Remove PermissionBackend#user(Provider<CurrentUser>)
Checking permissions of users that aren't the caller on the current request
can have implications on the security of the system. The most prominent
one is creating a group-oracle.
To limit the cases where we could potentially expose Gerrit to these
threats, PermissionBackend removes the method that was operating solely
on the provider of the current user.
Change-Id: I601ea1200a15a5f262ca0770b23cc1c7bee126b1
diff --git a/java/com/google/gerrit/acceptance/InProcessProtocol.java b/java/com/google/gerrit/acceptance/InProcessProtocol.java
index 24d4b6b..7e2796a 100644
--- a/java/com/google/gerrit/acceptance/InProcessProtocol.java
+++ b/java/com/google/gerrit/acceptance/InProcessProtocol.java
@@ -208,7 +208,6 @@
}
private static class Upload implements UploadPackFactory<Context> {
- private final Provider<CurrentUser> userProvider;
private final TransferConfig transferConfig;
private final DynamicSet<UploadPackInitializer> uploadPackInitializers;
private final DynamicSet<PreUploadHook> preUploadHooks;
@@ -219,7 +218,6 @@
@Inject
Upload(
- Provider<CurrentUser> userProvider,
TransferConfig transferConfig,
DynamicSet<UploadPackInitializer> uploadPackInitializers,
DynamicSet<PreUploadHook> preUploadHooks,
@@ -227,7 +225,6 @@
ThreadLocalRequestContext threadContext,
ProjectCache projectCache,
PermissionBackend permissionBackend) {
- this.userProvider = userProvider;
this.transferConfig = transferConfig;
this.uploadPackInitializers = uploadPackInitializers;
this.preUploadHooks = preUploadHooks;
@@ -246,7 +243,7 @@
threadContext.setContext(req);
current.set(req);
- PermissionBackend.ForProject perm = permissionBackend.user(userProvider).project(req.project);
+ PermissionBackend.ForProject perm = permissionBackend.currentUser().project(req.project);
try {
perm.check(ProjectPermission.RUN_UPLOAD_PACK);
} catch (AuthException e) {
@@ -318,7 +315,7 @@
current.set(req);
try {
permissionBackend
- .user(userProvider)
+ .currentUser()
.project(req.project)
.check(ProjectPermission.RUN_RECEIVE_PACK);
} catch (AuthException e) {
diff --git a/java/com/google/gerrit/httpd/GitOverHttpServlet.java b/java/com/google/gerrit/httpd/GitOverHttpServlet.java
index 5bdd9ca..2d14653 100644
--- a/java/com/google/gerrit/httpd/GitOverHttpServlet.java
+++ b/java/com/google/gerrit/httpd/GitOverHttpServlet.java
@@ -261,7 +261,7 @@
ProjectState state = (ProjectState) request.getAttribute(ATT_STATE);
UploadPack up = (UploadPack) request.getAttribute(ServletUtils.ATTRIBUTE_HANDLER);
PermissionBackend.ForProject perm =
- permissionBackend.user(userProvider).project(state.getNameKey());
+ permissionBackend.currentUser().project(state.getNameKey());
try {
perm.check(ProjectPermission.RUN_UPLOAD_PACK);
} catch (AuthException e) {
@@ -356,7 +356,7 @@
Capable s;
try {
permissionBackend
- .user(userProvider)
+ .currentUser()
.project(state.getNameKey())
.check(ProjectPermission.RUN_RECEIVE_PACK);
s = arc.canUpload();
diff --git a/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java b/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java
index b39f027..ba2a063 100644
--- a/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java
+++ b/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java
@@ -112,11 +112,11 @@
GitRepositoryManager repoManager,
ProjectCache projectCache,
PermissionBackend permissionBackend,
- Provider<AnonymousUser> anonymousUserProvider,
Provider<CurrentUser> userProvider,
SitePaths site,
@GerritServerConfig Config cfg,
SshInfo sshInfo,
+ Provider<AnonymousUser> anonymousUserProvider,
GitwebConfig gitwebConfig,
GitwebCgiConfig gitwebCgiConfig)
throws IOException {
@@ -423,7 +423,10 @@
}
projectState.checkStatePermitsRead();
- permissionBackend.user(userProvider).project(nameKey).check(ProjectPermission.READ);
+ permissionBackend
+ .user(anonymousUserProvider.get())
+ .project(nameKey)
+ .check(ProjectPermission.READ);
} catch (AuthException e) {
sendErrorOrRedirect(req, rsp, HttpServletResponse.SC_NOT_FOUND);
return;
@@ -584,7 +587,7 @@
if (projectState.statePermitsRead()
&& permissionBackend
- .user(anonymousUserProvider)
+ .user(anonymousUserProvider.get())
.project(nameKey)
.testOrFalse(ProjectPermission.READ)) {
env.set("GERRIT_ANONYMOUS_READ", "1");
diff --git a/java/com/google/gerrit/httpd/raw/CatServlet.java b/java/com/google/gerrit/httpd/raw/CatServlet.java
index 013c8e9..4b5c227 100644
--- a/java/com/google/gerrit/httpd/raw/CatServlet.java
+++ b/java/com/google/gerrit/httpd/raw/CatServlet.java
@@ -21,7 +21,6 @@
import com.google.gerrit.reviewdb.client.Patch;
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.server.ReviewDb;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.PatchSetUtil;
import com.google.gerrit.server.edit.ChangeEdit;
import com.google.gerrit.server.edit.ChangeEditUtil;
@@ -54,7 +53,6 @@
@Singleton
public class CatServlet extends HttpServlet {
private final Provider<ReviewDb> requestDb;
- private final Provider<CurrentUser> userProvider;
private final ChangeEditUtil changeEditUtil;
private final PatchSetUtil psUtil;
private final ChangeNotes.Factory changeNotesFactory;
@@ -64,14 +62,12 @@
@Inject
CatServlet(
Provider<ReviewDb> sf,
- Provider<CurrentUser> usrprv,
ChangeEditUtil ceu,
PatchSetUtil psu,
ChangeNotes.Factory cnf,
PermissionBackend pb,
ProjectCache pc) {
requestDb = sf;
- userProvider = usrprv;
changeEditUtil = ceu;
psUtil = psu;
changeNotesFactory = cnf;
@@ -132,7 +128,7 @@
try {
ChangeNotes notes = changeNotesFactory.createChecked(changeId);
permissionBackend
- .user(userProvider)
+ .currentUser()
.change(notes)
.database(requestDb)
.check(ChangePermission.READ);
diff --git a/java/com/google/gerrit/httpd/restapi/RestApiServlet.java b/java/com/google/gerrit/httpd/restapi/RestApiServlet.java
index 131dbf9..28fbb7d 100644
--- a/java/com/google/gerrit/httpd/restapi/RestApiServlet.java
+++ b/java/com/google/gerrit/httpd/restapi/RestApiServlet.java
@@ -295,7 +295,7 @@
RestCollection<RestResource, RestResource> rc = members.get();
globals
.permissionBackend
- .user(globals.currentUser)
+ .user(globals.currentUser.get())
.checkAny(GlobalPermission.fromAnnotation(rc.getClass()));
viewData = new ViewData(null, null);
@@ -1189,7 +1189,7 @@
throws AuthException, PermissionBackendException {
globals
.permissionBackend
- .user(globals.currentUser)
+ .user(globals.currentUser.get())
.checkAny(GlobalPermission.fromAnnotation(d.pluginName, d.view.getClass()));
}
diff --git a/java/com/google/gerrit/httpd/rpc/project/ProjectAccessFactory.java b/java/com/google/gerrit/httpd/rpc/project/ProjectAccessFactory.java
index 48e06e9..58a5402 100644
--- a/java/com/google/gerrit/httpd/rpc/project/ProjectAccessFactory.java
+++ b/java/com/google/gerrit/httpd/rpc/project/ProjectAccessFactory.java
@@ -131,7 +131,7 @@
List<AccessSection> local = new ArrayList<>();
Set<String> ownerOf = new HashSet<>();
Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
- PermissionBackend.ForProject perm = permissionBackend.user(user).project(projectName);
+ PermissionBackend.ForProject perm = permissionBackend.currentUser().project(projectName);
boolean checkReadConfig = check(perm, RefNames.REFS_CONFIG, READ);
boolean canWriteProjectConfig = true;
try {
@@ -217,7 +217,7 @@
detail.setInheritsFrom(config.getProject().getParent(allProjectsName));
if (projectName.equals(allProjectsName)
- && permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER)) {
+ && permissionBackend.currentUser().testOrFalse(ADMINISTRATE_SERVER)) {
ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
}
@@ -265,7 +265,7 @@
ResourceConflictException {
ProjectState state = projectCache.checkedGet(projectName);
try {
- permissionBackend.user(user).project(projectName).check(ProjectPermission.ACCESS);
+ permissionBackend.currentUser().project(projectName).check(ProjectPermission.ACCESS);
} catch (AuthException e) {
throw new NoSuchProjectException(projectName);
}
@@ -285,7 +285,7 @@
private boolean isAdmin() throws PermissionBackendException {
try {
- permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
return true;
} catch (AuthException e) {
return false;
diff --git a/java/com/google/gerrit/metrics/dropwizard/MetricsCollection.java b/java/com/google/gerrit/metrics/dropwizard/MetricsCollection.java
index 6abf17c..55c932c 100644
--- a/java/com/google/gerrit/metrics/dropwizard/MetricsCollection.java
+++ b/java/com/google/gerrit/metrics/dropwizard/MetricsCollection.java
@@ -21,7 +21,6 @@
import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestView;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.ConfigResource;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
@@ -35,7 +34,6 @@
private final DynamicMap<RestView<MetricResource>> views;
private final Provider<ListMetrics> list;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final DropWizardMetricMaker metrics;
@Inject
@@ -43,12 +41,10 @@
DynamicMap<RestView<MetricResource>> views,
Provider<ListMetrics> list,
PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
DropWizardMetricMaker metrics) {
this.views = views;
this.list = list;
this.permissionBackend = permissionBackend;
- this.user = user;
this.metrics = metrics;
}
@@ -65,7 +61,7 @@
@Override
public MetricResource parse(ConfigResource parent, IdString id)
throws ResourceNotFoundException, AuthException, PermissionBackendException {
- permissionBackend.user(user).check(GlobalPermission.VIEW_CACHES);
+ permissionBackend.currentUser().check(GlobalPermission.VIEW_CACHES);
Metric metric = metrics.getMetric(id.get());
if (metric == null) {
diff --git a/java/com/google/gerrit/server/api/accounts/AccountsImpl.java b/java/com/google/gerrit/server/api/accounts/AccountsImpl.java
index f5f1a34..44b6610 100644
--- a/java/com/google/gerrit/server/api/accounts/AccountsImpl.java
+++ b/java/com/google/gerrit/server/api/accounts/AccountsImpl.java
@@ -100,7 +100,7 @@
}
try {
CreateAccount impl = createAccount.create(in.username);
- permissionBackend.user(self).checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
+ permissionBackend.currentUser().checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
AccountInfo info = impl.apply(TopLevelResource.INSTANCE, in).value();
