectCache;
|
||||
}
|
||||
|
||||
@@ -60,19 +65,29 @@ public class TasksCollection implements ChildCollection<ConfigResource, TaskReso
|
||||
|
||||
@Override
|
||||
public TaskResource parse(ConfigResource parent, IdString id)
|
||||
throws ResourceNotFoundException, AuthException {
|
||||
throws ResourceNotFoundException, AuthException, PermissionBackendException {
|
||||
CurrentUser user = self.get();
|
||||
if (!user.isIdentifiedUser()) {
|
||||
throw new AuthException("Authentication required");
|
||||
}
|
||||
|
||||
int taskId;
|
||||
try {
|
||||
int taskId = (int) Long.parseLong(id.get(), 16);
|
||||
taskId = (int) Long.parseLong(id.get(), 16);
|
||||
} catch (NumberFormatException e) {
|
||||
throw new ResourceNotFoundException(id);
|
||||
}
|
||||
|
||||
Task<?> task = workQueue.getTask(taskId);
|
||||
if (task != null) {
|
||||
if (self.get().getCapabilities().canViewQueue()) {
|
||||
try {
|
||||
permissionBackend.user(user).check(GlobalPermission.VIEW_QUEUE);
|
||||
return new TaskResource(task);
|
||||
} else if (task instanceof ProjectTask) {
|
||||
} catch (AuthException e) {
|
||||
// Fall through and try filtering.
|
||||
}
|
||||
|
||||
if (task instanceof ProjectTask) {
|
||||
ProjectTask<?> projectTask = ((ProjectTask<?>) task);
|
||||
ProjectState e = projectCache.get(projectTask.getProjectNameKey());
|
||||
if (e != null && e.controlFor(user).isVisible()) {
|
||||
@@ -81,9 +96,6 @@ public class TasksCollection implements ChildCollection<ConfigResource, TaskReso
|
||||
}
|
||||
}
|
||||
throw new ResourceNotFoundException(id);
|
||||
} catch (NumberFormatException e) {
|
||||
throw new ResourceNotFoundException(id);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -16,6 +16,7 @@ package com.google.gerrit.sshd;
|
||||
|
||||
import static java.util.stream.Collectors.toList;
|
||||
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.reviewdb.client.Change;
|
||||
import com.google.gerrit.reviewdb.client.Project;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
@@ -24,6 +25,9 @@ import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.change.ChangeResource;
|
||||
import com.google.gerrit.server.change.ChangesCollection;
|
||||
import com.google.gerrit.server.notedb.ChangeNotes;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.server.project.ChangeControl;
|
||||
import com.google.gerrit.server.project.NoSuchChangeException;
|
||||
import com.google.gerrit.server.project.ProjectControl;
|
||||
@@ -43,6 +47,7 @@ public class ChangeArgumentParser {
|
||||
private final ReviewDb db;
|
||||
private final ChangeNotes.Factory changeNotesFactory;
|
||||
private final ChangeControl.GenericFactory changeControlFactory;
|
||||
private final PermissionBackend permissionBackend;
|
||||
|
||||
@Inject
|
||||
ChangeArgumentParser(
|
||||
@@ -51,13 +56,15 @@ public class ChangeArgumentParser {
|
||||
ChangeFinder changeFinder,
|
||||
ReviewDb db,
|
||||
ChangeNotes.Factory changeNotesFactory,
|
||||
ChangeControl.GenericFactory changeControlFactory) {
|
||||
ChangeControl.GenericFactory changeControlFactory,
|
||||
PermissionBackend permissionBackend) {
|
||||
this.currentUser = currentUser;
|
||||
this.changesCollection = changesCollection;
|
||||
this.changeFinder = changeFinder;
|
||||
this.db = db;
|
||||
this.changeNotesFactory = changeNotesFactory;
|
||||
