Merge branch 'stable-2.14' into stable-2.15
* stable-2.14:
Fix more comparisons of current user
Fix permissions checks on Gerrit API on current user
GroupCacheImpl: Fix log message when UUID is not found
Change-Id: Ida3dd1bd5fc2da5001059a0d5d8b36c83861f00a
diff --git a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java
index 303499e..ecff7e6 100644
--- a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java
+++ b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java
@@ -208,7 +208,7 @@
if (!BouncyCastleUtil.havePGP()) {
throw new ResourceNotFoundException("GPG not enabled");
}
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new ResourceNotFoundException();
}
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/CurrentUser.java b/gerrit-server/src/main/java/com/google/gerrit/server/CurrentUser.java
index 25b5c4d..0959e04 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/CurrentUser.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/CurrentUser.java
@@ -146,4 +146,17 @@
public ExternalId.Key getLastLoginExternalIdKey() {
return get(lastLoginExternalIdPropertyKey);
}
+
+ /**
+ * Checks if the current user has the same account id of another.
+ *
+ * <p>Provide a generic interface for allowing subclasses to define whether two accounts represent
+ * the same account id.
+ *
+ * @param other user to compare
+ * @return true if the two users have the same account id
+ */
+ public boolean hasSameAccountId(CurrentUser other) {
+ return false;
+ }
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java b/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
index 9e2a9ea..37f43a0 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
@@ -489,6 +489,11 @@
realUser);
}
+ @Override
+ public boolean hasSameAccountId(CurrentUser other) {
+ return getAccountId().get() == other.getAccountId().get();
+ }
+
private String guessHost() {
String host = null;
SocketAddress remotePeer = null;
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/AddSshKey.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/AddSshKey.java
index 1c5495f..ad9cd68 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/AddSshKey.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/AddSshKey.java
@@ -76,7 +76,7 @@
public Response<SshKeyInfo> apply(AccountResource rsrc, Input input)
throws AuthException, BadRequestException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
return apply(rsrc.getUser(), input);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java
index 08eecd7..8c97e17 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java
@@ -60,7 +60,7 @@
public Capability parse(AccountResource parent, IdString id)
throws ResourceNotFoundException, AuthException, PermissionBackendException {
IdentifiedUser target = parent.getUser();
- if (self.get() != target) {
+ if (!self.get().hasSameAccountId(target)) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
index dd02b0b..9189134 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
@@ -92,7 +92,7 @@
input = new EmailInput();
}
- if (self.get() != rsrc.getUser() || input.noConfirmation) {
+ if (!self.get().hasSameAccountId(rsrc.getUser()) || input.noConfirmation) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteActive.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteActive.java
index 43669c0..6f474b4 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteActive.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteActive.java
@@ -46,7 +46,7 @@
@Override
public Response<?> apply(AccountResource rsrc, Input input)
throws RestApiException, OrmException, IOException, ConfigInvalidException {
- if (self.get() == rsrc.getUser()) {
+ if (self.get().hasSameAccountId(rsrc.getUser())) {
throw new ResourceConflictException("cannot deactivate own account");
}
return setInactiveFlag.deactivate(rsrc.getUser().getAccountId());
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
index aec3a14..dd58d59 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
@@ -68,7 +68,7 @@
throws AuthException, ResourceNotFoundException, ResourceConflictException,
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), rsrc.getEmail());
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteExternalIds.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteExternalIds.java
index 72c1a41..1dc2615 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteExternalIds.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteExternalIds.java
@@ -63,7 +63,7 @@
public Response<?> apply(AccountResource resource, List<String> extIds)
throws RestApiException, IOException, OrmException, ConfigInvalidException,
PermissionBackendException {
- if (self.get() != resource.getUser()) {
+ if (!self.get().hasSameAccountId(resource.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteSshKey.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteSshKey.java
index f1ecd29..74616bf 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteSshKey.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteSshKey.java
@@ -56,7 +56,7 @@
public Response<?> apply(AccountResource.SshKey rsrc, Input input)
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
ConfigInvalidException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteWatchedProjects.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteWatchedProjects.java
index ffb405c..d57934f 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteWatchedProjects.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteWatchedProjects.java
@@ -61,7 +61,7 @@
public Response<?> apply(AccountResource rsrc, List<ProjectWatchInfo> input)
throws AuthException, UnprocessableEntityException, OrmException, IOException,
ConfigInvalidException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
if (input == null) {
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/EmailsCollection.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/EmailsCollection.java
