opendev/gerrit
Code Issues Proposed changes

Split auth check in account REST endpoints from implementation

Browse Source 
This allows to reuse the code with a different permission check
(e.g. in a plugin).

Change-Id: I51a22a933e69387b991ccd8a0f783a0838a7ba1b
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
This commit is contained in:
Edwin Kempin
2014-02-10 14:50:53 +01:00
parent 617253c853
commit f38f8ae11e
6 changed files with 56 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
View File

@@ -26,6 +26,7 @@ import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.reviewdb.client.AuthType;
import com.google.gerrit.reviewdb.client.Account.FieldName;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.CreateEmail.Input;
import com.google.gerrit.server.account.GetEmails.EmailInfo;
import com.google.gerrit.server.config.AuthConfig;
@@ -87,36 +88,43 @@ public class CreateEmail implements RestModifyView<AccountResource, Input> {
throw new AuthException("not allowed to add email address");
}
if (!realm.allowsEdit(FieldName.REGISTER_NEW_EMAIL)) {
throw new MethodNotAllowedException("realm does not allow adding emails");
}
if (input == null) {
input = new Input();
}
if (input.email != null && !email.equals(input.email)) {
throw new BadRequestException("email address must match URL");
}
if (input.noConfirmation
&& !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("must be administrator to use no_confirmation");
}
return apply(rsrc.getUser(), input);
}
public Response<EmailInfo> apply(IdentifiedUser user, Input input)
throws AuthException, BadRequestException, ResourceConflictException,
ResourceNotFoundException, OrmException, EmailException,
MethodNotAllowedException {
if (!realm.allowsEdit(FieldName.REGISTER_NEW_EMAIL)) {
throw new MethodNotAllowedException("realm does not allow adding emails");
}
if (input.email != null && !email.equals(input.email)) {
throw new BadRequestException("email address must match URL");
}
EmailInfo info = new EmailInfo();
info.email = email;
if (input.noConfirmation
|| authConfig.getAuthType() == AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT) {
try {
accountManager.link(rsrc.getUser().getAccountId(),
accountManager.link(user.getAccountId(),
AuthRequest.forEmail(email));
} catch (AccountException e) {
throw new ResourceConflictException(e.getMessage());
}
if (input.preferred) {
putPreferredProvider.get().apply(
new AccountResource.Email(rsrc.getUser(), email),
new AccountResource.Email(user, email),
null);
info.preferred = true;
}

15
gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
View File

@@ -24,6 +24,7 @@ import com.google.gerrit.reviewdb.client.Account.FieldName;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.DeleteEmail.Input;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
@@ -55,18 +56,24 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
&& !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to delete email address");
}
return apply(rsrc.getUser(), rsrc.getEmail());
}
public Response<?> apply(IdentifiedUser user, String email)
throws ResourceNotFoundException, ResourceConflictException,
MethodNotAllowedException, OrmException {
if (!realm.allowsEdit(FieldName.REGISTER_NEW_EMAIL)) {
throw new MethodNotAllowedException("realm does not allow deleting emails");
}
AccountExternalId.Key key = new AccountExternalId.Key(
AccountExternalId.SCHEME_MAILTO, rsrc.getEmail());
AccountExternalId.SCHEME_MAILTO, email);
AccountExternalId extId = dbProvider.get().accountExternalIds().get(key);
if (extId == null) {
throw new ResourceNotFoundException(rsrc.getEmail());
throw new ResourceNotFoundException(email);
}
try {
accountManager.unlink(rsrc.getUser().getAccountId(),
AuthRequest.forEmail(rsrc.getEmail()));
accountManager.unlink(user.getAccountId(),
AuthRequest.forEmail(email));
} catch (AccountException e) {
throw new ResourceConflictException(e.getMessage());
}

6
gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
View File

@@ -21,6 +21,7 @@ import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.reviewdb.client.AccountSshKey;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -45,10 +46,13 @@ public class GetSshKeys implements RestReadView<AccountResource> {
&& !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to get SSH keys");
}
return apply(rsrc.getUser());
}
public List<SshKeyInfo> apply(IdentifiedUser user) throws OrmException {
List<SshKeyInfo> sshKeys = Lists.newArrayList();
for (AccountSshKey sshKey : dbProvider.get().accountSshKeys()
.byAccount(rsrc.getUser().getAccountId()).toList()) {
.byAccount(user.getAccountId()).toList()) {
sshKeys.add(new SshKeyInfo(sshKey));
}
return sshKeys;

12
gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
View File

@@ -25,6 +25,7 @@ import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.PutHttpPassword.Input;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
@@ -94,21 +95,24 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
}
newPassword = input.httpPassword;
}
return apply(rsrc.getUser(), newPassword);
}
if (rsrc.getUser().getUserName() == null) {
public Response<String> apply(IdentifiedUser user, String newPassword)
throws ResourceNotFoundException, ResourceConflictException, OrmException {
if (user.getUserName() == null) {
throw new ResourceConflictException("username must be set");
}
AccountExternalId id = dbProvider.get().accountExternalIds()
.get(new AccountExternalId.Key(
SCHEME_USERNAME,
rsrc.getUser().getUserName()));
SCHEME_USERNAME, user.getUserName()));
if (id == null) {
throw new ResourceNotFoundException();
}
id.setPassword(newPassword);
dbProvider.get().accountExternalIds().update(Collections.singleton(id));
accountCache.evict(rsrc.getUser().getAccountId());
accountCache.evict(user.getAccountId());
return Strings.isNullOrEmpty(newPassword)
? Response.<String>none()

7
gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
View File

@@ -25,6 +25,7 @@ import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.Account.FieldName;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.PutName.Input;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
@@ -60,7 +61,11 @@ public class PutName implements RestModifyView<AccountResource, Input> {
&& !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to change name");
}
return apply(rsrc.getUser(), input);
}
public Response<String> apply(IdentifiedUser user, Input input)
throws MethodNotAllowedException, ResourceNotFoundException, OrmException {
if (!realm.allowsEdit(FieldName.FULL_NAME)) {
throw new MethodNotAllowedException("realm does not allow editing name");
}
@@ -69,7 +74,7 @@ public class PutName implements RestModifyView<AccountResource, Input> {
input = new Input();
}
Account a = dbProvider.get().accounts().get(rsrc.getUser().getAccountId());
Account a = dbProvider.get().accounts().get(user.getAccountId());
if (a == null) {
throw new ResourceNotFoundException("account not found");
}

11
gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
View File

@@ -21,6 +21,7 @@ import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.PutPreferred.Input;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
@@ -52,15 +53,19 @@ public class PutPreferred implements
&& !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to set preferred email address");
}
return apply(rsrc.getUser(), rsrc.getEmail());
}
Account a = dbProvider.get().accounts().get(rsrc.getUser().getAccountId());
public Response<String> apply(IdentifiedUser user, String email)
throws ResourceNotFoundException, OrmException {
Account a = dbProvider.get().accounts().get(user.getAccountId());
if (a == null) {
throw new ResourceNotFoundException("account not found");
}
if (rsrc.getEmail().equals(a.getPreferredEmail())) {
if (email.equals(a.getPreferredEmail())) {
return Response.ok("");
}
a.setPreferredEmail(rsrc.getEmail());
a.setPreferredEmail(email);
dbProvider.get().accounts().update(Collections.singleton(a));
byIdCache.evict(a.getId());
return Response.created("");