Merge "GroupCacheImpl: Fix log message when UUID is not found" into stable-2.14
diff --git a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java
index 819ad96..9f2acd2 100644
--- a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java
+++ b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java
@@ -219,7 +219,7 @@
if (!BouncyCastleUtil.havePGP()) {
throw new ResourceNotFoundException("GPG not enabled");
}
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new ResourceNotFoundException();
}
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/CurrentUser.java b/gerrit-server/src/main/java/com/google/gerrit/server/CurrentUser.java
index 029b54d..c6f10d2 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/CurrentUser.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/CurrentUser.java
@@ -158,4 +158,17 @@
public ExternalId.Key getLastLoginExternalIdKey() {
return get(lastLoginExternalIdPropertyKey);
}
+
+ /**
+ * Checks if the current user has the same account id of another.
+ *
+ * <p>Provide a generic interface for allowing subclasses to define whether two accounts represent
+ * the same account id.
+ *
+ * @param other user to compare
+ * @return true if the two users have the same account id
+ */
+ public boolean hasSameAccountId(CurrentUser other) {
+ return false;
+ }
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java b/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
index 2c4c61c..41b7c67 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
@@ -498,6 +498,11 @@
realUser);
}
+ @Override
+ public boolean hasSameAccountId(CurrentUser other) {
+ return getAccountId().get() == other.getAccountId().get();
+ }
+
private String guessHost() {
String host = null;
SocketAddress remotePeer = null;
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/AddSshKey.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/AddSshKey.java
index 8c10c73..44b632a 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/AddSshKey.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/AddSshKey.java
@@ -69,7 +69,8 @@
@Override
public Response<SshKeyInfo> apply(AccountResource rsrc, Input input)
throws AuthException, BadRequestException, OrmException, IOException, ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to add SSH keys");
}
return apply(rsrc.getUser(), input);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java
index d35656c..e53b7d0 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java
@@ -51,7 +51,8 @@
@Override
public Capability parse(AccountResource parent, IdString id)
throws ResourceNotFoundException, AuthException {
- if (self.get() != parent.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(parent.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("restricted to administrator");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
index 15dedf1..00cf4e3 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java
@@ -79,7 +79,8 @@
throws AuthException, BadRequestException, ResourceConflictException,
ResourceNotFoundException, OrmException, EmailException, MethodNotAllowedException,
IOException, ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("not allowed to add email address");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
index bcbf794..79edaa7 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
@@ -60,7 +60,8 @@
public Response<?> apply(AccountResource.Email rsrc, Input input)
throws AuthException, ResourceNotFoundException, ResourceConflictException,
MethodNotAllowedException, OrmException, IOException, ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("not allowed to delete email address");
}
return apply(rsrc.getUser(), rsrc.getEmail());
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteExternalIds.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteExternalIds.java
index 42726dc..7ab8aaf 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteExternalIds.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteExternalIds.java
@@ -60,7 +60,7 @@
@Override
public Response<?> apply(AccountResource resource, List<String> externalIds)
throws RestApiException, IOException, OrmException, ConfigInvalidException {
- if (self.get() != resource.getUser()) {
+ if (!self.get().hasSameAccountId(resource.getUser())) {
throw new AuthException("not allowed to delete external IDs");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteSshKey.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteSshKey.java
index 3d5d38e..abb0118 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteSshKey.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteSshKey.java
@@ -50,7 +50,8 @@
public Response<?> apply(AccountResource.SshKey rsrc, Input input)
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to delete SSH keys");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteWatchedProjects.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteWatchedProjects.java
index 97102a2..8cd979f 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteWatchedProjects.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteWatchedProjects.java
@@ -52,7 +52,8 @@
public Response<?> apply(AccountResource rsrc, List<ProjectWatchInfo> input)
throws AuthException, UnprocessableEntityException, OrmException, IOException,
ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("It is not allowed to edit project watches of other users");
}
if (input == null) {
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
index cd3c0c8..fa36d1d 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
@@ -78,7 +78,8 @@
@Override
public Object apply(AccountResource resource) throws AuthException {
- if (self.get() != resource.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(resource.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("restricted to administrator");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetDiffPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetDiffPreferences.java
index 0edff4f..c2f7b8f 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetDiffPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetDiffPreferences.java