index c8c1db8..b1a50c0 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/EmailsCollection.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/EmailsCollection.java
@@ -63,7 +63,7 @@
@Override
public AccountResource.Email parse(AccountResource rsrc, IdString id)
throws ResourceNotFoundException, PermissionBackendException, AuthException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
index 616ea79..4058a16 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
@@ -73,11 +73,11 @@
}
@Override
- public Object apply(AccountResource rsrc) throws AuthException, PermissionBackendException {
+ public Object apply(AccountResource resource) throws AuthException, PermissionBackendException {
PermissionBackend.WithUser perm = permissionBackend.user(self);
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(resource.getUser())) {
perm.check(GlobalPermission.ADMINISTRATE_SERVER);
- perm = permissionBackend.user(rsrc.getUser());
+ perm = permissionBackend.user(resource.getUser());
}
Map<String, Object> have = new LinkedHashMap<>();
@@ -85,7 +85,7 @@
have.put(p.permissionName(), true);
}
- AccountLimits limits = limitsFactory.create(rsrc.getUser());
+ AccountLimits limits = limitsFactory.create(resource.getUser());
addRanges(have, limits);
addPriority(have, limits);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetDiffPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetDiffPreferences.java
index 8215c6b..5a68732 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetDiffPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetDiffPreferences.java
@@ -63,7 +63,7 @@
@Override
public DiffPreferencesInfo apply(AccountResource rsrc)
throws AuthException, ConfigInvalidException, IOException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetEditPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetEditPreferences.java
index bb207f0..e321ca4 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetEditPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetEditPreferences.java
@@ -57,7 +57,7 @@
@Override
public EditPreferencesInfo apply(AccountResource rsrc)
throws AuthException, IOException, ConfigInvalidException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java
index 709bfc3..3e2d459 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java
@@ -59,7 +59,7 @@
@Override
public List<AccountExternalIdInfo> apply(AccountResource resource)
throws RestApiException, IOException, OrmException, PermissionBackendException {
- if (self.get() != resource.getUser()) {
+ if (!self.get().hasSameAccountId(resource.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ACCESS_DATABASE);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetOAuthToken.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetOAuthToken.java
index 587f268..d3394f5 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetOAuthToken.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetOAuthToken.java
@@ -53,7 +53,7 @@
@Override
public OAuthTokenInfo apply(AccountResource rsrc)
throws AuthException, ResourceNotFoundException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to get access token");
}
Account a = rsrc.getUser().getAccount();
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetPreferences.java
index 3ebf864..e79cdbd 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetPreferences.java
@@ -43,7 +43,7 @@
@Override
public GeneralPreferencesInfo apply(AccountResource rsrc)
throws AuthException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
index 9f5b9d5..66a8bf3 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
@@ -55,7 +55,7 @@
public List<SshKeyInfo> apply(AccountResource rsrc)
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
ConfigInvalidException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser());
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetWatchedProjects.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetWatchedProjects.java
index c2c0547..cb12a36 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetWatchedProjects.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetWatchedProjects.java
@@ -59,7 +59,7 @@
public List<ProjectWatchInfo> apply(AccountResource rsrc)
throws OrmException, AuthException, IOException, ConfigInvalidException,
PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/Index.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/Index.java
index 49083d2..6feb287 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/Index.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/Index.java
@@ -46,7 +46,7 @@
@Override
public Response<?> apply(AccountResource rsrc, Input input)
throws IOException, AuthException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PostWatchedProjects.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PostWatchedProjects.java
index 38887f6..d7f3ba9 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PostWatchedProjects.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PostWatchedProjects.java
@@ -69,7 +69,7 @@
public List<ProjectWatchInfo> apply(AccountResource rsrc, List<ProjectWatchInfo> input)
throws OrmException, RestApiException, IOException, ConfigInvalidException,
PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutAgreement.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutAgreement.java
index f5b2e6e..b27ebf4 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutAgreement.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutAgreement.java
@@ -70,7 +70,7 @@
throw new MethodNotAllowedException("contributor agreements disabled");
}
- if (self.get() != resource.getUser()) {
+ if (!self.get().hasSameAccountId(resource.getUser())) {
throw new AuthException("not allowed to enter contributor agreement");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
index e00f6b3..deb859a 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
@@ -78,7 +78,7 @@
public Response<String> apply(AccountResource rsrc, Input input)
throws AuthException, ResourceNotFoundException, ResourceConflictException, OrmException,
