ListChildProjects: remove visibility check
ListChildProjects delegates to the QueryProjects which is a REST
handler too, and therefore also enforces visibility.
Document this in ProjectQueryProcessor. Add a test out of paranoia.
Change-Id: I6e55e2aa1681390949dde62ff1660b6f5e4bfbcc
diff --git a/java/com/google/gerrit/server/query/project/ProjectQueryProcessor.java b/java/com/google/gerrit/server/query/project/ProjectQueryProcessor.java
index 66eab7b..8e6d8a1 100644
--- a/java/com/google/gerrit/server/query/project/ProjectQueryProcessor.java
+++ b/java/com/google/gerrit/server/query/project/ProjectQueryProcessor.java
@@ -38,6 +38,8 @@
*
* <p>Instances are one-time-use. Other singleton classes should inject a Provider rather than
* holding on to a single instance.
+ *
+ * <p>By default, enforces visibility to CurrentUser.
*/
public class ProjectQueryProcessor extends QueryProcessor<ProjectData> {
private final PermissionBackend permissionBackend;
diff --git a/java/com/google/gerrit/server/restapi/project/ListChildProjects.java b/java/com/google/gerrit/server/restapi/project/ListChildProjects.java
index 0bd053e..6a0fc97 100644
--- a/java/com/google/gerrit/server/restapi/project/ListChildProjects.java
+++ b/java/com/google/gerrit/server/restapi/project/ListChildProjects.java
@@ -25,7 +25,6 @@
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
-import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.gerrit.server.project.ChildProjects;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
@@ -85,8 +84,6 @@
private List<ProjectInfo> directChildProjects(Project.NameKey parent) throws RestApiException {
PermissionBackend.WithUser currentUser = permissionBackend.currentUser();
return queryProvider.get().withQuery("parent:" + parent.get()).withLimit(limit).apply().stream()
- .filter(
- p -> currentUser.project(Project.nameKey(p.name)).testOrFalse(ProjectPermission.ACCESS))
.collect(toList());
}
}
diff --git a/javatests/com/google/gerrit/acceptance/rest/project/ListChildProjectsIT.java b/javatests/com/google/gerrit/acceptance/rest/project/ListChildProjectsIT.java
index 7535dea..3c8357b 100644
--- a/javatests/com/google/gerrit/acceptance/rest/project/ListChildProjectsIT.java
+++ b/javatests/com/google/gerrit/acceptance/rest/project/ListChildProjectsIT.java
@@ -16,13 +16,21 @@
import static com.google.common.truth.Truth.assertThat;
import static com.google.gerrit.acceptance.rest.project.ProjectAssert.assertThatNameList;
+import static com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate.allow;
+import static com.google.gerrit.acceptance.testsuite.project.TestProjectUpdate.block;
import static com.google.gerrit.testing.GerritJUnit.assertThrows;
import com.google.gerrit.acceptance.AbstractDaemonTest;
import com.google.gerrit.acceptance.NoHttpd;
+import com.google.gerrit.acceptance.TestAccount;
+import com.google.gerrit.acceptance.testsuite.group.GroupOperations;
import com.google.gerrit.acceptance.testsuite.project.ProjectOperations;
+import com.google.gerrit.acceptance.testsuite.request.RequestScopeOperations;
+import com.google.gerrit.entities.AccountGroup;
+import com.google.gerrit.entities.Permission;
import com.google.gerrit.entities.Project;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
+import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.inject.Inject;
import org.apache.commons.lang.RandomStringUtils;
import org.junit.Test;
@@ -30,6 +38,8 @@
@NoHttpd
public class ListChildProjectsIT extends AbstractDaemonTest {
@Inject private ProjectOperations projectOperations;
+ @Inject private GroupOperations groupOperations;
+ @Inject private RequestScopeOperations requestScopeOperations;
@Test
public void listChildrenOfNonExistingProject_NotFound() throws Exception {
@@ -84,4 +94,29 @@
.containsExactly(child1_1, child1_1_1, child1_1_1_1, child1_2)
.inOrder();
}
+
+ @Test
+ public void listChildrenVisibility() throws Exception {
+ Project.NameKey parent = projectOperations.newProject().createEmptyCommit(true).create();
+ Project.NameKey project =
+ projectOperations.newProject().createEmptyCommit(true).parent(parent).create();
+
+ AccountGroup.UUID privilegedGroupUuid =
+ groupOperations.newGroup().name(name("privilegedGroup")).create();
+ projectOperations
+ .project(project)
+ .forUpdate()
+ .add(allow(Permission.READ).ref("refs/*").group(privilegedGroupUuid))
+ .add(block(Permission.READ).ref("refs/*").group(SystemGroupBackend.REGISTERED_USERS))
+ .update();
+
+ TestAccount privilegedUser =
+ accountCreator.create("privilegedUser", "snowden@nsa.gov", "Ed Snowden", null);
+ groupOperations.group(privilegedGroupUuid).forUpdate().addMember(privilegedUser.id()).update();
+
+ requestScopeOperations.setApiUser(user.id());
+ assertThat(gApi.projects().name(parent.get()).children(false)).isEmpty();
+ requestScopeOperations.setApiUser(privilegedUser.id());
+ assertThat(gApi.projects().name(parent.get()).children(false)).isNotEmpty();
+ }
}