return id(info._accountId);
} catch (Exception e) {
diff --git a/java/com/google/gerrit/server/api/groups/GroupsImpl.java b/java/com/google/gerrit/server/api/groups/GroupsImpl.java
index 0b3bc64..247be44 100644
--- a/java/com/google/gerrit/server/api/groups/GroupsImpl.java
+++ b/java/com/google/gerrit/server/api/groups/GroupsImpl.java
@@ -26,7 +26,6 @@
import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.TopLevelResource;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
@@ -49,7 +48,6 @@
private final ProjectsCollection projects;
private final Provider<ListGroups> listGroups;
private final Provider<QueryGroups> queryGroups;
- private final Provider<CurrentUser> user;
private final PermissionBackend permissionBackend;
private final CreateGroup.Factory createGroup;
private final GroupApiImpl.Factory api;
@@ -61,7 +59,6 @@
ProjectsCollection projects,
Provider<ListGroups> listGroups,
Provider<QueryGroups> queryGroups,
- Provider<CurrentUser> user,
PermissionBackend permissionBackend,
CreateGroup.Factory createGroup,
GroupApiImpl.Factory api) {
@@ -70,7 +67,6 @@
this.projects = projects;
this.listGroups = listGroups;
this.queryGroups = queryGroups;
- this.user = user;
this.permissionBackend = permissionBackend;
this.createGroup = createGroup;
this.api = api;
@@ -95,7 +91,7 @@
}
try {
CreateGroup impl = createGroup.create(in.name);
- permissionBackend.user(user).checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
+ permissionBackend.currentUser().checkAny(GlobalPermission.fromAnnotation(impl.getClass()));
GroupInfo info = impl.apply(TopLevelResource.INSTANCE, in);
return id(info.id);
} catch (Exception e) {
diff --git a/java/com/google/gerrit/server/args4j/ProjectHandler.java b/java/com/google/gerrit/server/args4j/ProjectHandler.java
index 8959d97..e97c171 100644
--- a/java/com/google/gerrit/server/args4j/ProjectHandler.java
+++ b/java/com/google/gerrit/server/args4j/ProjectHandler.java
@@ -17,7 +17,6 @@
import com.google.gerrit.common.ProjectUtil;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.ProjectPermission;
@@ -25,7 +24,6 @@
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.assistedinject.Assisted;
import java.io.IOException;
import org.kohsuke.args4j.CmdLineException;
@@ -42,20 +40,17 @@
private final ProjectCache projectCache;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
@Inject
public ProjectHandler(
ProjectCache projectCache,
PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
@Assisted final CmdLineParser parser,
@Assisted final OptionDef option,
@Assisted final Setter<ProjectState> setter) {
super(parser, option, setter);
this.projectCache = projectCache;
this.permissionBackend = permissionBackend;
- this.user = user;
}
@Override
@@ -84,7 +79,7 @@
if (state == null) {
throw new CmdLineException(owner, String.format("project %s not found", nameWithoutSuffix));
}
- permissionBackend.user(user).project(nameKey).check(ProjectPermission.ACCESS);
+ permissionBackend.currentUser().project(nameKey).check(ProjectPermission.ACCESS);
} catch (AuthException e) {
throw new CmdLineException(owner, new NoSuchProjectException(nameKey).getMessage());
} catch (PermissionBackendException | IOException e) {
diff --git a/java/com/google/gerrit/server/edit/ChangeEditModifier.java b/java/com/google/gerrit/server/edit/ChangeEditModifier.java
index 64f5ae7..9880dae 100644
--- a/java/com/google/gerrit/server/edit/ChangeEditModifier.java
+++ b/java/com/google/gerrit/server/edit/ChangeEditModifier.java
@@ -400,7 +400,7 @@
}
try {
permissionBackend
- .user(currentUser)
+ .currentUser()
.database(reviewDb)
.change(notes)
.check(ChangePermission.ADD_PATCH_SET);
diff --git a/java/com/google/gerrit/server/extensions/webui/UiActions.java b/java/com/google/gerrit/server/extensions/webui/UiActions.java
index 6714055..043c2e4 100644
--- a/java/com/google/gerrit/server/extensions/webui/UiActions.java
+++ b/java/com/google/gerrit/server/extensions/webui/UiActions.java
@@ -31,13 +31,11 @@
import com.google.gerrit.extensions.webui.PrivateInternals_UiActionDescription;
import com.google.gerrit.extensions.webui.UiAction;
import com.google.gerrit.extensions.webui.UiAction.Description;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendCondition;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.HashMap;
import java.util.Iterator;
@@ -57,12 +55,10 @@
}
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> userProvider;
@Inject
- UiActions(PermissionBackend permissionBackend, Provider<CurrentUser> userProvider) {
+ UiActions(PermissionBackend permissionBackend) {
this.permissionBackend = permissionBackend;
- this.userProvider = userProvider;
}
public <R extends RestResource> Iterable<UiAction.Description> from(
@@ -146,7 +142,7 @@
return null;
}
if (!globalRequired.isEmpty()) {
- PermissionBackend.WithUser withUser = permissionBackend.user(userProvider);
+ PermissionBackend.WithUser withUser = permissionBackend.currentUser();
Iterator<GlobalOrPluginPermission> i = globalRequired.iterator();
BooleanCondition p = withUser.testCond(i.next());
while (i.hasNext()) {
diff --git a/java/com/google/gerrit/server/patch/PatchScriptFactory.java b/java/com/google/gerrit/server/patch/PatchScriptFactory.java
index 31a7e84..b0e5310 100644
--- a/java/com/google/gerrit/server/patch/PatchScriptFactory.java
+++ b/java/com/google/gerrit/server/patch/PatchScriptFactory.java
@@ -205,11 +205,7 @@
PatchSet psEntityB = psb.get() == 0 ? new PatchSet(psb) : psUtil.get(db, notes, psb);
if (psEntityA != null || psEntityB != null) {
try {
- permissionBackend
- .user(userProvider)
- .change(notes)
- .database(db)
- .check(ChangePermission.READ);
+ permissionBackend.currentUser().change(notes).database(db).check(ChangePermission.READ);
} catch (AuthException e) {
throw new NoSuchChangeException(changeId);
}
diff --git a/java/com/google/gerrit/server/permissions/PermissionBackend.java b/java/com/google/gerrit/server/permissions/PermissionBackend.java
index 8b82e79..ad03ca7 100644
--- a/java/com/google/gerrit/server/permissions/PermissionBackend.java
+++ b/java/com/google/gerrit/server/permissions/PermissionBackend.java
@@ -100,14 +100,6 @@
public abstract WithUser user(CurrentUser user);
/**
- * @return lightweight factory scoped to answer for the specified user. If an instance scoped to
- * the current user is desired, use {@code currentUser()} instead.
- */
- public <U extends CurrentUser> WithUser user(Provider<U> user) {
- return user(checkNotNull(user, "Provider<CurrentUser>").get());
- }
-
- /**
* Bulk evaluate a set of {@link PermissionBackendCondition} for view handling.
*
* <p>Overridden implementations should call {@link PermissionBackendCondition#set(boolean)} to
diff --git a/java/com/google/gerrit/server/plugins/DisablePlugin.java b/java/com/google/gerrit/server/plugins/DisablePlugin.java
index 266350f..62eb993 100644
--- a/java/com/google/gerrit/server/plugins/DisablePlugin.java
+++ b/java/com/google/gerrit/server/plugins/DisablePlugin.java
@@ -19,33 +19,28 @@
import com.google.gerrit.extensions.common.PluginInfo;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
-import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
@Singleton
public class DisablePlugin implements RestModifyView<PluginResource, Input> {
private final PluginLoader loader;
- private final Provider<IdentifiedUser> user;
private final PermissionBackend permissionBackend;
@Inject
- DisablePlugin(
- PluginLoader loader, Provider<IdentifiedUser> user, PermissionBackend permissionBackend) {
+ DisablePlugin(PluginLoader loader, PermissionBackend permissionBackend) {
this.loader = loader;
- this.user = user;
this.permissionBackend = permissionBackend;
}
@Override
public PluginInfo apply(PluginResource resource, Input input) throws RestApiException {
try {
- permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
} catch (PermissionBackendException e) {
throw new RestApiException("Could not check permission", e);
}
diff --git a/java/com/google/gerrit/server/project/ChildProjects.java b/java/com/google/gerrit/server/project/ChildProjects.java
index 0b174f6..a29a152 100644
--- a/java/com/google/gerrit/server/project/ChildProjects.java
+++ b/java/com/google/gerrit/server/project/ChildProjects.java
@@ -20,13 +20,11 @@
import com.google.common.collect.Multimap;
import com.google.gerrit.extensions.common.ProjectInfo;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.ArrayList;
import java.util.HashMap;
@@ -38,7 +36,6 @@
public class ChildProjects {
private final ProjectCache projectCache;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final AllProjectsName allProjects;
private final ProjectJson json;
@@ -46,12 +43,10 @@
ChildProjects(
ProjectCache projectCache,
PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
AllProjectsName allProjectsName,
ProjectJson json) {
this.projectCache = projectCache;
this.permissionBackend = permissionBackend;
- this.user = user;
this.allProjects = allProjectsName;
this.json = json;
}
@@ -60,7 +55,7 @@
public List<ProjectInfo> list(Project.NameKey parent) throws PermissionBackendException {
Map<Project.NameKey, Project> projects = readAllProjects();
Multimap<Project.NameKey, Project.NameKey> children = parentToChildren(projects);
- PermissionBackend.WithUser perm = permissionBackend.user(user);
+ PermissionBackend.WithUser perm = permissionBackend.currentUser();
List<ProjectInfo> results = new ArrayList<>();
depthFirstFormat(results, perm, projects, children, parent);
diff --git a/java/com/google/gerrit/server/project/CreateRefControl.java b/java/com/google/gerrit/server/project/CreateRefControl.java
index 7d4797a..19edf92 100644
--- a/java/com/google/gerrit/server/project/CreateRefControl.java
+++ b/java/com/google/gerrit/server/project/CreateRefControl.java
@@ -75,7 +75,7 @@
}
ps.checkStatePermitsWrite();
- PermissionBackend.ForRef perm = permissionBackend.user(user).ref(branch);
+ PermissionBackend.ForRef perm = permissionBackend.user(user.get()).ref(branch);
if (object instanceof RevCommit) {
perm.check(RefPermission.CREATE);
checkCreateCommit(repo, (RevCommit) object, ps, perm);
@@ -105,7 +105,7 @@
// If the tag has a PGP signature, allow a lower level of permission
// than if it doesn't have a PGP signature.
