Convert viewCaches to PermissionBackend
Change-Id: Id07c11d605b628815a709a13b8f0bd693ce9fe9a
This commit is contained in:
Shawn Pearce
committed by
David Pursehouse
David Pursehouse
parent
625049c020
commit
f4e84de1ae
@@ -17,10 +17,14 @@ package com.google.gerrit.metrics.dropwizard;
|
||||
import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import org.kohsuke.args4j.Option;
|
||||
|
||||
class GetMetric implements RestReadView<MetricResource> {
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final CurrentUser user;
|
||||
private final DropWizardMetricMaker metrics;
|
||||
|
||||
@@ -28,16 +32,16 @@ class GetMetric implements RestReadView<MetricResource> {
|
||||
boolean dataOnly;
|
||||
|
||||
@Inject
|
||||
GetMetric(CurrentUser user, DropWizardMetricMaker metrics) {
|
||||
GetMetric(PermissionBackend permissionBackend, CurrentUser user, DropWizardMetricMaker metrics) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.user = user;
|
||||
this.metrics = metrics;
|
||||
}
|
||||
|
||||
@Override
|
||||
public MetricJson apply(MetricResource resource) throws AuthException {
|
||||
if (!user.getCapabilities().canViewCaches()) {
|
||||
throw new AuthException("restricted to viewCaches");
|
||||
}
|
||||
public MetricJson apply(MetricResource resource)
|
||||
throws AuthException, PermissionBackendException {
|
||||
permissionBackend.user(user).check(GlobalPermission.VIEW_CACHES);
|
||||
return new MetricJson(
|
||||
resource.getMetric(), metrics.getAnnotations(resource.getName()), dataOnly);
|
||||
}
|
||||
|
||||
@@ -19,6 +19,9 @@ import com.google.gerrit.extensions.restapi.AuthException;
|
||||
import com.google.gerrit.extensions.restapi.RestReadView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.ConfigResource;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -28,6 +31,7 @@ import java.util.TreeMap;
|
||||
import org.kohsuke.args4j.Option;
|
||||
|
||||
class ListMetrics implements RestReadView<ConfigResource> {
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final CurrentUser user;
|
||||
private final DropWizardMetricMaker metrics;
|
||||
|
||||
@@ -43,16 +47,17 @@ class ListMetrics implements RestReadView<ConfigResource> {
|
||||
List<String> query = new ArrayList<>();
|
||||
|
||||
@Inject
|
||||
ListMetrics(CurrentUser user, DropWizardMetricMaker metrics) {
|
||||
ListMetrics(
|
||||
PermissionBackend permissionBackend, CurrentUser user, DropWizardMetricMaker metrics) {
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.user = user;
|
||||
this.metrics = metrics;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, MetricJson> apply(ConfigResource resource) throws AuthException {
|
||||
if (!user.getCapabilities().canViewCaches()) {
|
||||
throw new AuthException("restricted to viewCaches");
|
||||
}
|
||||
public Map<String, MetricJson> apply(ConfigResource resource)
|
||||
throws AuthException, PermissionBackendException {
|
||||
permissionBackend.user(user).check(GlobalPermission.VIEW_CACHES);
|
||||
|
||||
SortedMap<String, MetricJson> out = new TreeMap<>();
|
||||
List<String> prefixes = new ArrayList<>(query.size());
|
||||
|
||||
@@ -23,6 +23,9 @@ import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||
import com.google.gerrit.extensions.restapi.RestView;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.config.ConfigResource;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -31,6 +34,7 @@ import com.google.inject.Singleton;
|
||||
class MetricsCollection implements ChildCollection<ConfigResource, MetricResource> {
|
||||
private final DynamicMap<RestView<MetricResource>> views;
|
||||
private final Provider<ListMetrics> list;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<CurrentUser> user;
|
||||
private final DropWizardMetricMaker metrics;
|
||||
|
||||
@@ -38,10 +42,12 @@ class MetricsCollection implements ChildCollection<ConfigResource, MetricResourc
|
||||
MetricsCollection(
|
||||
DynamicMap<RestView<MetricResource>> views,
|
||||
Provider<ListMetrics> list,
|
||||
PermissionBackend permissionBackend,
|
||||
Provider<CurrentUser> user,
|
||||
DropWizardMetricMaker metrics) {
|
||||
