blob: 70129449bfc80f76caa5fcd501e05e5b0aaa9fd3 [file] [log] [blame]
// Copyright (C) 2009 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.entities.Account;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.inject.servlet.RequestScoped;
import java.util.Optional;
import java.util.function.Consumer;
/**
* Information about the currently logged in user.
*
* <p>This is a {@link RequestScoped} property managed by Guice.
*
* @see AnonymousUser
* @see IdentifiedUser
*/
public abstract class CurrentUser {
public static final PropertyMap.Key<ExternalId.Key> LAST_LOGIN_EXTERNAL_ID_PROPERTY_KEY =
PropertyMap.key();
private final PropertyMap properties;
private AccessPath accessPath = AccessPath.UNKNOWN;
protected CurrentUser() {
this.properties = PropertyMap.EMPTY;
}
protected CurrentUser(PropertyMap properties) {
this.properties = properties;
}
/** How this user is accessing the Gerrit Code Review application. */
public final AccessPath getAccessPath() {
return accessPath;
}
public void setAccessPath(AccessPath path) {
accessPath = path;
}
/**
* Identity of the authenticated user.
*
* <p>In the normal case where a user authenticates as themselves {@code getRealUser() == this}.
*
* <p>If {@code X-Gerrit-RunAs} or {@code suexec} was used this method returns the identity of the
* account that has permission to act on behalf of this user.
*/
public CurrentUser getRealUser() {
return this;
}
public boolean isImpersonating() {
return false;
}
/**
* If the {@link #getRealUser()} has an account ID associated with it, call the given setter with
* that ID.
*/
public void updateRealAccountId(Consumer<Account.Id> setter) {
if (getRealUser().isIdentifiedUser()) {
setter.accept(getRealUser().getAccountId());
}
}
/**
* Get the set of groups the user is currently a member of.
*
* <p>The returned set may be a subset of the user's actual groups; if the user's account is
* currently deemed to be untrusted then the effective group set is only the anonymous and
* registered user groups. To enable additional groups (and gain their granted permissions) the
* user must update their account to use only trusted authentication providers.
*
* @return active groups for this user.
*/
public abstract GroupMembership getEffectiveGroups();
/**
* Returns a unique identifier for this user that is intended to be used as a cache key. Returned
* object should to implement {@code equals()} and {@code hashCode()} for effective caching.
*/
public abstract Object getCacheKey();
/** Unique name of the user on this server, if one has been assigned. */
public Optional<String> getUserName() {
return Optional.empty();
}
/** @return unique name of the user for logging, never {@code null} */
public String getLoggableName() {
return getUserName().orElseGet(() -> getClass().getSimpleName());
}
/** Check if user is the IdentifiedUser */
public boolean isIdentifiedUser() {
return false;
}
/** Cast to IdentifiedUser if possible. */
public IdentifiedUser asIdentifiedUser() {
throw new UnsupportedOperationException(
getClass().getSimpleName() + " is not an IdentifiedUser");
}
/**
* Return account ID if {@link #isIdentifiedUser} is true.
*
* @throws UnsupportedOperationException if the user is not logged in.
*/
public Account.Id getAccountId() {
throw new UnsupportedOperationException(
getClass().getSimpleName() + " is not an IdentifiedUser");
}
/**
* Returns all email addresses associated with this user. For {@link AnonymousUser} and other
* users that don't represent a person user or service account, this set will be empty.
*/
public ImmutableSet<String> getEmailAddresses() {
return ImmutableSet.of();
}
/**
* Returns all {@link com.google.gerrit.server.account.externalids.ExternalId.Key}s associated
* with this user. For {@link AnonymousUser} and other users that don't represent a person user or
* service account, this set will be empty.
*/
public ImmutableSet<ExternalId.Key> getExternalIdKeys() {
return ImmutableSet.of();
}
/** Check if the CurrentUser is an InternalUser. */
public boolean isInternalUser() {
return false;
}
/**
* Lookup a stored property.
*
* @param key unique property key. This key has to be the same instance that was used to store the
* value when constructing the {@link PropertyMap}
* @return stored value, or {@code Optional#empty()}.
*/
public <T> Optional<T> get(PropertyMap.Key<T> key) {
return properties.get(key);
}
public Optional<ExternalId.Key> getLastLoginExternalIdKey() {
return get(LAST_LOGIN_EXTERNAL_ID_PROPERTY_KEY);
}
/**
* Checks if the current user has the same account id of another.
*
* <p>Provide a generic interface for allowing subclasses to define whether two accounts represent
* the same account id.
*
* @param other user to compare
* @return true if the two users have the same account id
*/
public boolean hasSameAccountId(CurrentUser other) {
return false;
}
}