- PermissionBackend.ForRef forRef = permissionBackend.user(user).ref(branch);
+ PermissionBackend.ForRef forRef = permissionBackend.user(user.get()).ref(branch);
if (tag.getFullMessage().contains("-----BEGIN PGP SIGNATURE-----\n")) {
forRef.check(RefPermission.CREATE_SIGNED_TAG);
} else {
diff --git a/java/com/google/gerrit/server/project/Reachable.java b/java/com/google/gerrit/server/project/Reachable.java
index 67d8f70..8a54b2e 100644
--- a/java/com/google/gerrit/server/project/Reachable.java
+++ b/java/com/google/gerrit/server/project/Reachable.java
@@ -16,13 +16,11 @@
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.IncludedInResolver;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackend.RefFilterOptions;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.Collection;
@@ -45,12 +43,10 @@
private static final Logger log = LoggerFactory.getLogger(Reachable.class);
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
@Inject
- Reachable(PermissionBackend permissionBackend, Provider<CurrentUser> user) {
+ Reachable(PermissionBackend permissionBackend) {
this.permissionBackend = permissionBackend;
- this.user = user;
}
/** @return true if a commit is reachable from a given set of refs. */
@@ -60,7 +56,7 @@
// TODO(hiesel) Convert interface to Project.NameKey
Map<String, Ref> filtered =
permissionBackend
- .user(user)
+ .currentUser()
.project(state.getNameKey())
.filter(refs, repo, RefFilterOptions.builder().setFilterTagsSeparately(true).build());
return IncludedInResolver.includedInAny(repo, rw, commit, filtered.values());
diff --git a/java/com/google/gerrit/server/project/SuggestParentCandidates.java b/java/com/google/gerrit/server/project/SuggestParentCandidates.java
index 7c7f8a5..014029b 100644
--- a/java/com/google/gerrit/server/project/SuggestParentCandidates.java
+++ b/java/com/google/gerrit/server/project/SuggestParentCandidates.java
@@ -17,13 +17,11 @@
import static java.util.stream.Collectors.toList;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.HashSet;
import java.util.List;
@@ -33,24 +31,19 @@
public class SuggestParentCandidates {
private final ProjectCache projectCache;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final AllProjectsName allProjects;
@Inject
SuggestParentCandidates(
- ProjectCache projectCache,
- PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
- AllProjectsName allProjects) {
+ ProjectCache projectCache, PermissionBackend permissionBackend, AllProjectsName allProjects) {
this.projectCache = projectCache;
this.permissionBackend = permissionBackend;
- this.user = user;
this.allProjects = allProjects;
}
public List<Project.NameKey> getNameKeys() throws PermissionBackendException {
return permissionBackend
- .user(user)
+ .currentUser()
.filter(ProjectPermission.ACCESS, parents())
.stream()
.sorted()
diff --git a/java/com/google/gerrit/server/restapi/account/AddSshKey.java b/java/com/google/gerrit/server/restapi/account/AddSshKey.java
index 4485f70..7539cf3 100644
--- a/java/com/google/gerrit/server/restapi/account/AddSshKey.java
+++ b/java/com/google/gerrit/server/restapi/account/AddSshKey.java
@@ -75,7 +75,7 @@
throws AuthException, BadRequestException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
return apply(rsrc.getUser(), input);
}
diff --git a/java/com/google/gerrit/server/restapi/account/Capabilities.java b/java/com/google/gerrit/server/restapi/account/Capabilities.java
index e337662..2dd54a5 100644
--- a/java/com/google/gerrit/server/restapi/account/Capabilities.java
+++ b/java/com/google/gerrit/server/restapi/account/Capabilities.java
@@ -62,7 +62,7 @@
throws ResourceNotFoundException, AuthException, PermissionBackendException {
IdentifiedUser target = parent.getUser();
if (self.get() != target) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
GlobalOrPluginPermission perm = parse(id);
diff --git a/java/com/google/gerrit/server/restapi/account/CreateEmail.java b/java/com/google/gerrit/server/restapi/account/CreateEmail.java
index 8ec024e..2248e35 100644
--- a/java/com/google/gerrit/server/restapi/account/CreateEmail.java
+++ b/java/com/google/gerrit/server/restapi/account/CreateEmail.java
@@ -98,7 +98,7 @@
}
if (self.get() != rsrc.getUser() || input.noConfirmation) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
if (!realm.allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL)) {
diff --git a/java/com/google/gerrit/server/restapi/account/DeleteEmail.java b/java/com/google/gerrit/server/restapi/account/DeleteEmail.java
index d36dfe9..ad1b103 100644
--- a/java/com/google/gerrit/server/restapi/account/DeleteEmail.java
+++ b/java/com/google/gerrit/server/restapi/account/DeleteEmail.java
@@ -72,7 +72,7 @@
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), rsrc.getEmail());
}
diff --git a/java/com/google/gerrit/server/restapi/account/DeleteExternalIds.java b/java/com/google/gerrit/server/restapi/account/DeleteExternalIds.java
index 61ba8cc..472756e 100644
--- a/java/com/google/gerrit/server/restapi/account/DeleteExternalIds.java
+++ b/java/com/google/gerrit/server/restapi/account/DeleteExternalIds.java
@@ -68,7 +68,7 @@
throws RestApiException, IOException, OrmException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != resource.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
+ permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
}
if (extIds == null || extIds.size() == 0) {
diff --git a/java/com/google/gerrit/server/restapi/account/DeleteSshKey.java b/java/com/google/gerrit/server/restapi/account/DeleteSshKey.java
index 2621a4a..f278df2 100644
--- a/java/com/google/gerrit/server/restapi/account/DeleteSshKey.java
+++ b/java/com/google/gerrit/server/restapi/account/DeleteSshKey.java
@@ -58,7 +58,7 @@
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
authorizedKeys.deleteKey(rsrc.getUser().getAccountId(), rsrc.getSshKey().getKey().get());
diff --git a/java/com/google/gerrit/server/restapi/account/DeleteWatchedProjects.java b/java/com/google/gerrit/server/restapi/account/DeleteWatchedProjects.java
index 6242e1e..ce10b38 100644
--- a/java/com/google/gerrit/server/restapi/account/DeleteWatchedProjects.java
+++ b/java/com/google/gerrit/server/restapi/account/DeleteWatchedProjects.java
@@ -62,7 +62,7 @@
throws AuthException, UnprocessableEntityException, OrmException, IOException,
ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
if (input == null) {
return Response.none();
diff --git a/java/com/google/gerrit/server/restapi/account/EmailsCollection.java b/java/com/google/gerrit/server/restapi/account/EmailsCollection.java
index d75a01a..c7a6bae 100644
--- a/java/com/google/gerrit/server/restapi/account/EmailsCollection.java
+++ b/java/com/google/gerrit/server/restapi/account/EmailsCollection.java
@@ -65,7 +65,7 @@
public AccountResource.Email parse(AccountResource rsrc, IdString id)
throws ResourceNotFoundException, PermissionBackendException, AuthException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
if ("preferred".equals(id.get())) {
diff --git a/java/com/google/gerrit/server/restapi/account/GetCapabilities.java b/java/com/google/gerrit/server/restapi/account/GetCapabilities.java
index 5260bef0..c623e3e 100644
--- a/java/com/google/gerrit/server/restapi/account/GetCapabilities.java
+++ b/java/com/google/gerrit/server/restapi/account/GetCapabilities.java
@@ -76,7 +76,7 @@
@Override
public Object apply(AccountResource rsrc) throws AuthException, PermissionBackendException {
- PermissionBackend.WithUser perm = permissionBackend.user(self);
+ PermissionBackend.WithUser perm = permissionBackend.currentUser();
if (self.get() != rsrc.getUser()) {
perm.check(GlobalPermission.ADMINISTRATE_SERVER);
perm = permissionBackend.user(rsrc.getUser());
diff --git a/java/com/google/gerrit/server/restapi/account/GetDiffPreferences.java b/java/com/google/gerrit/server/restapi/account/GetDiffPreferences.java
index af87025..a8d14f6 100644
--- a/java/com/google/gerrit/server/restapi/account/GetDiffPreferences.java
+++ b/java/com/google/gerrit/server/restapi/account/GetDiffPreferences.java
@@ -51,7 +51,7 @@
public DiffPreferencesInfo apply(AccountResource rsrc)
throws RestApiException, ConfigInvalidException, IOException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
Account.Id id = rsrc.getUser().getAccountId();
diff --git a/java/com/google/gerrit/server/restapi/account/GetEditPreferences.java b/java/com/google/gerrit/server/restapi/account/GetEditPreferences.java
index 1ea5cec..f24991d 100644
--- a/java/com/google/gerrit/server/restapi/account/GetEditPreferences.java
+++ b/java/com/google/gerrit/server/restapi/account/GetEditPreferences.java
@@ -51,7 +51,7 @@
public EditPreferencesInfo apply(AccountResource rsrc)
throws RestApiException, IOException, ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
Account.Id id = rsrc.getUser().getAccountId();
diff --git a/java/com/google/gerrit/server/restapi/account/GetEmails.java b/java/com/google/gerrit/server/restapi/account/GetEmails.java
index 640cc64..63d042c 100644
--- a/java/com/google/gerrit/server/restapi/account/GetEmails.java
+++ b/java/com/google/gerrit/server/restapi/account/GetEmails.java
@@ -45,7 +45,7 @@
public List<EmailInfo> apply(AccountResource rsrc)
throws AuthException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
List<EmailInfo> emails = new ArrayList<>();
