gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java - gerrit - Git at Google

 // Copyright (C) 2009 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package com.google.gerrit.server.project;

 import com.google.gerrit.common.data.ApprovalType;
 import com.google.gerrit.common.data.ApprovalTypes;
 import com.google.gerrit.reviewdb.ApprovalCategory;
 import com.google.gerrit.reviewdb.Change;
 import com.google.gerrit.reviewdb.PatchSet;
 import com.google.gerrit.reviewdb.PatchSetApproval;
 import com.google.gerrit.reviewdb.Project;
 import com.google.gerrit.reviewdb.ReviewDb;
 import com.google.gerrit.server.ChangeUtil;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.workflow.CategoryFunction;
 import com.google.gerrit.server.workflow.FunctionState;
 import com.google.gwtorm.client.OrmException;
 import com.google.inject.Inject;
 import com.google.inject.Provider;

 import java.util.ArrayList;
 import java.util.List;


 /** Access control management for a user accessing a single change. */
 public class ChangeControl {
   public static class GenericFactory {
     private final ProjectControl.GenericFactory projectControl;

     @Inject
     GenericFactory(ProjectControl.GenericFactory p) {
       projectControl = p;
     }

     public ChangeControl controlFor(Change change, CurrentUser user)
         throws NoSuchChangeException {
       final Project.NameKey projectKey = change.getProject();
       try {
         return projectControl.controlFor(projectKey, user).controlFor(change);
       } catch (NoSuchProjectException e) {
         throw new NoSuchChangeException(change.getId(), e);
       }
     }
   }

   public static class Factory {
     private final ProjectControl.Factory projectControl;
     private final Provider<ReviewDb> db;

     @Inject
     Factory(final ProjectControl.Factory p, final Provider<ReviewDb> d) {
       projectControl = p;
       db = d;
     }

     public ChangeControl controlFor(final Change.Id id)
         throws NoSuchChangeException {
       final Change change;
       try {
         change = db.get().changes().get(id);
         if (change == null) {
           throw new NoSuchChangeException(id);
         }
       } catch (OrmException e) {
         throw new NoSuchChangeException(id, e);
       }
       return controlFor(change);
     }

     public ChangeControl controlFor(final Change change)
         throws NoSuchChangeException {
       try {
         final Project.NameKey projectKey = change.getProject();
         return projectControl.validateFor(projectKey).controlFor(change);
       } catch (NoSuchProjectException e) {
         throw new NoSuchChangeException(change.getId(), e);
       }
     }

     public ChangeControl validateFor(final Change.Id id)
         throws NoSuchChangeException {
       return validate(controlFor(id));
     }

     public ChangeControl validateFor(final Change change)
         throws NoSuchChangeException {
       return validate(controlFor(change));
     }

     private static ChangeControl validate(final ChangeControl c)
         throws NoSuchChangeException {
       if (!c.isVisible()) {
         throw new NoSuchChangeException(c.getChange().getId());
       }
       return c;
     }
   }

   private final RefControl refControl;
   private final Change change;

   ChangeControl(final RefControl r, final Change c) {
     this.refControl = r;
     this.change = c;
   }

   public ChangeControl forAnonymousUser() {
     return new ChangeControl(getRefControl().forAnonymousUser(), getChange());
   }

   public ChangeControl forUser(final CurrentUser who) {
     return new ChangeControl(getRefControl().forUser(who), getChange());
   }

   public RefControl getRefControl() {
     return refControl;
   }

   public CurrentUser getCurrentUser() {
     return getRefControl().getCurrentUser();
   }

   public ProjectControl getProjectControl() {
     return getRefControl().getProjectControl();
   }

   public Project getProject() {
     return getProjectControl().getProject();
   }

   public Change getChange() {
     return change;
   }

   /** Can this user see this change? */
   public boolean isVisible() {
     return getRefControl().isVisible();
   }

   /** Can this user abandon this change? */
   public boolean canAbandon() {
     return isOwner() // owner (aka creator) of the change can abandon
         || getRefControl().isOwner() // branch owner can abandon
         || getProjectControl().isOwner() // project owner can abandon
         || getCurrentUser().isAdministrator() // site administers are god
     ;
   }

