java/com/google/gerrit/server/account/AccountControl.java - gerrit - Git at Google

 // Copyright (C) 2012 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package com.google.gerrit.server.account;

 import static java.util.stream.Collectors.toSet;

 import com.google.gerrit.common.data.PermissionRule;
 import com.google.gerrit.entities.Account;
 import com.google.gerrit.entities.AccountGroup;
 import com.google.gerrit.exceptions.NoSuchGroupException;
 import com.google.gerrit.extensions.common.AccountVisibility;
 import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.permissions.GlobalPermission;
 import com.google.gerrit.server.permissions.PermissionBackend;
 import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.project.AccountsSection;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Set;

 /** Access control management for one account's access to other accounts. */
 public class AccountControl {
   public static class Factory {
     private final PermissionBackend permissionBackend;
     private final ProjectCache projectCache;
     private final GroupControl.Factory groupControlFactory;
     private final Provider<CurrentUser> user;
     private final IdentifiedUser.GenericFactory userFactory;
     private final AccountVisibility accountVisibility;

     @Inject
     Factory(
         PermissionBackend permissionBackend,
         ProjectCache projectCache,
         GroupControl.Factory groupControlFactory,
         Provider<CurrentUser> user,
         IdentifiedUser.GenericFactory userFactory,
         AccountVisibility accountVisibility) {
       this.permissionBackend = permissionBackend;
       this.projectCache = projectCache;
       this.groupControlFactory = groupControlFactory;
       this.user = user;
       this.userFactory = userFactory;
       this.accountVisibility = accountVisibility;
     }

     public AccountControl get() {
       return new AccountControl(
           permissionBackend,
           projectCache,
           groupControlFactory,
           user.get(),
           userFactory,
           accountVisibility);
     }
   }

   private final AccountsSection accountsSection;
   private final GroupControl.Factory groupControlFactory;
   private final PermissionBackend.WithUser perm;
   private final CurrentUser user;
   private final IdentifiedUser.GenericFactory userFactory;
   private final AccountVisibility accountVisibility;

   private Boolean viewAll;

   private AccountControl(
       PermissionBackend permissionBackend,
       ProjectCache projectCache,
       GroupControl.Factory groupControlFactory,
       CurrentUser user,
       IdentifiedUser.GenericFactory userFactory,
       AccountVisibility accountVisibility) {
     this.accountsSection = projectCache.getAllProjects().getConfig().getAccountsSection();
     this.groupControlFactory = groupControlFactory;
     this.perm = permissionBackend.user(user);
     this.user = user;
     this.userFactory = userFactory;
     this.accountVisibility = accountVisibility;
   }

   public CurrentUser getUser() {
     return user;
   }

   /**
    * Returns true if the current user is allowed to see the otherUser, based on the account
    * visibility policy. Depending on the group membership realms supported, this may not be able to
    * determine SAME_GROUP or VISIBLE_GROUP correctly (defaulting to not being visible). This is
    * because {@link GroupMembership#getKnownGroups()} may only return a subset of the effective
    * groups.
    */
   public boolean canSee(Account.Id otherUser) {
     return canSee(
         new OtherUser() {
           @Override
           Account.Id getId() {
             return otherUser;
           }

           @Override
           IdentifiedUser createUser() {
             return userFactory.create(otherUser);
           }
         });
   }

   /**
    * Returns true if the current user is allowed to see the otherUser, based on the account
    * visibility policy. Depending on the group membership realms supported, this may not be able to
    * determine SAME_GROUP or VISIBLE_GROUP correctly (defaulting to not being visible). This is
    * because {@link GroupMembership#getKnownGroups()} may only return a subset of the effective
    * groups.
    */
   public boolean canSee(AccountState otherUser) {
     return canSee(
         new OtherUser() {
           @Override
           Account.Id getId() {
             return otherUser.account().id();
           }