diff --git a/java/com/google/gerrit/server/restapi/account/GetExternalIds.java b/java/com/google/gerrit/server/restapi/account/GetExternalIds.java
index 284c7f9..2f72ad7 100644
--- a/java/com/google/gerrit/server/restapi/account/GetExternalIds.java
+++ b/java/com/google/gerrit/server/restapi/account/GetExternalIds.java
@@ -62,7 +62,7 @@
public List<AccountExternalIdInfo> apply(AccountResource resource)
throws RestApiException, IOException, OrmException, PermissionBackendException {
if (self.get() != resource.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
+ permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
}
Collection<ExternalId> ids = externalIds.byAccount(resource.getUser().getAccountId());
diff --git a/java/com/google/gerrit/server/restapi/account/GetPreferences.java b/java/com/google/gerrit/server/restapi/account/GetPreferences.java
index efc2de1..e32d434 100644
--- a/java/com/google/gerrit/server/restapi/account/GetPreferences.java
+++ b/java/com/google/gerrit/server/restapi/account/GetPreferences.java
@@ -49,7 +49,7 @@
public GeneralPreferencesInfo apply(AccountResource rsrc)
throws RestApiException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
Account.Id id = rsrc.getUser().getAccountId();
diff --git a/java/com/google/gerrit/server/restapi/account/GetSshKeys.java b/java/com/google/gerrit/server/restapi/account/GetSshKeys.java
index 15156dc..cd8dc09 100644
--- a/java/com/google/gerrit/server/restapi/account/GetSshKeys.java
+++ b/java/com/google/gerrit/server/restapi/account/GetSshKeys.java
@@ -58,7 +58,7 @@
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser());
}
diff --git a/java/com/google/gerrit/server/restapi/account/GetWatchedProjects.java b/java/com/google/gerrit/server/restapi/account/GetWatchedProjects.java
index 389dc0e..3a6595c 100644
--- a/java/com/google/gerrit/server/restapi/account/GetWatchedProjects.java
+++ b/java/com/google/gerrit/server/restapi/account/GetWatchedProjects.java
@@ -62,7 +62,7 @@
throws OrmException, AuthException, IOException, ConfigInvalidException,
PermissionBackendException, ResourceNotFoundException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
Account.Id accountId = rsrc.getUser().getAccountId();
diff --git a/java/com/google/gerrit/server/restapi/account/Index.java b/java/com/google/gerrit/server/restapi/account/Index.java
index fc6b7b3..0d8171d 100644
--- a/java/com/google/gerrit/server/restapi/account/Index.java
+++ b/java/com/google/gerrit/server/restapi/account/Index.java
@@ -50,7 +50,7 @@
public Response<?> apply(AccountResource rsrc, Input input)
throws IOException, AuthException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
accountIndexer.get().index(rsrc.getUser().getAccountId());
diff --git a/java/com/google/gerrit/server/restapi/account/PostWatchedProjects.java b/java/com/google/gerrit/server/restapi/account/PostWatchedProjects.java
index bdc6dcb..6486d18 100644
--- a/java/com/google/gerrit/server/restapi/account/PostWatchedProjects.java
+++ b/java/com/google/gerrit/server/restapi/account/PostWatchedProjects.java
@@ -69,7 +69,7 @@
throws OrmException, RestApiException, IOException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
Map<ProjectWatchKey, Set<NotifyType>> projectWatches = asMap(input);
diff --git a/java/com/google/gerrit/server/restapi/account/PutHttpPassword.java b/java/com/google/gerrit/server/restapi/account/PutHttpPassword.java
index 468f285..7f7c2ae 100644
--- a/java/com/google/gerrit/server/restapi/account/PutHttpPassword.java
+++ b/java/com/google/gerrit/server/restapi/account/PutHttpPassword.java
@@ -76,7 +76,7 @@
throws AuthException, ResourceNotFoundException, ResourceConflictException, OrmException,
IOException, ConfigInvalidException, PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
if (input == null) {
@@ -91,7 +91,7 @@
newPassword = null;
} else {
// Only administrators can explicitly set the password.
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
newPassword = input.httpPassword;
}
return apply(rsrc.getUser(), newPassword);
diff --git a/java/com/google/gerrit/server/restapi/account/PutName.java b/java/com/google/gerrit/server/restapi/account/PutName.java
index 031249d..a982331 100644
--- a/java/com/google/gerrit/server/restapi/account/PutName.java
+++ b/java/com/google/gerrit/server/restapi/account/PutName.java
@@ -63,7 +63,7 @@
throws AuthException, MethodNotAllowedException, ResourceNotFoundException, OrmException,
IOException, PermissionBackendException, ConfigInvalidException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), input);
}
diff --git a/java/com/google/gerrit/server/restapi/account/PutPreferred.java b/java/com/google/gerrit/server/restapi/account/PutPreferred.java
index aafdfc1..a30e074 100644
--- a/java/com/google/gerrit/server/restapi/account/PutPreferred.java
+++ b/java/com/google/gerrit/server/restapi/account/PutPreferred.java
@@ -57,7 +57,7 @@
throws AuthException, ResourceNotFoundException, OrmException, IOException,
PermissionBackendException, ConfigInvalidException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), rsrc.getEmail());
}
diff --git a/java/com/google/gerrit/server/restapi/account/PutStatus.java b/java/com/google/gerrit/server/restapi/account/PutStatus.java
index c9ae2a0..3c173a0 100644
--- a/java/com/google/gerrit/server/restapi/account/PutStatus.java
+++ b/java/com/google/gerrit/server/restapi/account/PutStatus.java
@@ -57,7 +57,7 @@
throws AuthException, ResourceNotFoundException, OrmException, IOException,
PermissionBackendException, ConfigInvalidException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), input);
}
diff --git a/java/com/google/gerrit/server/restapi/account/PutUsername.java b/java/com/google/gerrit/server/restapi/account/PutUsername.java
index 9893cf0..4024c10 100644
--- a/java/com/google/gerrit/server/restapi/account/PutUsername.java
+++ b/java/com/google/gerrit/server/restapi/account/PutUsername.java
@@ -75,7 +75,7 @@
ResourceConflictException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
}
if (!realm.allowsEdit(AccountFieldName.USER_NAME)) {
diff --git a/java/com/google/gerrit/server/restapi/account/QueryAccounts.java b/java/com/google/gerrit/server/restapi/account/QueryAccounts.java
index fa4550d..567027d 100644
--- a/java/com/google/gerrit/server/restapi/account/QueryAccounts.java
+++ b/java/com/google/gerrit/server/restapi/account/QueryAccounts.java
@@ -170,7 +170,7 @@
}
boolean modifyAccountCapabilityChecked = false;
if (options.contains(ListAccountsOption.ALL_EMAILS)) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
modifyAccountCapabilityChecked = true;
fillOptions.add(FillOptions.EMAIL);
fillOptions.add(FillOptions.SECONDARY_EMAILS);
@@ -180,7 +180,7 @@
fillOptions.add(FillOptions.EMAIL);
if (modifyAccountCapabilityChecked
- || permissionBackend.user(self).test(GlobalPermission.MODIFY_ACCOUNT)) {
+ || permissionBackend.currentUser().test(GlobalPermission.MODIFY_ACCOUNT)) {
fillOptions.add(FillOptions.SECONDARY_EMAILS);
}
}
diff --git a/java/com/google/gerrit/server/restapi/account/SetDiffPreferences.java b/java/com/google/gerrit/server/restapi/account/SetDiffPreferences.java
index 1e300c7..6aa88de 100644
--- a/java/com/google/gerrit/server/restapi/account/SetDiffPreferences.java
+++ b/java/com/google/gerrit/server/restapi/account/SetDiffPreferences.java
@@ -58,7 +58,7 @@
throws RestApiException, ConfigInvalidException, RepositoryNotFoundException, IOException,
PermissionBackendException, OrmException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
if (input == null) {
diff --git a/java/com/google/gerrit/server/restapi/account/SetEditPreferences.java b/java/com/google/gerrit/server/restapi/account/SetEditPreferences.java
index e06eaf3..dad6e0f 100644
--- a/java/com/google/gerrit/server/restapi/account/SetEditPreferences.java
+++ b/java/com/google/gerrit/server/restapi/account/SetEditPreferences.java
@@ -59,7 +59,7 @@
throws RestApiException, RepositoryNotFoundException, IOException, ConfigInvalidException,
PermissionBackendException, OrmException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
if (input == null) {
diff --git a/java/com/google/gerrit/server/restapi/account/SetPreferences.java b/java/com/google/gerrit/server/restapi/account/SetPreferences.java
index dcc2695..11ecfdb 100644
--- a/java/com/google/gerrit/server/restapi/account/SetPreferences.java
+++ b/java/com/google/gerrit/server/restapi/account/SetPreferences.java
@@ -64,7 +64,7 @@
throws RestApiException, IOException, ConfigInvalidException, PermissionBackendException,
OrmException {
if (self.get() != rsrc.getUser()) {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
checkDownloadScheme(input.downloadScheme);
diff --git a/java/com/google/gerrit/server/restapi/account/SshKeys.java b/java/com/google/gerrit/server/restapi/account/SshKeys.java
index 52861ce..fa447c2 100644
--- a/java/com/google/gerrit/server/restapi/account/SshKeys.java
+++ b/java/com/google/gerrit/server/restapi/account/SshKeys.java
@@ -68,7 +68,7 @@
PermissionBackendException {
if (self.get() != rsrc.getUser()) {
try {
- permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
+ permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
} catch (AuthException e) {
// If lacking MODIFY_ACCOUNT claim the resource does not exist.
