Remove local implementation of LfsUnauthorized
Use the one exposed by JGit.
As a result, the exception error message will no longer mention the
user. Rather than:
User USER is not authorized to perform OPERATION operation
the message will be:
Not authorized to perform operation OPERATION on repository REPO
Add a separate debug log that also includes the user name. The git
client tries anonymous HTTP access first, so logging at info or
error level will pollute the logs.
Change-Id: I21921e6e7192934b4d4a4699f030bbdfacd12e5f
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
index 67fe512..edc8b77 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
@@ -38,12 +38,16 @@
import org.eclipse.jgit.lfs.server.LargeFileRepository;
import org.eclipse.jgit.lfs.server.LfsGerritProtocolServlet;
import org.eclipse.jgit.lfs.server.LfsObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@Singleton
public class LfsApiServlet extends LfsGerritProtocolServlet {
+ private static final Logger log = LoggerFactory.getLogger(LfsApiServlet.class);
+
private static final long serialVersionUID = 1L;
private static final Pattern URL_PATTERN = Pattern.compile(URL_REGEX);
private static final String DOWNLOAD = "download";
@@ -123,11 +127,15 @@
ProjectControl control = state.controlFor(user);
if ((operation.equals(DOWNLOAD) && !control.isReadable()) ||
(operation.equals(UPLOAD) && Capable.OK != control.canPushToAtLeastOneRef())) {
- throw new LfsUnauthorized(
- String.format("User %s is not authorized to perform %s operation",
- Strings.isNullOrEmpty(user.getUserName())
- ? "anonymous" : user.getUserName(),
- operation.toLowerCase()));
+ String op = operation.toLowerCase();
+ String project = state.getProject().getName();
+ String userName = Strings.isNullOrEmpty(user.getUserName())
+ ? "anonymous"
+ : user.getUserName();
+ log.debug(String.format(
+ "operation %s unauthorized for user %s on project %s",
+ op, userName, project));
+ throw new LfsUnauthorized(op, project);
}
}
}
diff --git a/src/main/java/org/eclipse/jgit/lfs/errors/LfsUnauthorized.java b/src/main/java/org/eclipse/jgit/lfs/errors/LfsUnauthorized.java
deleted file mode 100644
index 896eb9f..0000000
--- a/src/main/java/org/eclipse/jgit/lfs/errors/LfsUnauthorized.java
+++ /dev/null
@@ -1,24 +0,0 @@
-// Copyright (C) 2017 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package org.eclipse.jgit.lfs.errors;
-
-
-public class LfsUnauthorized extends LfsException {
- private static final long serialVersionUID = 1L;
-
- public LfsUnauthorized(String message) {
- super(message);
- }
-}