           @Override
           IdentifiedUser createUser() {
             return userFactory.create(otherUser);
           }
         });
   }

   private boolean canSee(OtherUser otherUser) {
     if (accountVisibility == AccountVisibility.ALL) {
       return true;
     } else if (user.isIdentifiedUser() && user.getAccountId().equals(otherUser.getId())) {
       // I can always see myself.
       return true;
     } else if (viewAll()) {
       return true;
     }

     switch (accountVisibility) {
       case SAME_GROUP:
         {
           Set<AccountGroup.UUID> usersGroups = groupsOf(otherUser.getUser());
           for (PermissionRule rule : accountsSection.getSameGroupVisibility()) {
             if (rule.isBlock() || rule.isDeny()) {
               usersGroups.remove(rule.getGroup().getUUID());
             }
           }

           if (user.getEffectiveGroups().containsAnyOf(usersGroups)) {
             return true;
           }
           break;
         }
       case VISIBLE_GROUP:
         {
           Set<AccountGroup.UUID> usersGroups = groupsOf(otherUser.getUser());
           for (AccountGroup.UUID usersGroup : usersGroups) {
             try {
               if (groupControlFactory.controlFor(usersGroup).isVisible()) {
                 return true;
               }
             } catch (NoSuchGroupException e) {
               continue;
             }
           }
           break;
         }
       case NONE:
         break;
       case ALL:
       default:
         throw new IllegalStateException("Bad AccountVisibility " + accountVisibility);
     }
     return false;
   }

   private boolean viewAll() {
     if (viewAll == null) {
       try {
         perm.check(GlobalPermission.VIEW_ALL_ACCOUNTS);
         viewAll = true;
       } catch (AuthException | PermissionBackendException e) {
         viewAll = false;
       }
     }
     return viewAll;
   }

   private Set<AccountGroup.UUID> groupsOf(IdentifiedUser user) {
     return user.getEffectiveGroups().getKnownGroups().stream()
         .filter(a -> !SystemGroupBackend.isSystemGroup(a))
         .collect(toSet());
   }

   private abstract static class OtherUser {
     IdentifiedUser user;

     IdentifiedUser getUser() {
       if (user == null) {
         user = createUser();
       }
       return user;
     }

     abstract IdentifiedUser createUser();

     abstract Account.Id getId();
   }
 }
	// Copyright (C) 2012 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package com.google.gerrit.server.account;

	import static java.util.stream.Collectors.toSet;

	import com.google.gerrit.common.data.PermissionRule;
	import com.google.gerrit.entities.Account;
	import com.google.gerrit.entities.AccountGroup;
	import com.google.gerrit.exceptions.NoSuchGroupException;
	import com.google.gerrit.extensions.common.AccountVisibility;
	import com.google.gerrit.extensions.restapi.AuthException;
	import com.google.gerrit.server.CurrentUser;
	import com.google.gerrit.server.IdentifiedUser;
	import com.google.gerrit.server.group.SystemGroupBackend;
	import com.google.gerrit.server.permissions.GlobalPermission;
	import com.google.gerrit.server.permissions.PermissionBackend;
	import com.google.gerrit.server.permissions.PermissionBackendException;
	import com.google.gerrit.server.project.AccountsSection;
	import com.google.gerrit.server.project.ProjectCache;
	import com.google.inject.Inject;
	import com.google.inject.Provider;
	import java.util.Set;

	/** Access control management for one account's access to other accounts. */
	public class AccountControl {
	public static class Factory {
	private final PermissionBackend permissionBackend;
	private final ProjectCache projectCache;
	private final GroupControl.Factory groupControlFactory;
	private final Provider<CurrentUser> user;
	private final IdentifiedUser.GenericFactory userFactory;
	private final AccountVisibility accountVisibility;

	@Inject
	Factory(
	PermissionBackend permissionBackend,
	ProjectCache projectCache,
	GroupControl.Factory groupControlFactory,
	Provider<CurrentUser> user,
	IdentifiedUser.GenericFactory userFactory,
	AccountVisibility accountVisibility) {
	this.permissionBackend = permissionBackend;
	this.projectCache = projectCache;
	this.groupControlFactory = groupControlFactory;
	this.user = user;
	this.userFactory = userFactory;
	this.accountVisibility = accountVisibility;
	}

	public AccountControl get() {
	return new AccountControl(
	permissionBackend,
	projectCache,
	groupControlFactory,
	user.get(),
	userFactory,
	accountVisibility);
	}
	}

	private final AccountsSection accountsSection;
	private final GroupControl.Factory groupControlFactory;
	private final PermissionBackend.WithUser perm;
	private final CurrentUser user;
	private final IdentifiedUser.GenericFactory userFactory;
	private final AccountVisibility accountVisibility;

