Merge branch 'stable-3.7'

* stable-3.7:
  Compute projectName in GitCloneStep constructor
  Set parent project at creation time for imported repos from GitHub
  Disallow the discovery of other user's membership
  Revert "Set version 3.5.0.2"

Change-Id: I7d4f5db1c936beb771f661fa3fe5c45b97d3c75b
diff --git a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/git/CreateProjectStep.java b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/git/CreateProjectStep.java
index 870a13b..f25e6ee 100644
--- a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/git/CreateProjectStep.java
+++ b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/git/CreateProjectStep.java
@@ -190,7 +190,6 @@
   private void setProjectSettings() {
     projectConfig.updateProject(
         b -> {
-          b.setParent(config.getBaseProject(getRepository().isPrivate()));
           b.setDescription(description);
           b.setSubmitType(SubmitType.MERGE_IF_NECESSARY);
           b.setBooleanConfig(
diff --git a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/git/GitCloneStep.java b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/git/GitCloneStep.java
index 02dfe87..0e0e72d 100644
--- a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/git/GitCloneStep.java
+++ b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/git/GitCloneStep.java
@@ -16,6 +16,7 @@
 import com.google.gerrit.entities.Project;
 import com.google.gerrit.extensions.api.GerritApi;
 import com.google.gerrit.extensions.api.changes.NotifyHandling;
+import com.google.gerrit.extensions.api.projects.ProjectInput;
 import com.google.gerrit.extensions.events.ProjectDeletedListener;
 import com.google.gerrit.extensions.registration.DynamicSet;
 import com.google.gerrit.extensions.restapi.ResourceConflictException;
@@ -52,6 +53,7 @@
   private final DynamicSet<ProjectDeletedListener> deletedListeners;
   private final ProjectCache projectCache;
   private final GitRepositoryManager repoManager;
+  private final String projectName;
 
   public interface Factory {
     GitCloneStep create(
@@ -79,15 +81,15 @@
     this.context = context;
     this.organisation = organisation;
     this.repository = repository;
-    this.destinationDirectory = prepareTargetGitDirectory(gitDir, organisation, repository);
+    this.projectName = organisation + "/" + repository;
+    this.destinationDirectory = prepareTargetGitDirectory(gitDir, this.projectName);
     this.deletedListeners = deletedListeners;
     this.projectCache = projectCache;
     this.repoManager = repoManager;
   }
 
-  private static File prepareTargetGitDirectory(File gitDir, String organisation, String repository)
+  private static File prepareTargetGitDirectory(File gitDir, String projectName)
       throws GitException {
-    String projectName = organisation + "/" + repository;
     File repositoryDir = new File(gitDir, projectName + ".git");
     if (repositoryDir.exists()) {
       throw new GitDestinationAlreadyExistsException(projectName);
@@ -96,9 +98,11 @@
   }
 
   private void createNewProject() throws GitException {
-    String projectName = organisation + "/" + repository;
     try (ManualRequestContext requestContext = context.openAs(config.importAccountId)) {
-      gerritApi.projects().create(projectName).get();
+      ProjectInput pi = new ProjectInput();
+      pi.name = projectName;
+      pi.parent = config.getBaseProject(getRepository().isPrivate());
+      gerritApi.projects().create(pi).get();
     } catch (ResourceConflictException e) {
       throw new GitDestinationAlreadyExistsException(projectName);
     } catch (RestApiException e) {
@@ -136,7 +140,6 @@
     }
 
     try {
-      String projectName = organisation + "/" + repository;
       Project.NameKey key = Project.nameKey(projectName);
       cleanJGitCache(key);
       FileUtils.deleteDirectory(gitDirectory);
diff --git a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/group/GitHubGroupBackend.java b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/group/GitHubGroupBackend.java
index 5f74078..9e96c2b 100644
--- a/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/group/GitHubGroupBackend.java
+++ b/github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/group/GitHubGroupBackend.java
@@ -30,6 +30,7 @@
 import com.google.gerrit.server.account.GroupMembership;
 import com.google.gerrit.server.project.ProjectState;
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
@@ -41,12 +42,16 @@
   private static final Logger log = LoggerFactory.getLogger(GitHubGroupBackend.class);
   private final GitHubGroupMembership.Factory ghMembershipProvider;
   private final GitHubGroupsCache ghOrganisationCache;
+  private final Provider<CurrentUser> currentUserProvider;
 
   @Inject
   GitHubGroupBackend(
-      GitHubGroupMembership.Factory ghMembershipProvider, GitHubGroupsCache ghOrganisationCache) {
+      GitHubGroupMembership.Factory ghMembershipProvider,
+      GitHubGroupsCache ghOrganisationCache,
+      Provider<CurrentUser> currentUserProvider) {
     this.ghMembershipProvider = ghMembershipProvider;
     this.ghOrganisationCache = ghOrganisationCache;
+    this.currentUserProvider = currentUserProvider;
   }
 
   @Override
@@ -112,6 +117,13 @@
 
   @Override
   public GroupMembership membershipsOf(CurrentUser user) {
+    CurrentUser currentUser = currentUserProvider.get();
+    if (!currentUser.isIdentifiedUser()
+        || !currentUser.asIdentifiedUser().getAccountId().equals(user.getAccountId())) {
+      // Do not allow to perform group discovery of other users
+      return GroupMembership.EMPTY;
+    }
+
     String username = user.getUserName().orElse(null);
     if (Strings.isNullOrEmpty(username)) {
       return GroupMembership.EMPTY;