this.changeControlFactory = changeControlFactory;
|
||||
this.permissionBackend = permissionBackend;
|
||||
}
|
||||
|
||||
public void addChange(String id, Map<Change.Id, ChangeResource> changes)
|
||||
@@ -80,9 +87,13 @@ public class ChangeArgumentParser {
|
||||
List<ChangeControl> matched =
|
||||
useIndex ? changeFinder.find(id, currentUser) : changeFromNotesFactory(id, currentUser);
|
||||
List<ChangeControl> toAdd = new ArrayList<>(changes.size());
|
||||
boolean canMaintainServer =
|
||||
currentUser.isIdentifiedUser()
|
||||
&& currentUser.asIdentifiedUser().getCapabilities().canMaintainServer();
|
||||
boolean canMaintainServer;
|
||||
try {
|
||||
permissionBackend.user(currentUser).check(GlobalPermission.MAINTAIN_SERVER);
|
||||
canMaintainServer = true;
|
||||
} catch (AuthException | PermissionBackendException e) {
|
||||
canMaintainServer = false;
|
||||
}
|
||||
for (ChangeControl ctl : matched) {
|
||||
if (!changes.containsKey(ctl.getId())
|
||||
&& inProject(projectControl, ctl.getProject())
|
||||
|
||||
@@ -26,6 +26,7 @@ import com.google.gerrit.server.config.ConfigResource;
|
||||
import com.google.gerrit.server.config.ListCaches;
|
||||
import com.google.gerrit.server.config.ListCaches.OutputFormat;
|
||||
import com.google.gerrit.server.config.PostCaches;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.sshd.CommandMetaData;
|
||||
import com.google.gerrit.sshd.SshCommand;
|
||||
import com.google.inject.Inject;
|
||||
@@ -81,6 +82,8 @@ final class FlushCaches extends SshCommand {
|
||||
}
|
||||
} catch (RestApiException e) {
|
||||
throw die(e.getMessage());
|
||||
} catch (PermissionBackendException e) {
|
||||
throw new Failure(1, "unavailable", e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -18,6 +18,7 @@ import com.google.gerrit.extensions.restapi.RestApiException;
|
||||
import com.google.gerrit.reviewdb.client.Change;
|
||||
import com.google.gerrit.server.change.ChangeResource;
|
||||
import com.google.gerrit.server.change.Index;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.sshd.ChangeArgumentParser;
|
||||
import com.google.gerrit.sshd.CommandMetaData;
|
||||
import com.google.gerrit.sshd.SshCommand;
|
||||
@@ -57,7 +58,7 @@ final class IndexChangesCommand extends SshCommand {
|
||||
for (ChangeResource rsrc : changes.values()) {
|
||||
try {
|
||||
index.apply(rsrc, new Index.Input());
|
||||
} catch (IOException | RestApiException | OrmException e) {
|
||||
} catch (IOException | RestApiException | OrmException | PermissionBackendException e) {
|
||||
ok = false;
|
||||
writeError(
|
||||
"error", String.format("failed to index change %s: %s", rsrc.getId(), e.getMessage()));
|
||||
|
||||
@@ -25,6 +25,7 @@ import com.google.gerrit.server.config.ConfigResource;
|
||||
import com.google.gerrit.server.config.DeleteTask;
|
||||
import com.google.gerrit.server.config.TaskResource;
|
||||
import com.google.gerrit.server.config.TasksCollection;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.sshd.AdminHighPriorityCommand;
|
||||
import com.google.gerrit.sshd.SshCommand;
|
||||
import com.google.inject.Inject;
|
||||
@@ -50,7 +51,7 @@ final class KillCommand extends SshCommand {
|
||||
try {
|
||||
TaskResource taskRsrc = tasksCollection.parse(cfgRsrc, IdString.fromDecoded(id));
|
||||
deleteTask.apply(taskRsrc, null);
|
||||
} catch (AuthException | ResourceNotFoundException e) {