throw new ResourceNotFoundException();
diff --git a/java/com/google/gerrit/server/restapi/change/ChangesCollection.java b/java/com/google/gerrit/server/restapi/change/ChangesCollection.java
index e44896e..bf8bb1f 100644
--- a/java/com/google/gerrit/server/restapi/change/ChangesCollection.java
+++ b/java/com/google/gerrit/server/restapi/change/ChangesCollection.java
@@ -137,7 +137,7 @@
private boolean canRead(ChangeNotes notes) throws PermissionBackendException, IOException {
try {
- permissionBackend.user(user).change(notes).database(db).check(ChangePermission.READ);
+ permissionBackend.currentUser().change(notes).database(db).check(ChangePermission.READ);
} catch (AuthException e) {
return false;
}
diff --git a/java/com/google/gerrit/server/restapi/change/Check.java b/java/com/google/gerrit/server/restapi/change/Check.java
index fbf19be..f3e0077 100644
--- a/java/com/google/gerrit/server/restapi/change/Check.java
+++ b/java/com/google/gerrit/server/restapi/change/Check.java
@@ -22,7 +22,6 @@
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.extensions.restapi.RestReadView;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.ChangeJson;
import com.google.gerrit.server.change.ChangeResource;
import com.google.gerrit.server.permissions.GlobalPermission;
@@ -32,7 +31,6 @@
import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import java.io.IOException;
import javax.inject.Singleton;
@@ -40,13 +38,11 @@
public class Check
implements RestReadView<ChangeResource>, RestModifyView<ChangeResource, FixInput> {
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final ChangeJson.Factory jsonFactory;
@Inject
- Check(PermissionBackend permissionBackend, Provider<CurrentUser> user, ChangeJson.Factory json) {
+ Check(PermissionBackend permissionBackend, ChangeJson.Factory json) {
this.permissionBackend = permissionBackend;
- this.user = user;
this.jsonFactory = json;
}
@@ -59,7 +55,7 @@
public Response<ChangeInfo> apply(ChangeResource rsrc, FixInput input)
throws RestApiException, OrmException, PermissionBackendException, NoSuchProjectException,
IOException {
- PermissionBackend.WithUser perm = permissionBackend.user(user);
+ PermissionBackend.WithUser perm = permissionBackend.currentUser();
if (!rsrc.isUserOwner()) {
try {
perm.project(rsrc.getProject()).check(ProjectPermission.READ_CONFIG);
diff --git a/java/com/google/gerrit/server/restapi/change/CherryPick.java b/java/com/google/gerrit/server/restapi/change/CherryPick.java
index 2de5ba46..26a85e1 100644
--- a/java/com/google/gerrit/server/restapi/change/CherryPick.java
+++ b/java/com/google/gerrit/server/restapi/change/CherryPick.java
@@ -25,7 +25,6 @@
import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.RefNames;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.ChangeJson;
import com.google.gerrit.server.change.RevisionResource;
import com.google.gerrit.server.git.IntegrationException;
@@ -44,7 +43,6 @@
import com.google.gerrit.server.update.UpdateException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import org.eclipse.jgit.errors.ConfigInvalidException;
@@ -57,7 +55,6 @@
implements UiAction<RevisionResource> {
private static final Logger log = LoggerFactory.getLogger(CherryPick.class);
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final CherryPickChange cherryPickChange;
private final ChangeJson.Factory json;
private final ContributorAgreementsChecker contributorAgreements;
@@ -66,7 +63,6 @@
@Inject
CherryPick(
PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
RetryHelper retryHelper,
CherryPickChange cherryPickChange,
ChangeJson.Factory json,
@@ -74,7 +70,6 @@
ProjectCache projectCache) {
super(retryHelper);
this.permissionBackend = permissionBackend;
- this.user = user;
this.cherryPickChange = cherryPickChange;
this.json = json;
this.contributorAgreements = contributorAgreements;
@@ -97,7 +92,7 @@
contributorAgreements.check(rsrc.getProject(), rsrc.getUser());
permissionBackend
- .user(user)
+ .currentUser()
.project(rsrc.getChange().getProject())
.ref(refName)
.check(RefPermission.CREATE_CHANGE);
@@ -134,7 +129,7 @@
and(
rsrc.isCurrent() && projectStatePermitsWrite,
permissionBackend
- .user(user)
+ .currentUser()
.project(rsrc.getProject())
.testCond(ProjectPermission.CREATE_CHANGE)));
}
diff --git a/java/com/google/gerrit/server/restapi/change/CherryPickCommit.java b/java/com/google/gerrit/server/restapi/change/CherryPickCommit.java
index 7c10086..3221eaf 100644
--- a/java/com/google/gerrit/server/restapi/change/CherryPickCommit.java
+++ b/java/com/google/gerrit/server/restapi/change/CherryPickCommit.java
@@ -90,7 +90,7 @@
String refName = RefNames.fullName(destination);
contributorAgreements.check(projectName, user.get());
permissionBackend
- .user(user)
+ .currentUser()
.project(projectName)
.ref(refName)
.check(RefPermission.CREATE_CHANGE);
diff --git a/java/com/google/gerrit/server/restapi/change/CreateChange.java b/java/com/google/gerrit/server/restapi/change/CreateChange.java
index 499cbb6..d8aa880 100644
--- a/java/com/google/gerrit/server/restapi/change/CreateChange.java
+++ b/java/com/google/gerrit/server/restapi/change/CreateChange.java
@@ -192,7 +192,11 @@
Project.NameKey project = rsrc.getNameKey();
String refName = RefNames.fullName(input.branch);
- permissionBackend.user(user).project(project).ref(refName).check(RefPermission.CREATE_CHANGE);
+ permissionBackend
+ .currentUser()
+ .project(project)
+ .ref(refName)
+ .check(RefPermission.CREATE_CHANGE);
rsrc.getProjectState().checkStatePermitsWrite();
try (Repository git = gitManager.openRepository(project);
@@ -208,7 +212,7 @@
}
ChangeNotes change = Iterables.getOnlyElement(notes);
try {
- permissionBackend.user(user).change(change).database(db).check(ChangePermission.READ);
+ permissionBackend.currentUser().change(change).database(db).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException("Read not permitted for " + input.baseChange);
}
diff --git a/java/com/google/gerrit/server/restapi/change/CreateMergePatchSet.java b/java/com/google/gerrit/server/restapi/change/CreateMergePatchSet.java
index dcaba77..70a2251 100644
--- a/java/com/google/gerrit/server/restapi/change/CreateMergePatchSet.java
+++ b/java/com/google/gerrit/server/restapi/change/CreateMergePatchSet.java
@@ -210,7 +210,7 @@
}
ChangeNotes change = Iterables.getOnlyElement(notes);
try {
- permissionBackend.user(user).change(change).database(db).check(ChangePermission.READ);
+ permissionBackend.currentUser().change(change).database(db).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException("Read not permitted for " + baseChange);
}
diff --git a/java/com/google/gerrit/server/restapi/change/Index.java b/java/com/google/gerrit/server/restapi/change/Index.java
index 55f53a6..a5dd868 100644
--- a/java/com/google/gerrit/server/restapi/change/Index.java
+++ b/java/com/google/gerrit/server/restapi/change/Index.java
@@ -18,7 +18,6 @@
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.reviewdb.server.ReviewDb;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.ChangeResource;
import com.google.gerrit.server.index.change.ChangeIndexer;
import com.google.gerrit.server.permissions.GlobalPermission;
@@ -38,7 +37,6 @@
private final Provider<ReviewDb> db;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final ChangeIndexer indexer;
@Inject
@@ -46,12 +44,10 @@
Provider<ReviewDb> db,
RetryHelper retryHelper,
PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
ChangeIndexer indexer) {
super(retryHelper);
this.db = db;
this.permissionBackend = permissionBackend;
- this.user = user;
this.indexer = indexer;
}
@@ -59,7 +55,7 @@
protected Response<?> applyImpl(
BatchUpdate.Factory updateFactory, ChangeResource rsrc, Input input)
throws IOException, AuthException, OrmException, PermissionBackendException {
- permissionBackend.user(user).check(GlobalPermission.MAINTAIN_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.MAINTAIN_SERVER);
indexer.index(db.get(), rsrc.getChange());
return Response.none();
}
diff --git a/java/com/google/gerrit/server/restapi/change/PostReviewers.java b/java/com/google/gerrit/server/restapi/change/PostReviewers.java
index f9d7083..2049929 100644
--- a/java/com/google/gerrit/server/restapi/change/PostReviewers.java
+++ b/java/com/google/gerrit/server/restapi/change/PostReviewers.java
@@ -360,7 +360,7 @@
ListMultimap<RecipientType, Account.Id> accountsToNotify)
throws PermissionBackendException {
if (!permissionBackend
- .user(anonymousProvider)
+ .user(anonymousProvider.get())
.change(rsrc.getNotes())
.database(dbProvider)
.test(ChangePermission.READ)) {
diff --git a/java/com/google/gerrit/server/restapi/change/RelatedChangesSorter.java b/java/com/google/gerrit/server/restapi/change/RelatedChangesSorter.java
index 303401c..fbdfb54 100644
--- a/java/com/google/gerrit/server/restapi/change/RelatedChangesSorter.java
+++ b/java/com/google/gerrit/server/restapi/change/RelatedChangesSorter.java
@@ -29,7 +29,6 @@
import com.google.gerrit.reviewdb.client.PatchSet;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.permissions.ChangePermission;
import com.google.gerrit.server.permissions.PermissionBackend;
@@ -64,20 +63,17 @@
private final PermissionBackend permissionBackend;
private final Provider<ReviewDb> dbProvider;
private final ProjectCache projectCache;
- private final Provider<CurrentUser> currentUserProvider;
@Inject
RelatedChangesSorter(
GitRepositoryManager repoManager,
PermissionBackend permissionBackend,
Provider<ReviewDb> dbProvider,
- ProjectCache projectCache,
- Provider<CurrentUser> currentUserProvider) {
+ ProjectCache projectCache) {
this.repoManager = repoManager;
this.permissionBackend = permissionBackend;
this.dbProvider = dbProvider;
this.projectCache = projectCache;
- this.currentUserProvider = currentUserProvider;
}
public List<PatchSetData> sort(List<ChangeData> in, PatchSet startPs)
@@ -239,8 +235,7 @@
}
private boolean isVisible(PatchSetData psd) throws PermissionBackendException, IOException {
- PermissionBackend.WithUser perm =
- permissionBackend.user(currentUserProvider).database(dbProvider);
