Check canRebase with PermissionBackend
Change-Id: I09b24e3473c8b45a583cbb7cab57c86ac1b99792
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/ChangeApiImpl.java b/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/ChangeApiImpl.java
index eee6420..cbc7cea 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/ChangeApiImpl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/ChangeApiImpl.java
@@ -362,7 +362,11 @@
public void rebase(RebaseInput in) throws RestApiException {
try {
rebase.apply(change, in);
- } catch (EmailException | OrmException | UpdateException | IOException e) {
+ } catch (EmailException
+ | OrmException
+ | UpdateException
+ | IOException
+ | PermissionBackendException e) {
throw new RestApiException("Cannot rebase change", e);
}
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/RevisionApiImpl.java b/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/RevisionApiImpl.java
index 7d97eb9..e0861e0 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/RevisionApiImpl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/api/changes/RevisionApiImpl.java
@@ -268,7 +268,11 @@
public ChangeApi rebase(RebaseInput in) throws RestApiException {
try {
return changes.id(rebase.apply(revision, in)._number);
- } catch (OrmException | EmailException | UpdateException | IOException e) {
+ } catch (OrmException
+ | EmailException
+ | UpdateException
+ | IOException
+ | PermissionBackendException e) {
throw new RestApiException("Cannot rebase ps", e);
}
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/change/Rebase.java b/gerrit-server/src/main/java/com/google/gerrit/server/change/Rebase.java
index 93e1e4e..4f8646d 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/change/Rebase.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/change/Rebase.java
@@ -35,6 +35,8 @@
import com.google.gerrit.server.change.RebaseUtil.Base;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.git.validators.CommitValidators;
+import com.google.gerrit.server.permissions.ChangePermission;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ChangeControl;
import com.google.gerrit.server.project.NoSuchChangeException;
import com.google.gerrit.server.update.BatchUpdate;
@@ -85,7 +87,9 @@
@Override
public ChangeInfo apply(RevisionResource rsrc, RebaseInput input)
throws EmailException, OrmException, UpdateException, RestApiException, IOException,
- NoSuchChangeException {
+ NoSuchChangeException, PermissionBackendException {
+ rsrc.permissions().database(dbProvider).check(ChangePermission.REBASE);
+
ChangeControl control = rsrc.getControl();
Change change = rsrc.getChange();
try (Repository repo = repoManager.openRepository(change.getProject());
@@ -94,9 +98,7 @@
BatchUpdate bu =
updateFactory.create(
dbProvider.get(), change.getProject(), rsrc.getUser(), TimeUtil.nowTs())) {
- if (!control.canRebase(dbProvider.get())) {
- throw new AuthException("rebase not permitted");
- } else if (!change.getStatus().isOpen()) {
+ if (!change.getStatus().isOpen()) {
throw new ResourceConflictException("change is " + change.getStatus().name().toLowerCase());
} else if (!hasOneParent(rw, rsrc.getPatchSet())) {
throw new ResourceConflictException(
@@ -175,15 +177,12 @@
@Override
public UiAction.Description getDescription(RevisionResource resource) {
PatchSet patchSet = resource.getPatchSet();
- Branch.NameKey dest = resource.getChange().getDest();
- boolean canRebase = false;
- try {
- canRebase = resource.getControl().canRebase(dbProvider.get());
- } catch (OrmException e) {
- log.error("Cannot check canRebase status. Assuming false.", e);
- }
+ Change change = resource.getChange();
+ Branch.NameKey dest = change.getDest();
boolean visible =
- resource.getChange().getStatus().isOpen() && resource.isCurrent() && canRebase;
+ change.getStatus().isOpen()
+ && resource.isCurrent()
+ && resource.permissions().database(dbProvider).testOrFalse(ChangePermission.REBASE);
boolean enabled = true;
if (visible) {
@@ -196,13 +195,11 @@
visible = false;
}
}
- UiAction.Description descr =
- new UiAction.Description()
- .setLabel("Rebase")
- .setTitle("Rebase onto tip of branch or parent change")
- .setVisible(visible)
- .setEnabled(enabled);
- return descr;
+ return new UiAction.Description()
+ .setLabel("Rebase")
+ .setTitle("Rebase onto tip of branch or parent change")
+ .setVisible(visible)
+ .setEnabled(enabled);
}
public static class CurrentRevision implements RestModifyView<ChangeResource, RebaseInput> {
@@ -217,7 +214,8 @@
@Override
public ChangeInfo apply(ChangeResource rsrc, RebaseInput input)
- throws EmailException, OrmException, UpdateException, RestApiException, IOException {
+ throws EmailException, OrmException, UpdateException, RestApiException, IOException,
+ PermissionBackendException {
PatchSet ps = psUtil.current(rebase.dbProvider.get(), rsrc.getNotes());
if (ps == null) {
throw new ResourceConflictException("current revision is missing");
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
index 8d36aeb..2f5299f 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
@@ -285,7 +285,7 @@
}
/** Can this user rebase this change? */
- public boolean canRebase(ReviewDb db) throws OrmException {
+ private boolean canRebase(ReviewDb db) throws OrmException {
return (isOwner() || getRefControl().canSubmit(isOwner()) || getRefControl().canRebase())
&& !isPatchSetLocked(db);
}
