opendev/gerrit
Code Issues Proposed changes
Files
4bdef6c0308e65bfdb9418ee5f856bcd2f87c16c
gerrit/java/com/google/gerrit/server/restapi/account/EmailsCollection.java
Patrick Hiesel 4bdef6c030 Remove PermissionBackend#user(Provider<CurrentUser>) 
Checking permissions of users that aren't the caller on the current request
can have implications on the security of the system. The most prominent
one is creating a group-oracle.

To limit the cases where we could potentially expose Gerrit to these
threats, PermissionBackend removes the method that was operating solely
on the provider of the current user.

Change-Id: I601ea1200a15a5f262ca0770b23cc1c7bee126b1
2018-03-27 15:57:45 +02:00

94 lines
3.4 KiB
Java
Raw Blame History

// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.restapi.account;
import com.google.common.base.Strings;
import com.google.gerrit.extensions.registration.DynamicMap;
import com.google.gerrit.extensions.restapi.AcceptsCreate;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.ChildCollection;
import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.account.AccountResource.Email;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
@Singleton
public class EmailsCollection
implements ChildCollection<AccountResource, AccountResource.Email>,
AcceptsCreate<AccountResource> {
private final DynamicMap<RestView<AccountResource.Email>> views;
private final GetEmails list;
private final Provider<CurrentUser> self;
private final PermissionBackend permissionBackend;
private final CreateEmail.Factory createEmailFactory;
@Inject
EmailsCollection(
DynamicMap<RestView<AccountResource.Email>> views,
GetEmails list,
Provider<CurrentUser> self,
PermissionBackend permissionBackend,
CreateEmail.Factory createEmailFactory) {
this.views = views;
this.list = list;
this.self = self;
this.permissionBackend = permissionBackend;
this.createEmailFactory = createEmailFactory;
}
@Override
public RestView<AccountResource> list() {
return list;
}
@Override
public AccountResource.Email parse(AccountResource rsrc, IdString id)
throws ResourceNotFoundException, PermissionBackendException, AuthException {
if (self.get() != rsrc.getUser()) {
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
if ("preferred".equals(id.get())) {
String email = rsrc.getUser().getAccount().getPreferredEmail();
if (Strings.isNullOrEmpty(email)) {
throw new ResourceNotFoundException(id);
}
return new AccountResource.Email(rsrc.getUser(), email);
} else if (rsrc.getUser().hasEmailAddress(id.get())) {
return new AccountResource.Email(rsrc.getUser(), id.get());
} else {
throw new ResourceNotFoundException(id);
}
}
@Override
public DynamicMap<RestView<Email>> views() {
return views;
}
@Override
public CreateEmail create(AccountResource parent, IdString email) {
return createEmailFactory.create(email.get());
}
}
View Git Blame Copy Permalink