@@ -57,7 +57,8 @@
@Override
public DiffPreferencesInfo apply(AccountResource rsrc)
throws AuthException, ConfigInvalidException, IOException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("restricted to administrator");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetEditPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetEditPreferences.java
index e385020..e795f83 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetEditPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetEditPreferences.java
@@ -49,7 +49,8 @@
@Override
public EditPreferencesInfo apply(AccountResource rsrc)
throws AuthException, IOException, ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("requires Modify Account capability");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java
index 6ea911f..c926cff 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetExternalIds.java
@@ -49,7 +49,7 @@
@Override
public List<AccountExternalIdInfo> apply(AccountResource resource)
throws RestApiException, OrmException {
- if (self.get() != resource.getUser()) {
+ if (!self.get().hasSameAccountId(resource.getUser())) {
throw new AuthException("not allowed to get external IDs");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetOAuthToken.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetOAuthToken.java
index 4bbb5d4..61f5b84 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetOAuthToken.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetOAuthToken.java
@@ -50,7 +50,7 @@
@Override
public OAuthTokenInfo apply(AccountResource rsrc)
throws AuthException, ResourceNotFoundException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to get access token");
}
Account a = rsrc.getUser().getAccount();
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetPreferences.java
index 77cdbd4..95b115f 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetPreferences.java
@@ -36,7 +36,8 @@
@Override
public GeneralPreferencesInfo apply(AccountResource rsrc) throws AuthException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("requires Modify Account capability");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
index 980d880..a169f6f 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetSshKeys.java
@@ -47,7 +47,8 @@
public List<SshKeyInfo> apply(AccountResource rsrc)
throws AuthException, OrmException, RepositoryNotFoundException, IOException,
ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("not allowed to get SSH keys");
}
return apply(rsrc.getUser());
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetWatchedProjects.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetWatchedProjects.java
index e0aeee0..d8580eb 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetWatchedProjects.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetWatchedProjects.java
@@ -51,7 +51,8 @@
@Override
public List<ProjectWatchInfo> apply(AccountResource rsrc)
throws OrmException, AuthException, IOException, ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("It is not allowed to list project watches of other users");
}
Account.Id accountId = rsrc.getUser().getAccountId();
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/Index.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/Index.java
index 1666c70..238241c 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/Index.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/Index.java
@@ -39,7 +39,8 @@
@Override
public Response<?> apply(AccountResource rsrc, Input input) throws IOException, AuthException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("not allowed to index account");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PostWatchedProjects.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PostWatchedProjects.java
index 55ba912..7a4e0ec 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PostWatchedProjects.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PostWatchedProjects.java
@@ -63,7 +63,8 @@
@Override
public List<ProjectWatchInfo> apply(AccountResource rsrc, List<ProjectWatchInfo> input)
throws OrmException, RestApiException, IOException, ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to edit project watches");
}
Account.Id accountId = rsrc.getUser().getAccountId();
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutAgreement.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutAgreement.java
index 423d5a1..e622575 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutAgreement.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutAgreement.java
@@ -72,7 +72,7 @@
throw new MethodNotAllowedException("contributor agreements disabled");
}
- if (self.get() != resource.getUser()) {
+ if (!self.get().hasSameAccountId(resource.getUser())) {
throw new AuthException("not allowed to enter contributor agreement");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
index c87779e..0174ff1 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
@@ -77,13 +77,15 @@
String newPassword;
if (input.generate) {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to generate HTTP password");
}
newPassword = generate();
} else if (input.httpPassword == null) {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to clear HTTP password");
}
newPassword = null;
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
index 443a549..a00e2ad 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java
@@ -61,7 +61,8 @@
public Response<String> apply(AccountResource rsrc, Input input)
throws AuthException, MethodNotAllowedException, ResourceNotFoundException, OrmException,
IOException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("not allowed to change name");
}
return apply(rsrc.getUser(), input);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
index ec60fb3..d86a312 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutPreferred.java
@@ -50,7 +50,8 @@
@Override
public Response<String> apply(AccountResource.Email rsrc, Input input)