IOException, ConfigInvalidException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
index 7537230..cf66d68 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
@@ -63,7 +63,7 @@
public Response<String> apply(AccountResource rsrc, Input input)
throws AuthException, MethodNotAllowedException, ResourceNotFoundException, OrmException,
IOException, PermissionBackendException, ConfigInvalidException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), input);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
index b3f8fc5..f4ba6d8 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
@@ -55,7 +55,7 @@
public Response<String> apply(AccountResource.Email rsrc, Input input)
throws AuthException, ResourceNotFoundException, OrmException, IOException,
PermissionBackendException, ConfigInvalidException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), rsrc.getEmail());
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutStatus.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutStatus.java
index 1df67c3..3f7c4f1 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutStatus.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutStatus.java
@@ -64,7 +64,7 @@
public Response<String> apply(AccountResource rsrc, Input input)
throws AuthException, ResourceNotFoundException, OrmException, IOException,
PermissionBackendException, ConfigInvalidException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), input);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutUsername.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutUsername.java
index a73bdd9..785aa66 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutUsername.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutUsername.java
@@ -62,7 +62,7 @@
throws AuthException, MethodNotAllowedException, UnprocessableEntityException,
ResourceConflictException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetDiffPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetDiffPreferences.java
index 88e9e20..67f276d 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetDiffPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetDiffPreferences.java
@@ -65,7 +65,7 @@
public DiffPreferencesInfo apply(AccountResource rsrc, DiffPreferencesInfo in)
throws AuthException, BadRequestException, ConfigInvalidException,
RepositoryNotFoundException, IOException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetEditPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetEditPreferences.java
index 53285db..0142d15 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetEditPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetEditPreferences.java
@@ -65,7 +65,7 @@
public EditPreferencesInfo apply(AccountResource rsrc, EditPreferencesInfo in)
throws AuthException, BadRequestException, RepositoryNotFoundException, IOException,
ConfigInvalidException, PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetPreferences.java
index d25a5a7..9657928 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetPreferences.java
@@ -83,7 +83,7 @@
public GeneralPreferencesInfo apply(AccountResource rsrc, GeneralPreferencesInfo i)
throws AuthException, BadRequestException, IOException, ConfigInvalidException,
PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/SshKeys.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/SshKeys.java
index 70c02a1..2c8f273 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/SshKeys.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/SshKeys.java
@@ -64,7 +64,7 @@
public AccountResource.SshKey parse(AccountResource rsrc, IdString id)
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException,
PermissionBackendException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
try {
permissionBackend.user(self).check(GlobalPermission.MODIFY_ACCOUNT);
} catch (AuthException e) {
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/StarredChanges.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/StarredChanges.java
index ad73a69..3976d47 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/StarredChanges.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/StarredChanges.java
@@ -134,7 +134,7 @@
@Override
public Response<?> apply(AccountResource rsrc, EmptyInput in)
throws RestApiException, OrmException, IOException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to add starred change");
}
try {
@@ -167,7 +167,7 @@
@Override
public Response<?> apply(AccountResource.StarredChange rsrc, EmptyInput in)
throws AuthException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed update starred changes");
}
return Response.none();
@@ -188,7 +188,7 @@
@Override
public Response<?> apply(AccountResource.StarredChange rsrc, EmptyInput in)
throws AuthException, OrmException, IOException, IllegalLabelException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed remove starred change");
}
starredChangesUtil.star(
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/Stars.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/Stars.java
index 860f396..2aedfe1 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/Stars.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/Stars.java
@@ -98,7 +98,7 @@
@SuppressWarnings("unchecked")
public List<ChangeInfo> apply(AccountResource rsrc)
throws BadRequestException, AuthException, OrmException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to list stars of another account");
}
QueryChanges query = changes.list();
@@ -120,7 +120,7 @@
@Override
public SortedSet<String> apply(AccountResource.Star rsrc) throws AuthException, OrmException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to get stars of another account");
}
return starredChangesUtil.getLabels(self.get().getAccountId(), rsrc.getChange().getId());
@@ -141,7 +141,7 @@
@Override
public Collection<String> apply(AccountResource.Star rsrc, StarsInput in)
throws AuthException, BadRequestException, OrmException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to update stars of another account");
}
try {