|
||||
} catch (AuthException | ResourceNotFoundException | PermissionBackendException e) {
|
||||
stderr.print("kill: " + id + ": No such task\n");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -42,6 +42,7 @@ import com.google.gerrit.server.account.PutActive;
|
||||
import com.google.gerrit.server.account.PutHttpPassword;
|
||||
import com.google.gerrit.server.account.PutName;
|
||||
import com.google.gerrit.server.account.PutPreferred;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.sshd.CommandMetaData;
|
||||
import com.google.gerrit.sshd.SshCommand;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
@@ -174,7 +175,8 @@ final class SetAccountCommand extends SshCommand {
|
||||
}
|
||||
|
||||
private void setAccount()
|
||||
throws OrmException, IOException, UnloggedFailure, ConfigInvalidException {
|
||||
throws OrmException, IOException, UnloggedFailure, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
user = genericUserFactory.create(id);
|
||||
rsrc = new AccountResource(user);
|
||||
try {
|
||||
@@ -237,7 +239,7 @@ final class SetAccountCommand extends SshCommand {
|
||||
|
||||
private void deleteSshKeys(List<String> sshKeys)
|
||||
throws RestApiException, OrmException, RepositoryNotFoundException, IOException,
|
||||
ConfigInvalidException {
|
||||
ConfigInvalidException, PermissionBackendException {
|
||||
List<SshKeyInfo> infos = getSshKeys.apply(rsrc);
|
||||
if (sshKeys.contains("ALL")) {
|
||||
for (SshKeyInfo i : infos) {
|
||||
@@ -263,7 +265,8 @@ final class SetAccountCommand extends SshCommand {
|
||||
}
|
||||
|
||||
private void addEmail(String email)
|
||||
throws UnloggedFailure, RestApiException, OrmException, IOException, ConfigInvalidException {
|
||||
throws UnloggedFailure, RestApiException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
EmailInput in = new EmailInput();
|
||||
in.email = email;
|
||||
in.noConfirmation = true;
|
||||
@@ -275,7 +278,8 @@ final class SetAccountCommand extends SshCommand {
|
||||
}
|
||||
|
||||
private void deleteEmail(String email)
|
||||
throws RestApiException, OrmException, IOException, ConfigInvalidException {
|
||||
throws RestApiException, OrmException, IOException, ConfigInvalidException,
|
||||
PermissionBackendException {
|
||||
if (email.equals("ALL")) {
|
||||
List<EmailInfo> emails = getEmails.apply(rsrc);
|
||||
for (EmailInfo e : emails) {
|
||||
@@ -286,7 +290,8 @@ final class SetAccountCommand extends SshCommand {
|
||||
}
|
||||
}
|
||||
|
||||
private void putPreferred(String email) throws RestApiException, OrmException, IOException {
|
||||
private void putPreferred(String email)
|
||||
throws RestApiException, OrmException, IOException, PermissionBackendException {
|
||||
for (EmailInfo e : getEmails.apply(rsrc)) {
|
||||
if (e.email.equals(email)) {
|
||||
putPreferred.apply(new AccountResource.Email(user, email), null);
|
||||
|
||||
@@ -23,6 +23,7 @@ import com.google.gerrit.common.TimeUtil;
|
||||
import com.google.gerrit.common.Version;
|
||||
import com.google.gerrit.extensions.annotations.RequiresAnyCapability;
|
||||
import com.google.gerrit.extensions.events.LifecycleListener;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.ConfigResource;
|
||||
import com.google.gerrit.server.config.GetSummary;
|
||||
@@ -34,6 +35,9 @@ import com.google.gerrit.server.config.GetSummary.ThreadSummaryInfo;
