Fix the canRead test in all SSH based git commands

We failed to honor the current user from the SSH daemon, but instead were always using "null" (aka anonymous) based upon Common not having a current web request to return the account id from. I noticed the failure only because I tried to issue an SSH command at the daemon before any web requests, so Common wasn't correctly setup to have an account lookup function. Signed-off-by: Shawn O. Pearce <sop@google.com>
2009-01-20 19:11:18 -08:00
parent 42a57ba007
commit f37939c8e2
2 changed files with 8 additions and 3 deletions
--- a/appjar/src/main/java/com/google/gerrit/client/rpc/BaseServiceImplementation.java
+++ b/appjar/src/main/java/com/google/gerrit/client/rpc/BaseServiceImplementation.java
@@ -15,6 +15,7 @@
 package com.google.gerrit.client.rpc;

 import com.google.gerrit.client.data.ProjectCache;
+import com.google.gerrit.client.reviewdb.Account;
 import com.google.gerrit.client.reviewdb.AccountGroup;
 import com.google.gerrit.client.reviewdb.ApprovalCategory;
 import com.google.gerrit.client.reviewdb.Change;
@@ -91,6 +92,11 @@ public class BaseServiceImplementation {

  /** Return true if the current user can read this project, and its contents. */
  public static boolean canRead(final Project.NameKey projectKey) {
+    return canRead(Common.getAccountId(), projectKey);
+  }
+
+  public static boolean canRead(final Account.Id who,
+      final Project.NameKey projectKey) {
    final ProjectCache.Entry e = Common.getProjectCache().get(projectKey);
    if (e == null) {
      // Unexpected, a project disappearing. But claim its not available.
@@ -98,8 +104,7 @@ public class BaseServiceImplementation {
      return false;
    }

-    final Set<AccountGroup.Id> myGroups =
-        Common.getGroupCache().getGroups(Common.getAccountId());
+    final Set<AccountGroup.Id> myGroups = Common.getGroupCache().getGroups(who);
    if (myGroups.contains(e.getProject().getOwnerGroupId())) {
      // Ownership implies full access.
      //
--- a/appjar/src/main/java/com/google/gerrit/server/ssh/AbstractGitCommand.java
+++ b/appjar/src/main/java/com/google/gerrit/server/ssh/AbstractGitCommand.java
@@ -66,7 +66,7 @@ abstract class AbstractGitCommand extends AbstractCommand {
    if (ProjectRight.WILD_PROJECT.equals(proj.getId())) {
      throw new Failure(1, "fatal: '" + reqName + "': not a valid project");
    }
-    if (!BaseServiceImplementation.canRead(proj.getNameKey())) {
+    if (!BaseServiceImplementation.canRead(getAccountId(), proj.getNameKey())) {
      throw new Failure(1, "fatal: '" + reqName + "': not a Gerrit project");
    }