+ PermissionBackend.WithUser perm = permissionBackend.currentUser().database(dbProvider);
try {
perm.change(psd.data()).check(ChangePermission.READ);
} catch (AuthException e) {
diff --git a/java/com/google/gerrit/server/restapi/change/ReviewersUtil.java b/java/com/google/gerrit/server/restapi/change/ReviewersUtil.java
index 38ed756..ac88b65 100644
--- a/java/com/google/gerrit/server/restapi/change/ReviewersUtil.java
+++ b/java/com/google/gerrit/server/restapi/change/ReviewersUtil.java
@@ -286,7 +286,7 @@
private List<SuggestedReviewerInfo> loadAccounts(List<Account.Id> accountIds)
throws OrmException, PermissionBackendException {
Set<FillOptions> fillOptions =
- permissionBackend.user(self).test(GlobalPermission.MODIFY_ACCOUNT)
+ permissionBackend.currentUser().test(GlobalPermission.MODIFY_ACCOUNT)
? EnumSet.of(FillOptions.SECONDARY_EMAILS)
: EnumSet.noneOf(FillOptions.class);
fillOptions.addAll(AccountLoader.DETAILED_OPTIONS);
diff --git a/java/com/google/gerrit/server/restapi/change/SetReadyForReview.java b/java/com/google/gerrit/server/restapi/change/SetReadyForReview.java
index f487c28..b9dc1e7 100644
--- a/java/com/google/gerrit/server/restapi/change/SetReadyForReview.java
+++ b/java/com/google/gerrit/server/restapi/change/SetReadyForReview.java
@@ -67,7 +67,7 @@
throws RestApiException, UpdateException, PermissionBackendException {
Change change = rsrc.getChange();
if (!rsrc.isUserOwner()
- && !permissionBackend.user(self).test(GlobalPermission.ADMINISTRATE_SERVER)) {
+ && !permissionBackend.currentUser().test(GlobalPermission.ADMINISTRATE_SERVER)) {
throw new AuthException("not allowed to set ready for review");
}
diff --git a/java/com/google/gerrit/server/restapi/change/SetWorkInProgress.java b/java/com/google/gerrit/server/restapi/change/SetWorkInProgress.java
index 7fcf6a0..ed28abb 100644
--- a/java/com/google/gerrit/server/restapi/change/SetWorkInProgress.java
+++ b/java/com/google/gerrit/server/restapi/change/SetWorkInProgress.java
@@ -24,7 +24,6 @@
import com.google.gerrit.reviewdb.client.Change.Status;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.ChangeUtil;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.change.ChangeResource;
import com.google.gerrit.server.change.WorkInProgressOp;
import com.google.gerrit.server.change.WorkInProgressOp.Input;
@@ -44,7 +43,6 @@
implements UiAction<ChangeResource> {
private final WorkInProgressOp.Factory opFactory;
private final Provider<ReviewDb> db;
- private final Provider<CurrentUser> self;
private final PermissionBackend permissionBackend;
@Inject
@@ -52,12 +50,10 @@
WorkInProgressOp.Factory opFactory,
RetryHelper retryHelper,
Provider<ReviewDb> db,
- Provider<CurrentUser> self,
PermissionBackend permissionBackend) {
super(retryHelper);
this.opFactory = opFactory;
this.db = db;
- this.self = self;
this.permissionBackend = permissionBackend;
}
@@ -68,7 +64,7 @@
Change change = rsrc.getChange();
if (!rsrc.isUserOwner()
- && !permissionBackend.user(self).test(GlobalPermission.ADMINISTRATE_SERVER)) {
+ && !permissionBackend.currentUser().test(GlobalPermission.ADMINISTRATE_SERVER)) {
throw new AuthException("not allowed to set work in progress");
}
diff --git a/java/com/google/gerrit/server/restapi/change/SuggestChangeReviewers.java b/java/com/google/gerrit/server/restapi/change/SuggestChangeReviewers.java
index 4033d10..2dac5ef 100644
--- a/java/com/google/gerrit/server/restapi/change/SuggestChangeReviewers.java
+++ b/java/com/google/gerrit/server/restapi/change/SuggestChangeReviewers.java
@@ -88,7 +88,7 @@
private VisibilityControl getVisibility(ChangeResource rsrc) {
// Use the destination reference, not the change, as private changes deny anyone who is not
// already a reviewer.
- PermissionBackend.ForRef perm = permissionBackend.user(self).ref(rsrc.getChange().getDest());
+ PermissionBackend.ForRef perm = permissionBackend.currentUser().ref(rsrc.getChange().getDest());
return new VisibilityControl() {
@Override
public boolean isVisibleTo(Account.Id account) throws OrmException {
diff --git a/java/com/google/gerrit/server/restapi/config/CachesCollection.java b/java/com/google/gerrit/server/restapi/config/CachesCollection.java
index cfdc648..e3d9e3c 100644
--- a/java/com/google/gerrit/server/restapi/config/CachesCollection.java
+++ b/java/com/google/gerrit/server/restapi/config/CachesCollection.java
@@ -27,7 +27,6 @@
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestView;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.CacheResource;
import com.google.gerrit.server.config.ConfigResource;
import com.google.gerrit.server.permissions.GlobalPermission;
@@ -45,7 +44,6 @@
private final DynamicMap<RestView<CacheResource>> views;
private final Provider<ListCaches> list;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> self;
private final DynamicMap<Cache<?, ?>> cacheMap;
private final PostCaches postCaches;
@@ -54,13 +52,11 @@
DynamicMap<RestView<CacheResource>> views,
Provider<ListCaches> list,
PermissionBackend permissionBackend,
- Provider<CurrentUser> self,
DynamicMap<Cache<?, ?>> cacheMap,
PostCaches postCaches) {
this.views = views;
this.list = list;
this.permissionBackend = permissionBackend;
- this.self = self;
this.cacheMap = cacheMap;
this.postCaches = postCaches;
}
@@ -73,7 +69,7 @@
@Override
public CacheResource parse(ConfigResource parent, IdString id)
throws AuthException, ResourceNotFoundException, PermissionBackendException {
- permissionBackend.user(self).check(GlobalPermission.VIEW_CACHES);
+ permissionBackend.currentUser().check(GlobalPermission.VIEW_CACHES);
String cacheName = id.get();
String pluginName = "gerrit";
diff --git a/java/com/google/gerrit/server/restapi/config/CheckConsistency.java b/java/com/google/gerrit/server/restapi/config/CheckConsistency.java
index 95b20c2..a16736b 100644
--- a/java/com/google/gerrit/server/restapi/config/CheckConsistency.java
+++ b/java/com/google/gerrit/server/restapi/config/CheckConsistency.java
@@ -22,7 +22,6 @@
import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.account.AccountsConsistencyChecker;
import com.google.gerrit.server.account.externalids.ExternalIdsConsistencyChecker;
import com.google.gerrit.server.config.ConfigResource;
@@ -32,7 +31,6 @@
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import org.eclipse.jgit.errors.ConfigInvalidException;
@@ -40,7 +38,6 @@
@Singleton
public class CheckConsistency implements RestModifyView<ConfigResource, ConsistencyCheckInput> {
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final AccountsConsistencyChecker accountsConsistencyChecker;
private final ExternalIdsConsistencyChecker externalIdsConsistencyChecker;
private final GroupsConsistencyChecker groupsConsistencyChecker;
@@ -48,12 +45,10 @@
@Inject
CheckConsistency(
PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
AccountsConsistencyChecker accountsConsistencyChecker,
ExternalIdsConsistencyChecker externalIdsConsistencyChecker,
GroupsConsistencyChecker groupsChecker) {
this.permissionBackend = permissionBackend;
- this.user = user;
this.accountsConsistencyChecker = accountsConsistencyChecker;
this.externalIdsConsistencyChecker = externalIdsConsistencyChecker;
this.groupsConsistencyChecker = groupsChecker;
@@ -63,7 +58,7 @@
public ConsistencyCheckInfo apply(ConfigResource resource, ConsistencyCheckInput input)
throws RestApiException, IOException, OrmException, PermissionBackendException,
ConfigInvalidException {
- permissionBackend.user(user).check(GlobalPermission.ACCESS_DATABASE);
+ permissionBackend.currentUser().check(GlobalPermission.ACCESS_DATABASE);
if (input == null
|| (input.checkAccounts == null
diff --git a/java/com/google/gerrit/server/restapi/config/FlushCache.java b/java/com/google/gerrit/server/restapi/config/FlushCache.java
index 55e9dc3..9ea9e33 100644
--- a/java/com/google/gerrit/server/restapi/config/FlushCache.java
+++ b/java/com/google/gerrit/server/restapi/config/FlushCache.java
@@ -22,13 +22,11 @@
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.CacheResource;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
@RequiresAnyCapability({FLUSH_CACHES, MAINTAIN_SERVER})
@@ -38,19 +36,17 @@
public static final String WEB_SESSIONS = "web_sessions";
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> self;
@Inject
- public FlushCache(PermissionBackend permissionBackend, Provider<CurrentUser> self) {
+ public FlushCache(PermissionBackend permissionBackend) {
this.permissionBackend = permissionBackend;
- this.self = self;
}
@Override
public Response<String> apply(CacheResource rsrc, Input input)
throws AuthException, PermissionBackendException {
if (WEB_SESSIONS.equals(rsrc.getName())) {
- permissionBackend.user(self).check(GlobalPermission.MAINTAIN_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.MAINTAIN_SERVER);
}
rsrc.getCache().invalidateAll();
diff --git a/java/com/google/gerrit/server/restapi/project/BranchesCollection.java b/java/com/google/gerrit/server/restapi/project/BranchesCollection.java
index da5f058..f8ff7b9 100644
--- a/java/com/google/gerrit/server/restapi/project/BranchesCollection.java
+++ b/java/com/google/gerrit/server/restapi/project/BranchesCollection.java
@@ -24,7 +24,6 @@
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.client.RefNames;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
@@ -45,7 +44,6 @@
private final DynamicMap<RestView<BranchResource>> views;
private final Provider<ListBranches> list;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final GitRepositoryManager repoManager;
private final CreateBranch.Factory createBranchFactory;
@@ -54,13 +52,11 @@
DynamicMap<RestView<BranchResource>> views,
Provider<ListBranches> list,
PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
GitRepositoryManager repoManager,
CreateBranch.Factory createBranchFactory) {
this.views = views;
this.list = list;
this.permissionBackend = permissionBackend;
- this.user = user;
this.repoManager = repoManager;
this.createBranchFactory = createBranchFactory;
}
@@ -86,7 +82,7 @@
// rights on the symbolic reference itself. This check prevents seeing a hidden
// branch simply because the symbolic reference name was visible.
