Merge branch 'stable-2.14' into stable-2.15
* stable-2.14:
Bazel: Add fixes for --incompatible_load_java_rules_from_bzl
Change-Id: Iab1085ed238a355b1fc8560fcd53093a053957e2
diff --git a/WORKSPACE b/WORKSPACE
index b032a0c..f75f37c 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -3,7 +3,7 @@
load("//:bazlets.bzl", "load_bazlets")
load_bazlets(
- commit = "b750c0adec6deebb1063219787a97fab1d32724b",
+ commit = "4b3ce19d8d18d9f7df56a06532723b91ea6949d0",
#local_path = "/home/<user>/projects/bazlets",
)
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index c07795a..85c3a37 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -1,21 +1,20 @@
-load("//tools/bzl:maven_jar.bzl", "GERRIT", "maven_jar")
+load("//tools/bzl:maven_jar.bzl", "GERRIT", "MAVEN_CENTRAL", "MAVEN_LOCAL", "maven_jar")
-COMMONMARK_VERSION = "0.6.0"
+COMMONMARK_VERSION = "0.10.0"
def external_plugin_deps():
maven_jar(
name = "gitiles-servlet",
- artifact = "com.google.gitiles:gitiles-servlet:0.2-1",
- sha1 = "4b83471c65e110a08d99570fafcdaf5f59a0b9ce",
+ artifact = "com.google.gitiles:gitiles-servlet:0.2-5",
+ sha1 = "18186bd83a8c52a4a965472fcb9b4ea87862eb35",
repository = GERRIT,
)
# prettify must match the version used in Gitiles
maven_jar(
name = "prettify",
- artifact = "prettify:java-prettify:1.2.1",
- sha1 = "29ad8d072f9d0b83d1a2e9aa6ccb0905e6d543c6",
- repository = GERRIT,
+ artifact = "com.github.twalcari:java-prettify:1.2.2",
+ sha1 = "b8ba1c1eb8b2e45cfd465d01218c6060e887572e",
)
maven_jar(
@@ -24,32 +23,33 @@
sha1 = "557edd918fd41f9260963583ebf5a61a43a6b423",
)
+ # commonmark must match the version used in Gitiles
maven_jar(
name = "commonmark",
artifact = "com.atlassian.commonmark:commonmark:" + COMMONMARK_VERSION,
- sha1 = "5df3f6fa3073966620685924aa22d08ece7213f2",
+ sha1 = "119cb7bedc3570d9ecb64ec69ab7686b5c20559b",
)
maven_jar(
name = "cm-autolink",
artifact = "com.atlassian.commonmark:commonmark-ext-autolink:" + COMMONMARK_VERSION,
- sha1 = "4d7e828a4651e2f590b4a059925991be58e62da6",
+ sha1 = "a6056a5efbd68f57d420bc51bbc54b28a5d3c56b",
)
maven_jar(
name = "autolink",
- artifact = "org.nibor.autolink:autolink:0.4.0",
- sha1 = "764f7b0147a0675d971a34282dce9ec76b8307c9",
+ artifact = "org.nibor.autolink:autolink:0.7.0",
+ sha1 = "649f9f13422cf50c926febe6035662ae25dc89b2",
)
maven_jar(
name = "gfm-strikethrough",
artifact = "com.atlassian.commonmark:commonmark-ext-gfm-strikethrough:" + COMMONMARK_VERSION,
- sha1 = "75a95aaec77810496de41239bcc773adfb13285f",
+ sha1 = "40837da951b421b545edddac57012e15fcc9e63c",
)
maven_jar(
name = "gfm-tables",
artifact = "com.atlassian.commonmark:commonmark-ext-gfm-tables:" + COMMONMARK_VERSION,
- sha1 = "ae1c701517e8116bc205b561b9b215a53df8abc7",
+ sha1 = "c075db2a3301100cf70c7dced8ecf86b494458a2",
)
diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitiles/FilteredRepository.java b/src/main/java/com/googlesource/gerrit/plugins/gitiles/FilteredRepository.java
index de023e0..039f78f 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitiles/FilteredRepository.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitiles/FilteredRepository.java
@@ -17,16 +17,17 @@
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.git.GitRepositoryManager;
-import com.google.gerrit.server.git.SearchingChangeCacheImpl;
-import com.google.gerrit.server.git.TagCache;
import com.google.gerrit.server.git.VisibleRefFilter;
-import com.google.gerrit.server.notedb.ChangeNotes;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.gerrit.server.project.NoSuchProjectException;
-import com.google.gerrit.server.project.ProjectControl;
+import com.google.gerrit.server.project.ProjectCache;