   /** Can this user restore this change? */
   public boolean canRestore() {
     return canAbandon(); // Anyone who can abandon the change can restore it back
   }

   public short normalize(ApprovalCategory.Id category, short score) {
     return getRefControl().normalize(category, score);
   }

   /** Can this user add a patch set to this change? */
   public boolean canAddPatchSet() {
     return getRefControl().canUpload();
   }

   /** Is this user the owner of the change? */
   public boolean isOwner() {
     if (getCurrentUser() instanceof IdentifiedUser) {
       final IdentifiedUser i = (IdentifiedUser) getCurrentUser();
       return i.getAccountId().equals(change.getOwner());
     }
     return false;
   }

   /** @return true if the user is allowed to remove this reviewer. */
   public boolean canRemoveReviewer(PatchSetApproval approval) {
     if (getChange().getStatus().isOpen()) {
       // A user can always remove themselves.
       //
       if (getCurrentUser() instanceof IdentifiedUser) {
         final IdentifiedUser i = (IdentifiedUser) getCurrentUser();
         if (i.getAccountId().equals(approval.getAccountId())) {
           return true; // can remove self
         }
       }

       // The change owner may remove any zero or positive score.
       //
       if (isOwner() && 0 <= approval.getValue()) {
         return true;
       }

       // The branch owner, project owner, site admin can remove anyone.
       //
       if (getRefControl().isOwner() // branch owner
           || getProjectControl().isOwner() // project owner
           || getCurrentUser().isAdministrator()) {
         return true;
       }
     }

     return false;
   }

   /** @return {@link CanSubmitResult#OK}, or a result with an error message. */
   public CanSubmitResult canSubmit(final PatchSet.Id patchSetId) {
     if (change.getStatus().isClosed()) {
       return new CanSubmitResult("Change " + change.getId() + " is closed");
     }
     if (!patchSetId.equals(change.currentPatchSetId())) {
       return new CanSubmitResult("Patch set " + patchSetId + " is not current");
     }
     if (!getRefControl().canSubmit()) {
       return new CanSubmitResult("User does not have permission to submit");
     }
     if (!(getCurrentUser() instanceof IdentifiedUser)) {
       return new CanSubmitResult("User is not signed-in");
     }
     return CanSubmitResult.OK;
   }

   /** @return {@link CanSubmitResult#OK}, or a result with an error message. */
   public CanSubmitResult canSubmit(final PatchSet.Id patchSetId, final ReviewDb db,
         final ApprovalTypes approvalTypes,
         FunctionState.Factory functionStateFactory)
          throws OrmException {

     CanSubmitResult result = canSubmit(patchSetId);
     if (result != CanSubmitResult.OK) {
       return result;
     }

     final List<PatchSetApproval> allApprovals =
         new ArrayList<PatchSetApproval>(db.patchSetApprovals().byPatchSet(
             patchSetId).toList());
     final PatchSetApproval myAction =
         ChangeUtil.createSubmitApproval(patchSetId,
             (IdentifiedUser) getCurrentUser(), db);

     final ApprovalType actionType =
         approvalTypes.getApprovalType(myAction.getCategoryId());
     if (actionType == null || !actionType.getCategory().isAction()) {
       return new CanSubmitResult("Invalid action " + myAction.getCategoryId());
     }

     final FunctionState fs =
         functionStateFactory.create(change, patchSetId, allApprovals);
     for (ApprovalType c : approvalTypes.getApprovalTypes()) {
       CategoryFunction.forCategory(c.getCategory()).run(c, fs);
     }
     if (!CategoryFunction.forCategory(actionType.getCategory()).isValid(
         getCurrentUser(), actionType, fs)) {
       return new CanSubmitResult(actionType.getCategory().getName()
           + " not permitted");
     }
     fs.normalize(actionType, myAction);
     if (myAction.getValue() <= 0) {
       return new CanSubmitResult(actionType.getCategory().getName()
           + " not permitted");
     }
     return CanSubmitResult.OK;
   }
 }
	// Copyright (C) 2009 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package com.google.gerrit.server.project;