throws AuthException, ResourceNotFoundException, OrmException, IOException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("not allowed to set preferred email address");
}
return apply(rsrc.getUser(), rsrc.getEmail());
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutStatus.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutStatus.java
index ff541fd..c16d8da 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutStatus.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutStatus.java
@@ -58,7 +58,8 @@
@Override
public Response<String> apply(AccountResource rsrc, Input input)
throws AuthException, ResourceNotFoundException, OrmException, IOException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("not allowed to set status");
}
return apply(rsrc.getUser(), input);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutUsername.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutUsername.java
index e3a3c12..21b1720 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutUsername.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutUsername.java
@@ -59,7 +59,8 @@
public String apply(AccountResource rsrc, Input input)
throws AuthException, MethodNotAllowedException, UnprocessableEntityException,
ResourceConflictException, OrmException, IOException, ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canAdministrateServer()) {
throw new AuthException("not allowed to set username");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetDiffPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetDiffPreferences.java
index ac0cc96..c72ff02 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetDiffPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetDiffPreferences.java
@@ -59,7 +59,8 @@
public DiffPreferencesInfo apply(AccountResource rsrc, DiffPreferencesInfo in)
throws AuthException, BadRequestException, ConfigInvalidException,
RepositoryNotFoundException, IOException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("requires Modify Account capability");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetEditPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetEditPreferences.java
index ca981b8..e2a2912 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetEditPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetEditPreferences.java
@@ -59,7 +59,8 @@
public EditPreferencesInfo apply(AccountResource rsrc, EditPreferencesInfo in)
throws AuthException, BadRequestException, RepositoryNotFoundException, IOException,
ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("requires Modify Account capability");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetPreferences.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetPreferences.java
index 91672f7..d2164f6 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/SetPreferences.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/SetPreferences.java
@@ -75,7 +75,8 @@
@Override
public GeneralPreferencesInfo apply(AccountResource rsrc, GeneralPreferencesInfo i)
throws AuthException, BadRequestException, IOException, ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new AuthException("requires Modify Account capability");
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/SshKeys.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/SshKeys.java
index 6336e08..4f00e1a 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/SshKeys.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/SshKeys.java
@@ -56,7 +56,8 @@
@Override
public AccountResource.SshKey parse(AccountResource rsrc, IdString id)
throws ResourceNotFoundException, OrmException, IOException, ConfigInvalidException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canModifyAccount()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())
+ && !self.get().getCapabilities().canModifyAccount()) {
throw new ResourceNotFoundException();
}
return parse(rsrc.getUser(), id);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/StarredChanges.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/StarredChanges.java
index 995aaa5..868d378 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/StarredChanges.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/StarredChanges.java
@@ -130,7 +130,7 @@
@Override
public Response<?> apply(AccountResource rsrc, EmptyInput in)
throws AuthException, OrmException, IOException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to add starred change");
}
try {
@@ -159,7 +159,7 @@
@Override
public Response<?> apply(AccountResource.StarredChange rsrc, EmptyInput in)
throws AuthException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed update starred changes");
}
return Response.none();
@@ -180,7 +180,7 @@
@Override
public Response<?> apply(AccountResource.StarredChange rsrc, EmptyInput in)
throws AuthException, OrmException, IOException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed remove starred change");
}
starredChangesUtil.star(
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/Stars.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/Stars.java
index 52c6cdf..cf43a21 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/Stars.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/Stars.java
@@ -97,7 +97,7 @@
@SuppressWarnings("unchecked")
public List<ChangeInfo> apply(AccountResource rsrc)
throws BadRequestException, AuthException, OrmException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to list stars of another account");
}
QueryChanges query = changes.list();
@@ -119,7 +119,7 @@
@Override
public SortedSet<String> apply(AccountResource.Star rsrc) throws AuthException, OrmException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to get stars of another account");
}
return starredChangesUtil.getLabels(self.get().getAccountId(), rsrc.getChange().getId());
@@ -140,7 +140,7 @@
@Override
public Collection<String> apply(AccountResource.Star rsrc, StarsInput in)
throws AuthException, BadRequestException, OrmException {
- if (self.get() != rsrc.getUser()) {
+ if (!self.get().hasSameAccountId(rsrc.getUser())) {
throw new AuthException("not allowed to update stars of another account");
}
try {
