Google Git
Sign in
gerrit/gerrit/6f7b253901333f9b13a912f4cb5a2a8a39a00545^!/.
commit
6f7b253901333f9b13a912f4cb5a2a8a39a00545
[log]
author
Changcheng Xiao <xchangcheng@google.com>
Mon Mar 26 21:05:01 2018 +0200
committer
Changcheng Xiao <xchangcheng@google.com>
Mon Mar 26 21:09:03 2018 +0200
tree
70146415382d20c6225dce3f004d10f8fa3b1603
parent
8ccfd72452b566fb1f4e6375544840d87c4e64b7 [diff]
CheckAccess: don't catch PermissionBackendException

By design, PermissionBackendException stands for some error
in the permission backend. It doesn't mean the user doesn't
hold the checked/tested permission. Thus this endpoint should
not catch PBE and treat it the same with AuthException.

Change-Id: Ibbb99fb3648a1bfdbdea922cdb94a77f6824c141

diff --git a/java/com/google/gerrit/server/restapi/project/CheckAccess.java b/java/com/google/gerrit/server/restapi/project/CheckAccess.java
index f98a96a..2c0653a 100644
--- a/java/com/google/gerrit/server/restapi/project/CheckAccess.java
+++ b/java/com/google/gerrit/server/restapi/project/CheckAccess.java

@@ -88,7 +88,7 @@
     IdentifiedUser user = userFactory.create(match.getId());
     try {
       permissionBackend.user(user).project(rsrc.getNameKey()).check(ProjectPermission.ACCESS);
-    } catch (AuthException | PermissionBackendException e) {
+    } catch (AuthException e) {
       info.message =
           String.format(
               "user %s (%s) cannot see project %s",
@@ -119,7 +119,7 @@
             .user(user)
             .ref(new Branch.NameKey(rsrc.getNameKey(), input.ref))
             .check(refPerm);
-      } catch (AuthException | PermissionBackendException e) {
+      } catch (AuthException e) {
         info.status = HttpServletResponse.SC_FORBIDDEN;
         info.message =
             String.format(