	import com.google.gerrit.common.data.ApprovalType;
	import com.google.gerrit.common.data.ApprovalTypes;
	import com.google.gerrit.reviewdb.ApprovalCategory;
	import com.google.gerrit.reviewdb.Change;
	import com.google.gerrit.reviewdb.PatchSet;
	import com.google.gerrit.reviewdb.PatchSetApproval;
	import com.google.gerrit.reviewdb.Project;
	import com.google.gerrit.reviewdb.ReviewDb;
	import com.google.gerrit.server.ChangeUtil;
	import com.google.gerrit.server.CurrentUser;
	import com.google.gerrit.server.IdentifiedUser;
	import com.google.gerrit.server.workflow.CategoryFunction;
	import com.google.gerrit.server.workflow.FunctionState;
	import com.google.gwtorm.client.OrmException;
	import com.google.inject.Inject;
	import com.google.inject.Provider;

	import java.util.ArrayList;
	import java.util.List;


	/** Access control management for a user accessing a single change. */
	public class ChangeControl {
	public static class GenericFactory {
	private final ProjectControl.GenericFactory projectControl;

	@Inject
	GenericFactory(ProjectControl.GenericFactory p) {
	projectControl = p;
	}

	public ChangeControl controlFor(Change change, CurrentUser user)
	throws NoSuchChangeException {
	final Project.NameKey projectKey = change.getProject();
	try {
	return projectControl.controlFor(projectKey, user).controlFor(change);
	} catch (NoSuchProjectException e) {
	throw new NoSuchChangeException(change.getId(), e);
	}
	}
	}

	public static class Factory {
	private final ProjectControl.Factory projectControl;
	private final Provider<ReviewDb> db;

	@Inject
	Factory(final ProjectControl.Factory p, final Provider<ReviewDb> d) {
	projectControl = p;
	db = d;
	}

	public ChangeControl controlFor(final Change.Id id)
	throws NoSuchChangeException {
	final Change change;
	try {
	change = db.get().changes().get(id);
	if (change == null) {
	throw new NoSuchChangeException(id);
	}
	} catch (OrmException e) {
	throw new NoSuchChangeException(id, e);
	}
	return controlFor(change);
	}

	public ChangeControl controlFor(final Change change)
	throws NoSuchChangeException {
	try {
	final Project.NameKey projectKey = change.getProject();
	return projectControl.validateFor(projectKey).controlFor(change);
	} catch (NoSuchProjectException e) {
	throw new NoSuchChangeException(change.getId(), e);
	}
	}

	public ChangeControl validateFor(final Change.Id id)
	throws NoSuchChangeException {
	return validate(controlFor(id));
	}

	public ChangeControl validateFor(final Change change)
	throws NoSuchChangeException {
	return validate(controlFor(change));
	}

	private static ChangeControl validate(final ChangeControl c)
	throws NoSuchChangeException {
	if (!c.isVisible()) {
	throw new NoSuchChangeException(c.getChange().getId());
	}
	return c;
	}
	}

	private final RefControl refControl;
	private final Change change;

	ChangeControl(final RefControl r, final Change c) {
	this.refControl = r;
	this.change = c;
	}

	public ChangeControl forAnonymousUser() {
	return new ChangeControl(getRefControl().forAnonymousUser(), getChange());
	}

	public ChangeControl forUser(final CurrentUser who) {
	return new ChangeControl(getRefControl().forUser(who), getChange());
	}

	public RefControl getRefControl() {
	return refControl;
	}

	public CurrentUser getCurrentUser() {
	return getRefControl().getCurrentUser();
	}

	public ProjectControl getProjectControl() {
	return getRefControl().getProjectControl();
	}

	public Project getProject() {
	return getProjectControl().getProject();
	}

	public Change getChange() {
	return change;
	}

	/** Can this user see this change? */
	public boolean isVisible() {
	return getRefControl().isVisible();
	}

	/** Can this user abandon this change? */
	public boolean canAbandon() {
	return isOwner() // owner (aka creator) of the change can abandon
	\|\| getRefControl().isOwner() // branch owner can abandon
	\|\| getProjectControl().isOwner() // project owner can abandon
	\|\| getCurrentUser().isAdministrator() // site administers are god
	;
	}