permissionBackend
- .user(user)
+ .currentUser()
.project(project)
.ref(ref.isSymbolic() ? ref.getTarget().getName() : ref.getName())
.check(RefPermission.READ);
diff --git a/java/com/google/gerrit/server/restapi/project/CreateBranch.java b/java/com/google/gerrit/server/restapi/project/CreateBranch.java
index b87e2f9..9f3c473 100644
--- a/java/com/google/gerrit/server/restapi/project/CreateBranch.java
+++ b/java/com/google/gerrit/server/restapi/project/CreateBranch.java
@@ -179,7 +179,7 @@
info.ref = ref;
info.revision = revid.getName();
info.canDelete =
- permissionBackend.user(identifiedUser).ref(name).testOrFalse(RefPermission.DELETE)
+ permissionBackend.currentUser().ref(name).testOrFalse(RefPermission.DELETE)
&& rsrc.getProjectState().statePermitsWrite()
? true
: null;
diff --git a/java/com/google/gerrit/server/restapi/project/CreateTag.java b/java/com/google/gerrit/server/restapi/project/CreateTag.java
index 2dc2c4a..2c3735f 100644
--- a/java/com/google/gerrit/server/restapi/project/CreateTag.java
+++ b/java/com/google/gerrit/server/restapi/project/CreateTag.java
@@ -26,7 +26,6 @@
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
-import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.WebLinks;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
@@ -39,7 +38,6 @@
import com.google.gerrit.server.project.RefUtil;
import com.google.gerrit.server.project.RefUtil.InvalidRevisionException;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.assistedinject.Assisted;
import java.io.IOException;
import java.util.TimeZone;
@@ -63,7 +61,6 @@
}
private final PermissionBackend permissionBackend;
- private final Provider<IdentifiedUser> identifiedUser;
private final GitRepositoryManager repoManager;
private final TagCache tagCache;
private final GitReferenceUpdated referenceUpdated;
@@ -73,14 +70,12 @@
@Inject
CreateTag(
PermissionBackend permissionBackend,
- Provider<IdentifiedUser> identifiedUser,
GitRepositoryManager repoManager,
TagCache tagCache,
GitReferenceUpdated referenceUpdated,
WebLinks webLinks,
@Assisted String ref) {
this.permissionBackend = permissionBackend;
- this.identifiedUser = identifiedUser;
this.repoManager = repoManager;
this.tagCache = tagCache;
this.referenceUpdated = referenceUpdated;
@@ -103,7 +98,7 @@
ref = RefUtil.normalizeTagRef(ref);
PermissionBackend.ForRef perm =
- permissionBackend.user(identifiedUser).project(resource.getNameKey()).ref(ref);
+ permissionBackend.currentUser().project(resource.getNameKey()).ref(ref);
try (Repository repo = repoManager.openRepository(resource.getNameKey())) {
ObjectId revid = RefUtil.parseBaseRevision(repo, resource.getNameKey(), input.revision);
@@ -134,7 +129,10 @@
if (isAnnotated) {
tag.setMessage(input.message)
.setTagger(
- identifiedUser.get().newCommitterIdent(TimeUtil.nowTs(), TimeZone.getDefault()));
+ resource
+ .getUser()
+ .asIdentifiedUser()
+ .newCommitterIdent(TimeUtil.nowTs(), TimeZone.getDefault()));
}
Ref result = tag.call();
@@ -145,7 +143,7 @@
ref,
ObjectId.zeroId(),
result.getObjectId(),
- identifiedUser.get().state());
+ resource.getUser().asIdentifiedUser().state());
try (RevWalk w = new RevWalk(repo)) {
return ListTags.createTagInfo(perm, result, w, resource.getProjectState(), links);
}
diff --git a/java/com/google/gerrit/server/restapi/project/DeleteBranch.java b/java/com/google/gerrit/server/restapi/project/DeleteBranch.java
index 3114f8a..89213a0 100644
--- a/java/com/google/gerrit/server/restapi/project/DeleteBranch.java
+++ b/java/com/google/gerrit/server/restapi/project/DeleteBranch.java
@@ -21,7 +21,6 @@
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.RefPermission;
@@ -38,25 +37,22 @@
private final Provider<InternalChangeQuery> queryProvider;
private final DeleteRef.Factory deleteRefFactory;
- private final Provider<CurrentUser> user;
private final PermissionBackend permissionBackend;
@Inject
DeleteBranch(
Provider<InternalChangeQuery> queryProvider,
DeleteRef.Factory deleteRefFactory,
- Provider<CurrentUser> user,
PermissionBackend permissionBackend) {
this.queryProvider = queryProvider;
this.deleteRefFactory = deleteRefFactory;
- this.user = user;
this.permissionBackend = permissionBackend;
}
@Override
public Response<?> apply(BranchResource rsrc, Input input)
throws RestApiException, OrmException, IOException, PermissionBackendException {
- permissionBackend.user(user).ref(rsrc.getBranchKey()).check(RefPermission.DELETE);
+ permissionBackend.currentUser().ref(rsrc.getBranchKey()).check(RefPermission.DELETE);
rsrc.getProjectState().checkStatePermitsWrite();
if (!queryProvider.get().setLimit(1).byBranchOpen(rsrc.getBranchKey()).isEmpty()) {
diff --git a/java/com/google/gerrit/server/restapi/project/DeleteRef.java b/java/com/google/gerrit/server/restapi/project/DeleteRef.java
index 56d68f9..c51fc56 100644
--- a/java/com/google/gerrit/server/restapi/project/DeleteRef.java
+++ b/java/com/google/gerrit/server/restapi/project/DeleteRef.java
@@ -222,7 +222,7 @@
try {
permissionBackend
- .user(identifiedUser)
+ .currentUser()
.project(project.getNameKey())
.ref(refName)
.check(RefPermission.DELETE);
diff --git a/java/com/google/gerrit/server/restapi/project/DeleteTag.java b/java/com/google/gerrit/server/restapi/project/DeleteTag.java
index f432129..a3886bc 100644
--- a/java/com/google/gerrit/server/restapi/project/DeleteTag.java
+++ b/java/com/google/gerrit/server/restapi/project/DeleteTag.java
@@ -18,7 +18,6 @@
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.RefPermission;
@@ -26,7 +25,6 @@
import com.google.gerrit.server.project.TagResource;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
@@ -34,16 +32,11 @@
public class DeleteTag implements RestModifyView<TagResource, Input> {
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final DeleteRef.Factory deleteRefFactory;
@Inject
- DeleteTag(
- PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
- DeleteRef.Factory deleteRefFactory) {
+ DeleteTag(PermissionBackend permissionBackend, DeleteRef.Factory deleteRefFactory) {
this.permissionBackend = permissionBackend;
- this.user = user;
this.deleteRefFactory = deleteRefFactory;
}
@@ -52,7 +45,7 @@
throws OrmException, RestApiException, IOException, PermissionBackendException {
String tag = RefUtil.normalizeTagRef(resource.getTagInfo().ref);
permissionBackend
- .user(user)
+ .currentUser()
.project(resource.getNameKey())
.ref(tag)
.check(RefPermission.DELETE);
diff --git a/java/com/google/gerrit/server/restapi/project/GetAccess.java b/java/com/google/gerrit/server/restapi/project/GetAccess.java
index 21d6013..38eb20a7 100644
--- a/java/com/google/gerrit/server/restapi/project/GetAccess.java
+++ b/java/com/google/gerrit/server/restapi/project/GetAccess.java
@@ -137,7 +137,7 @@
Project.NameKey projectName = rsrc.getNameKey();
ProjectAccessInfo info = new ProjectAccessInfo();
ProjectState projectState = projectCache.checkedGet(projectName);
- PermissionBackend.ForProject perm = permissionBackend.user(user).project(projectName);
+ PermissionBackend.ForProject perm = permissionBackend.currentUser().project(projectName);
ProjectConfig config;
try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
@@ -160,12 +160,12 @@
config.commit(md);
projectCache.evict(config.getProject());
projectState = projectCache.checkedGet(projectName);
- perm = permissionBackend.user(user).project(projectName);
+ perm = permissionBackend.currentUser().project(projectName);
} else if (config.getRevision() != null
&& !config.getRevision().equals(projectState.getConfig().getRevision())) {
projectCache.evict(config.getProject());
projectState = projectCache.checkedGet(projectName);
- perm = permissionBackend.user(user).project(projectName);
+ perm = permissionBackend.currentUser().project(projectName);
}
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(e.getMessage());
@@ -239,7 +239,7 @@
}
if (info.ownerOf.isEmpty()
- && permissionBackend.user(user).test(GlobalPermission.ADMINISTRATE_SERVER)) {
+ && permissionBackend.currentUser().test(GlobalPermission.ADMINISTRATE_SERVER)) {
// Special case: If the section list is empty, this project has no current
// access control information. Fall back to site administrators.