+import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.IOException;
@@ -45,56 +46,67 @@
class FilteredRepository extends Repository {
static class Factory {
- private final Provider<ReviewDb> db;
- private final ProjectControl.GenericFactory projectControlFactory;
private final Provider<CurrentUser> userProvider;
+ private final ProjectCache projectCache;
private final GitRepositoryManager repoManager;
- private final TagCache tagCache;
- private final ChangeNotes.Factory changeNotesFactory;
- private final SearchingChangeCacheImpl changeCache;
+ private final VisibleRefFilter.Factory visibleRefFilterFactory;
+ private final PermissionBackend permissionBackend;
@Inject
Factory(
- Provider<ReviewDb> db,
- ProjectControl.GenericFactory projectControlFactory,
+ ProjectCache projectCache,
Provider<CurrentUser> userProvider,
GitRepositoryManager repoManager,
- TagCache tagCache,
- ChangeNotes.Factory changeNotesFactory,
- SearchingChangeCacheImpl changeCache) {
- this.db = db;
- this.projectControlFactory = projectControlFactory;
+ VisibleRefFilter.Factory visibleRefFilterFactory,
+ PermissionBackend permissionBackend) {
this.userProvider = userProvider;
+ this.projectCache = projectCache;
this.repoManager = repoManager;
- this.tagCache = tagCache;
- this.changeNotesFactory = changeNotesFactory;
- this.changeCache = changeCache;
+ this.visibleRefFilterFactory = visibleRefFilterFactory;
+ this.permissionBackend = permissionBackend;
}
- FilteredRepository create(Project.NameKey name) throws NoSuchProjectException, IOException {
- ProjectControl ctl = projectControlFactory.controlFor(name, userProvider.get());
- if (!ctl.isVisible()) {
+ FilteredRepository create(Project.NameKey name)
+ throws NoSuchProjectException, IOException, PermissionBackendException {
+ ProjectState projectState = projectCache.checkedGet(name);
+ if (projectState == null || !projectState.getProject().getState().permitsRead()) {
throw new NoSuchProjectException(name);
}
- Repository repo = repoManager.openRepository(name);
return new FilteredRepository(
- ctl,
- repo,
- new VisibleRefFilter(
- tagCache, changeNotesFactory, changeCache, repo, ctl, db.get(), true));
+ projectState,
+ userProvider.get(),
+ repoManager.openRepository(name),
+ visibleRefFilterFactory,
+ permissionBackend);
}
}
private final Repository delegate;
private final RefDatabase refdb;
- private FilteredRepository(ProjectControl ctl, Repository delegate, VisibleRefFilter refFilter) {
+ private FilteredRepository(
+ ProjectState projectState,
+ CurrentUser user,
+ Repository delegate,
+ VisibleRefFilter.Factory refFilterFactory,
+ PermissionBackend permissionBackend)
+ throws PermissionBackendException {
super(toBuilder(delegate));
this.delegate = delegate;
- if (ctl.allRefsAreVisible()) {
+ boolean visible = true;
+ try {
+ permissionBackend.user(user).project(projectState.getNameKey()).check(ProjectPermission.READ);
+ } catch (AuthException e) {
+ visible = false;
+ }
+
+ if (visible) {
this.refdb = delegate.getRefDatabase();
} else {
- this.refdb = new FilteredRefDatabase(delegate.getRefDatabase(), refFilter);
+
+ this.refdb =
+ new FilteredRefDatabase(
+ delegate.getRefDatabase(), refFilterFactory.create(projectState, delegate));
}
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitiles/GerritGitilesAccess.java b/src/main/java/com/googlesource/gerrit/plugins/gitiles/GerritGitilesAccess.java
index 4e7e612..3b5550a 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitiles/GerritGitilesAccess.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitiles/GerritGitilesAccess.java