this.views = views;
|
||||
this.list = list;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.user = user;
|
||||
this.metrics = metrics;
|
||||
}
|
||||
@@ -58,10 +64,8 @@ class MetricsCollection implements ChildCollection<ConfigResource, MetricResourc
|
||||
|
||||
@Override
|
||||
public MetricResource parse(ConfigResource parent, IdString id)
|
||||
throws ResourceNotFoundException, AuthException {
|
||||
if (!user.get().getCapabilities().canViewCaches()) {
|
||||
throw new AuthException("restricted to viewCaches");
|
||||
}
|
||||
throws ResourceNotFoundException, AuthException, PermissionBackendException {
|
||||
permissionBackend.user(user).check(GlobalPermission.VIEW_CACHES);
|
||||
|
||||
Metric metric = metrics.getMetric(id.get());
|
||||
if (metric == null) {
|
||||
|
||||
@@ -97,11 +97,6 @@ public class CapabilityControl {
|
||||
return canPerform(GlobalCapability.VIEW_ALL_ACCOUNTS) || canAdministrateServer();
|
||||
}
|
||||
|
||||
/** @return true if the user can view the server caches. */
|
||||
public boolean canViewCaches() {
|
||||
return canPerform(GlobalCapability.VIEW_CACHES) || canMaintainServer();
|
||||
}
|
||||
|
||||
/** @return true if the user can perform basic server maintenance. */
|
||||
public boolean canMaintainServer() {
|
||||
return canPerform(GlobalCapability.MAINTAIN_SERVER) || canAdministrateServer();
|
||||
@@ -254,14 +249,13 @@ public class CapabilityControl {
|
||||
return canRunAs();
|
||||
case VIEW_ALL_ACCOUNTS:
|
||||
return canViewAllAccounts();
|
||||
case VIEW_CACHES:
|
||||
return canViewCaches();
|
||||
case VIEW_QUEUE:
|
||||
return canViewQueue();
|
||||
|
||||
case FLUSH_CACHES:
|
||||
case KILL_TASK:
|
||||
case RUN_GC:
|
||||
case VIEW_CACHES:
|
||||
return canPerform(perm.permissionName()) || canMaintainServer();
|
||||
|
||||
case CREATE_ACCOUNT:
|
||||
|
||||
@@ -27,8 +27,10 @@ import com.google.gerrit.extensions.restapi.IdString;
|
||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||
import com.google.gerrit.extensions.restapi.RestView;
|
||||
import com.google.gerrit.server.AnonymousUser;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.permissions.GlobalPermission;
|
||||
import com.google.gerrit.server.permissions.PermissionBackend;
|
||||
import com.google.gerrit.server.permissions.PermissionBackendException;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -40,6 +42,7 @@ public class CachesCollection
|
||||
|
||||
private final DynamicMap<RestView<CacheResource>> views;
|
||||
private final Provider<ListCaches> list;
|
||||
private final PermissionBackend permissionBackend;
|
||||
private final Provider<CurrentUser> self;
|
||||
private final DynamicMap<Cache<?, ?>> cacheMap;
|
||||
private final PostCaches postCaches;
|
||||
@@ -48,11 +51,13 @@ public class CachesCollection
|
||||
CachesCollection(
|
||||
DynamicMap<RestView<CacheResource>> views,
|
||||
Provider<ListCaches> list,
|
||||
PermissionBackend permissionBackend,
|
||||
Provider<CurrentUser> self,
|
||||
DynamicMap<Cache<?, ?>> cacheMap,
|
||||
PostCaches postCaches) {
|
||||
this.views = views;
|
||||
this.list = list;
|
||||
this.permissionBackend = permissionBackend;
|
||||
this.self = self;
|
||||
this.cacheMap = cacheMap;
|
||||
this.postCaches = postCaches;
|
||||
@@ -65,15 +70,8 @@ public class CachesCollection
|
||||
|
||||
@Override
|
||||
public CacheResource parse(ConfigResource parent, IdString id)
|
||||
throws AuthException, ResourceNotFoundException {
|
||||
CurrentUser user = self.get();
|
||||
if (user instanceof AnonymousUser) {
|
||||
throw new AuthException("Authentication required");
|
||||
} else if (!user.isIdentifiedUser()) {
|
||||
throw new ResourceNotFoundException();
|
||||
} else if (!user.getCapabilities().canViewCaches()) {
|
||||
throw new AuthException("not allowed to view caches");
|
||||
}
|
||||
throws AuthException, ResourceNotFoundException, PermissionBackendException {
|
||||
permissionBackend.user(self).check(GlobalPermission.VIEW_CACHES);
|
||||
|
||||
String cacheName = id.get();
|
||||
String pluginName = "gerrit";
|
||||
|
||||
Reference in New Issue
Block a user