info.ownerOf.add(AccessSection.ALL);
@@ -255,7 +255,7 @@
}
if (projectName.equals(allProjectsName)
- && permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER)) {
+ && permissionBackend.currentUser().testOrFalse(ADMINISTRATE_SERVER)) {
info.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
}
diff --git a/java/com/google/gerrit/server/restapi/project/ListBranches.java b/java/com/google/gerrit/server/restapi/project/ListBranches.java
index 05b6def..b6fa6d0 100644
--- a/java/com/google/gerrit/server/restapi/project/ListBranches.java
+++ b/java/com/google/gerrit/server/restapi/project/ListBranches.java
@@ -40,7 +40,6 @@
import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.project.RefFilter;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
@@ -58,7 +57,6 @@
public class ListBranches implements RestReadView<ProjectResource> {
private final GitRepositoryManager repoManager;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final DynamicMap<RestView<BranchResource>> branchViews;
private final UiActions uiActions;
private final WebLinks webLinks;
@@ -112,13 +110,11 @@
public ListBranches(
GitRepositoryManager repoManager,
PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
DynamicMap<RestView<BranchResource>> branchViews,
UiActions uiActions,
WebLinks webLinks) {
this.repoManager = repoManager;
this.permissionBackend = permissionBackend;
- this.user = user;
this.branchViews = branchViews;
this.uiActions = uiActions;
this.webLinks = webLinks;
@@ -183,7 +179,7 @@
}
}
- PermissionBackend.ForProject perm = permissionBackend.user(user).project(rsrc.getNameKey());
+ PermissionBackend.ForProject perm = permissionBackend.currentUser().project(rsrc.getNameKey());
List<BranchInfo> branches = new ArrayList<>(refs.size());
for (Ref ref : refs) {
if (ref.isSymbolic()) {
diff --git a/java/com/google/gerrit/server/restapi/project/ListChildProjects.java b/java/com/google/gerrit/server/restapi/project/ListChildProjects.java
index 5727c6b..7db4f84 100644
--- a/java/com/google/gerrit/server/restapi/project/ListChildProjects.java
+++ b/java/com/google/gerrit/server/restapi/project/ListChildProjects.java
@@ -20,7 +20,6 @@
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
@@ -31,7 +30,6 @@
import com.google.gerrit.server.project.ProjectResource;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -44,7 +42,6 @@
private final ProjectCache projectCache;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final AllProjectsName allProjects;
private final ProjectJson json;
private final ChildProjects childProjects;
@@ -53,13 +50,11 @@
ListChildProjects(
ProjectCache projectCache,
PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
AllProjectsName allProjectsName,
ProjectJson json,
ChildProjects childProjects) {
this.projectCache = projectCache;
this.permissionBackend = permissionBackend;
- this.user = user;
this.allProjects = allProjectsName;
this.json = json;
this.childProjects = childProjects;
@@ -90,7 +85,7 @@
}
}
return permissionBackend
- .user(user)
+ .currentUser()
.filter(ProjectPermission.ACCESS, children.keySet())
.stream()
.sorted()
diff --git a/java/com/google/gerrit/server/restapi/project/ListDashboards.java b/java/com/google/gerrit/server/restapi/project/ListDashboards.java
index 2c8ea2e..08b4069 100644
--- a/java/com/google/gerrit/server/restapi/project/ListDashboards.java
+++ b/java/com/google/gerrit/server/restapi/project/ListDashboards.java
@@ -20,7 +20,6 @@
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
@@ -29,7 +28,6 @@
import com.google.gerrit.server.project.ProjectResource;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
@@ -53,19 +51,14 @@
private final GitRepositoryManager gitManager;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
@Option(name = "--inherited", usage = "include inherited dashboards")
private boolean inherited;
@Inject
- ListDashboards(
- GitRepositoryManager gitManager,
- PermissionBackend permissionBackend,
- Provider<CurrentUser> user) {
+ ListDashboards(GitRepositoryManager gitManager, PermissionBackend permissionBackend) {
this.gitManager = gitManager;
this.permissionBackend = permissionBackend;
- this.user = user;
}
@Override
@@ -98,13 +91,13 @@
tree.put(ps.getNameKey(), ps);
}
tree.keySet()
- .retainAll(permissionBackend.user(user).filter(ProjectPermission.ACCESS, tree.keySet()));
+ .retainAll(permissionBackend.currentUser().filter(ProjectPermission.ACCESS, tree.keySet()));
return tree.values();
}
private List<DashboardInfo> scan(ProjectState state, String project, boolean setDefault)
throws ResourceNotFoundException, IOException, PermissionBackendException {
- PermissionBackend.ForProject perm = permissionBackend.user(user).project(state.getNameKey());
+ PermissionBackend.ForProject perm = permissionBackend.currentUser().project(state.getNameKey());
try (Repository git = gitManager.openRepository(state.getNameKey());
RevWalk rw = new RevWalk(git)) {
List<DashboardInfo> all = new ArrayList<>();
diff --git a/java/com/google/gerrit/server/restapi/project/ListTags.java b/java/com/google/gerrit/server/restapi/project/ListTags.java
index b0148c1..31ec7e1 100644
--- a/java/com/google/gerrit/server/restapi/project/ListTags.java
+++ b/java/com/google/gerrit/server/restapi/project/ListTags.java
@@ -24,7 +24,6 @@
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CommonConverters;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.WebLinks;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.permissions.PermissionBackend;
@@ -35,7 +34,6 @@
import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.project.RefFilter;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import java.io.IOException;
import java.sql.Timestamp;
import java.util.ArrayList;
@@ -58,7 +56,6 @@
public class ListTags implements RestReadView<ProjectResource> {
private final GitRepositoryManager repoManager;
private final PermissionBackend permissionBackend;
- private final Provider<CurrentUser> user;
private final WebLinks links;
@Option(
@@ -108,13 +105,9 @@
@Inject
public ListTags(
- GitRepositoryManager repoManager,
- PermissionBackend permissionBackend,
- Provider<CurrentUser> user,
- WebLinks webLinks) {
+ GitRepositoryManager repoManager, PermissionBackend permissionBackend, WebLinks webLinks) {
this.repoManager = repoManager;
this.permissionBackend = permissionBackend;
- this.user = user;
this.links = webLinks;
}
@@ -133,7 +126,8 @@
List<TagInfo> tags = new ArrayList<>();
- PermissionBackend.ForProject perm = permissionBackend.user(user).project(resource.getNameKey());
+ PermissionBackend.ForProject perm =
+ permissionBackend.currentUser().project(resource.getNameKey());
try (Repository repo = getRepository(resource.getNameKey());
RevWalk rw = new RevWalk(repo)) {
Map<String, Ref> all =
@@ -236,7 +230,7 @@
Project.NameKey project, Repository repo, Map<String, Ref> tags)
throws PermissionBackendException {
return permissionBackend
- .user(user)
+ .currentUser()
.project(project)
.filter(
tags,
diff --git a/java/com/google/gerrit/server/restapi/project/ProjectsCollection.java b/java/com/google/gerrit/server/restapi/project/ProjectsCollection.java
index c14ebab3..c5fb41e 100644
--- a/java/com/google/gerrit/server/restapi/project/ProjectsCollection.java
+++ b/java/com/google/gerrit/server/restapi/project/ProjectsCollection.java
@@ -151,7 +151,7 @@
if (checkAccess) {
try {
- permissionBackend.user(user).project(nameKey).check(ProjectPermission.ACCESS);
+ permissionBackend.currentUser().project(nameKey).check(ProjectPermission.ACCESS);
} catch (AuthException e) {
return null; // Pretend like not found on access denied.
}
@@ -161,7 +161,7 @@
// ACTIVE). Individual views should still check for checkStatePermitsRead() and this should
// just serve as a safety net in case the individual check is forgotten.
try {
- permissionBackend.user(user).project(nameKey).check(ProjectPermission.WRITE_CONFIG);
+ permissionBackend.currentUser().project(nameKey).check(ProjectPermission.WRITE_CONFIG);
} catch (AuthException e) {
state.checkStatePermitsRead();
}
diff --git a/java/com/google/gerrit/server/restapi/project/PutConfig.java b/java/com/google/gerrit/server/restapi/project/PutConfig.java
index 69c4c05..2cf407a 100644
--- a/java/com/google/gerrit/server/restapi/project/PutConfig.java
+++ b/java/com/google/gerrit/server/restapi/project/PutConfig.java
@@ -111,7 +111,10 @@
@Override
public ConfigInfo apply(ProjectResource rsrc, ConfigInput input)
throws RestApiException, PermissionBackendException {
- permissionBackend.user(user).project(rsrc.getNameKey()).check(ProjectPermission.WRITE_CONFIG);
+ permissionBackend
+ .currentUser()
+ .project(rsrc.getNameKey())
+ .check(ProjectPermission.WRITE_CONFIG);
return apply(rsrc.getProjectState(), input);
}
diff --git a/java/com/google/gerrit/server/restapi/project/SetAccess.java b/java/com/google/gerrit/server/restapi/project/SetAccess.java
index 5a34522..80a07b5 100644
--- a/java/com/google/gerrit/server/restapi/project/SetAccess.java
+++ b/java/com/google/gerrit/server/restapi/project/SetAccess.java
@@ -97,12 +97,12 @@
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
if (isGlobalCapabilities) {
if (!checkedAdmin) {
- permissionBackend.user(identifiedUser).check(GlobalPermission.ADMINISTRATE_SERVER);
+ permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
checkedAdmin = true;
}
} else {
permissionBackend
- .user(identifiedUser)
+ .currentUser()
.project(rsrc.getNameKey())
.ref(section.getName())
.check(RefPermission.WRITE_CONFIG);
diff --git a/plugins/replication b/plugins/replication
index d8f5bce..9a24a23 160000
--- a/plugins/replication
+++ b/plugins/replication
@@ -1 +1 @@
-Subproject commit d8f5bcec21492cc21e2499c332298a94ff8defc6
+Subproject commit 9a24a2368ace2022ac2e923051f73b205ba058a6