	/** Can this user restore this change? */
	public boolean canRestore() {
	return canAbandon(); // Anyone who can abandon the change can restore it back
	}

	public short normalize(ApprovalCategory.Id category, short score) {
	return getRefControl().normalize(category, score);
	}

	/** Can this user add a patch set to this change? */
	public boolean canAddPatchSet() {
	return getRefControl().canUpload();
	}

	/** Is this user the owner of the change? */
	public boolean isOwner() {
	if (getCurrentUser() instanceof IdentifiedUser) {
	final IdentifiedUser i = (IdentifiedUser) getCurrentUser();
	return i.getAccountId().equals(change.getOwner());
	}
	return false;
	}

	/** @return true if the user is allowed to remove this reviewer. */
	public boolean canRemoveReviewer(PatchSetApproval approval) {
	if (getChange().getStatus().isOpen()) {
	// A user can always remove themselves.
	//
	if (getCurrentUser() instanceof IdentifiedUser) {
	final IdentifiedUser i = (IdentifiedUser) getCurrentUser();
	if (i.getAccountId().equals(approval.getAccountId())) {
	return true; // can remove self
	}
	}

	// The change owner may remove any zero or positive score.
	//
	if (isOwner() && 0 <= approval.getValue()) {
	return true;
	}

	// The branch owner, project owner, site admin can remove anyone.
	//
	if (getRefControl().isOwner() // branch owner
	\|\| getProjectControl().isOwner() // project owner
	\|\| getCurrentUser().isAdministrator()) {
	return true;
	}
	}

	return false;
	}

	/** @return {@link CanSubmitResult#OK}, or a result with an error message. */
	public CanSubmitResult canSubmit(final PatchSet.Id patchSetId) {
	if (change.getStatus().isClosed()) {
	return new CanSubmitResult("Change " + change.getId() + " is closed");
	}
	if (!patchSetId.equals(change.currentPatchSetId())) {
	return new CanSubmitResult("Patch set " + patchSetId + " is not current");
	}
	if (!getRefControl().canSubmit()) {
	return new CanSubmitResult("User does not have permission to submit");
	}
	if (!(getCurrentUser() instanceof IdentifiedUser)) {
	return new CanSubmitResult("User is not signed-in");
	}
	return CanSubmitResult.OK;
	}

	/** @return {@link CanSubmitResult#OK}, or a result with an error message. */
	public CanSubmitResult canSubmit(final PatchSet.Id patchSetId, final ReviewDb db,
	final ApprovalTypes approvalTypes,
	FunctionState.Factory functionStateFactory)
	throws OrmException {

	CanSubmitResult result = canSubmit(patchSetId);
	if (result != CanSubmitResult.OK) {
	return result;
	}

	final List<PatchSetApproval> allApprovals =
	new ArrayList<PatchSetApproval>(db.patchSetApprovals().byPatchSet(
	patchSetId).toList());
	final PatchSetApproval myAction =
	ChangeUtil.createSubmitApproval(patchSetId,
	(IdentifiedUser) getCurrentUser(), db);

	final ApprovalType actionType =
	approvalTypes.getApprovalType(myAction.getCategoryId());
	if (actionType == null \|\| !actionType.getCategory().isAction()) {
	return new CanSubmitResult("Invalid action " + myAction.getCategoryId());
	}

	final FunctionState fs =
	functionStateFactory.create(change, patchSetId, allApprovals);
	for (ApprovalType c : approvalTypes.getApprovalTypes()) {
	CategoryFunction.forCategory(c.getCategory()).run(c, fs);
	}
	if (!CategoryFunction.forCategory(actionType.getCategory()).isValid(
	getCurrentUser(), actionType, fs)) {
	return new CanSubmitResult(actionType.getCategory().getName()
	+ " not permitted");
	}
	fs.normalize(actionType, myAction);
	if (myAction.getValue() <= 0) {
	return new CanSubmitResult(actionType.getCategory().getName()
	+ " not permitted");
	}
	return CanSubmitResult.OK;
	}
	}