|
||||
import com.google.gerrit.server.config.ListCaches;
|
||||
import com.google.gerrit.server.config.ListCaches.CacheInfo;
|
||||
import com.google.gerrit.server.config.ListCaches.CacheType;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.sshd.CommandMetaData;
|
||||
import com.google.gerrit.sshd.SshCommand;
|
||||
import com.google.gerrit.sshd.SshDaemon;
|
||||
@@ -80,12 +84,10 @@ final class ShowCaches extends SshCommand {
|
||||
private boolean showThreads;
|
||||
|
||||
@Inject private SshDaemon daemon;
|
||||
|
||||
@Inject private ListCaches listCaches;
|
||||
|
||||
@Inject private GetSummary getSummary;
|
||||
|
||||
@Inject private CurrentUser self;
|
||||
@Inject private PermissionBackend permissionBackend;
|
||||
|
||||
@Option(
|
||||
name = "--width",
|
||||
@@ -168,7 +170,15 @@ final class ShowCaches extends SshCommand {
|
||||
printDiskCaches(caches);
|
||||
stdout.print('\n');
|
||||
|
||||
if (self.getCapabilities().canMaintainServer()) {
|
||||
boolean showJvm;
|
||||
try {
|
||||
permissionBackend.user(self).check(GlobalPermission.MAINTAIN_SERVER);
|
||||
showJvm = true;
|
||||
} catch (AuthException | PermissionBackendException e) {
|
||||
// Silently ignore and do not display detailed JVM information.
|
||||
showJvm = false;
|
||||
}
|
||||
if (showJvm) {
|
||||
sshSummary();
|
||||
|
||||
SummaryInfo summary = getSummary.setGc(gc).setJvm(showJVM).apply(new ConfigResource());
|
||||
|
||||
@@ -27,6 +27,9 @@ import com.google.gerrit.server.config.ListTasks;
|
||||
import com.google.gerrit.server.config.ListTasks.TaskInfo;
|
||||
import com.google.gerrit.server.git.WorkQueue;
|
||||
import com.google.gerrit.server.git.WorkQueue.Task;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.gerrit.sshd.AdminHighPriorityCommand;
|
||||
import com.google.gerrit.sshd.CommandMetaData;
|
||||
import com.google.gerrit.sshd.SshCommand;
|
||||
@@ -60,10 +63,9 @@ final class ShowQueue extends SshCommand {
|
||||
)
|
||||
private boolean groupByQueue;
|
||||
|
||||
@Inject private PermissionBackend permissionBackend;
|
||||
@Inject private ListTasks listTasks;
|
||||
|
||||
@Inject private IdentifiedUser currentUser;
|
||||
|
||||
@Inject private WorkQueue workQueue;
|
||||
|
||||
private int columns = 80;
|
||||
@@ -83,7 +85,7 @@ final class ShowQueue extends SshCommand {
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void run() throws UnloggedFailure {
|
||||
protected void run() throws Failure {
|
||||
maxCommandWidth = wide ? Integer.MAX_VALUE : columns - 8 - 12 - 12 - 4 - 4;
|
||||
stdout.print(
|
||||
String.format(
|
||||
@@ -97,10 +99,12 @@ final class ShowQueue extends SshCommand {
|
||||
tasks = listTasks.apply(new ConfigResource());
|
||||
} catch (AuthException e) {
|
||||
throw die(e);
|
||||
} catch (PermissionBackendException e) {
|
||||
throw new Failure(1, "permission backend unavailable", e);
|
||||
}
|
||||
boolean viewAll = currentUser.getCapabilities().canViewQueue();
|
||||
long now = TimeUtil.nowMs();
|
||||
|
||||
boolean viewAll = permissionBackend.user(currentUser).testOrFalse(GlobalPermission.VIEW_QUEUE);
|
||||
long now = TimeUtil.nowMs();
|
||||
if (groupByQueue) {
|
||||
ListMultimap<String, TaskInfo> byQueue = byQueue(tasks);
|
||||
for (String queueName : byQueue.keySet()) {
|
||||
|
||||
Reference in New Issue
Block a user