	private Boolean viewAll;

	private AccountControl(
	PermissionBackend permissionBackend,
	ProjectCache projectCache,
	GroupControl.Factory groupControlFactory,
	CurrentUser user,
	IdentifiedUser.GenericFactory userFactory,
	AccountVisibility accountVisibility) {
	this.accountsSection = projectCache.getAllProjects().getConfig().getAccountsSection();
	this.groupControlFactory = groupControlFactory;
	this.perm = permissionBackend.user(user);
	this.user = user;
	this.userFactory = userFactory;
	this.accountVisibility = accountVisibility;
	}

	public CurrentUser getUser() {
	return user;
	}

	/**
	* Returns true if the current user is allowed to see the otherUser, based on the account
	* visibility policy. Depending on the group membership realms supported, this may not be able to
	* determine SAME_GROUP or VISIBLE_GROUP correctly (defaulting to not being visible). This is
	* because {@link GroupMembership#getKnownGroups()} may only return a subset of the effective
	* groups.
	*/
	public boolean canSee(Account.Id otherUser) {
	return canSee(
	new OtherUser() {
	@Override
	Account.Id getId() {
	return otherUser;
	}

	@Override
	IdentifiedUser createUser() {
	return userFactory.create(otherUser);
	}
	});
	}

	/**
	* Returns true if the current user is allowed to see the otherUser, based on the account
	* visibility policy. Depending on the group membership realms supported, this may not be able to
	* determine SAME_GROUP or VISIBLE_GROUP correctly (defaulting to not being visible). This is
	* because {@link GroupMembership#getKnownGroups()} may only return a subset of the effective
	* groups.
	*/
	public boolean canSee(AccountState otherUser) {
	return canSee(
	new OtherUser() {
	@Override
	Account.Id getId() {
	return otherUser.account().id();
	}

	@Override
	IdentifiedUser createUser() {
	return userFactory.create(otherUser);
	}
	});
	}

	private boolean canSee(OtherUser otherUser) {
	if (accountVisibility == AccountVisibility.ALL) {
	return true;
	} else if (user.isIdentifiedUser() && user.getAccountId().equals(otherUser.getId())) {
	// I can always see myself.
	return true;
	} else if (viewAll()) {
	return true;
	}

	switch (accountVisibility) {
	case SAME_GROUP:
	{
	Set<AccountGroup.UUID> usersGroups = groupsOf(otherUser.getUser());
	for (PermissionRule rule : accountsSection.getSameGroupVisibility()) {
	if (rule.isBlock() \|\| rule.isDeny()) {
	usersGroups.remove(rule.getGroup().getUUID());
	}
	}

	if (user.getEffectiveGroups().containsAnyOf(usersGroups)) {
	return true;
	}
	break;
	}
	case VISIBLE_GROUP:
	{
	Set<AccountGroup.UUID> usersGroups = groupsOf(otherUser.getUser());
	for (AccountGroup.UUID usersGroup : usersGroups) {
	try {
	if (groupControlFactory.controlFor(usersGroup).isVisible()) {
	return true;
	}
	} catch (NoSuchGroupException e) {
	continue;
	}
	}
	break;
	}
	case NONE:
	break;
	case ALL:
	default:
	throw new IllegalStateException("Bad AccountVisibility " + accountVisibility);
	}
	return false;
	}

	private boolean viewAll() {
	if (viewAll == null) {
	try {
	perm.check(GlobalPermission.VIEW_ALL_ACCOUNTS);
	viewAll = true;
	} catch (AuthException \| PermissionBackendException e) {
	viewAll = false;
	}
	}
	return viewAll;
	}

	private Set<AccountGroup.UUID> groupsOf(IdentifiedUser user) {
	return user.getEffectiveGroups().getKnownGroups().stream()
	.filter(a -> !SystemGroupBackend.isSystemGroup(a))
	.collect(toSet());
	}

	private abstract static class OtherUser {
	IdentifiedUser user;

	IdentifiedUser getUser() {
	if (user == null) {
	user = createUser();
	}
	return user;
	}

	abstract IdentifiedUser createUser();

	abstract Account.Id getId();
	}
	}