@@ -22,6 +22,8 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AnonymousCowardName;
+import com.google.gerrit.server.config.SitePaths;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ListProjects;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectJson;
@@ -31,15 +33,19 @@
import com.google.gitiles.RepositoryDescription;
import com.google.inject.Inject;
import com.google.inject.Provider;
+import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
+import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.errors.RepositoryNotFoundException;
import org.eclipse.jgit.lib.Config;
+import org.eclipse.jgit.storage.file.FileBasedConfig;
import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
import org.eclipse.jgit.transport.resolver.ServiceNotEnabledException;
+import org.eclipse.jgit.util.FS;
class GerritGitilesAccess implements GitilesAccess {
// Assisted injection doesn't work with the overridden method, so write the
@@ -49,6 +55,7 @@
private final ProjectJson projectJson;
private final Provider<ListProjects> listProjects;
private final GitilesUrls urls;
+ private final SitePaths site;
private final Provider<CurrentUser> userProvider;
private final String anonymousCowardName;
@@ -58,12 +65,14 @@
ProjectJson projectJson,
Provider<ListProjects> listProjects,
GitilesUrls urls,
+ SitePaths site,
Provider<CurrentUser> userProvider,
@AnonymousCowardName String anonymousCowardName) {
this.projectCache = projectCache;
this.projectJson = projectJson;
this.listProjects = listProjects;
this.urls = urls;
+ this.site = site;
this.userProvider = userProvider;
this.anonymousCowardName = anonymousCowardName;
}
@@ -78,6 +87,7 @@
private final ProjectJson projectJson;
private final Provider<ListProjects> listProjects;
private final GitilesUrls urls;
+ private final SitePaths site;
private final Provider<CurrentUser> userProvider;
private final String anonymousCowardName;
private final HttpServletRequest req;
@@ -88,6 +98,7 @@
this.projectJson = factory.projectJson;
this.listProjects = factory.listProjects;
this.urls = factory.urls;
+ this.site = factory.site;
this.userProvider = factory.userProvider;
this.anonymousCowardName = factory.anonymousCowardName;
this.req = req;
@@ -106,7 +117,7 @@
Map<String, ProjectInfo> projects;
try {
projects = lp.apply();
- } catch (BadRequestException e) {
+ } catch (BadRequestException | PermissionBackendException e) {
throw new IOException(e);
}
Map<String, RepositoryDescription> result = Maps.newLinkedHashMap();
@@ -127,6 +138,20 @@
return desc;
}
+ private Config getGlobalConfig() throws IOException {
+ File cfgFile = site.etc_dir.resolve("gitiles.config").toFile();
+ FileBasedConfig cfg = new FileBasedConfig(cfgFile, FS.DETECTED);
+ try {
+ if (cfg.getFile().exists()) {
+ cfg.load();
+ }
+ } catch (ConfigInvalidException e) {
+ throw new IOException(e);
+ }
+
+ return cfg;
+ }
+
@Override
public Object getUserKey() {
CurrentUser user = userProvider.get();
@@ -155,20 +180,22 @@
public Config getConfig() throws IOException {
// Try to get a gitiles.config file from the refs/meta/config branch
// of the project. For non-project access, use All-Projects as project.
+ // If none of the above exists, use global gitiles.config.
Project.NameKey nameKey = Resolver.getNameKey(req);
ProjectState state = projectCache.get(nameKey);
if (state != null) {
Config cfg = state.getConfig("gitiles.config").getWithInheritance();
- if (cfg != null) {
+ if (cfg != null && cfg.getSections().size() > 0) {
return cfg;
}
} else {
state = projectCache.getAllProjects();
Config cfg = state.getConfig("gitiles.config").get();
- if (cfg != null) {
+ if (cfg != null && cfg.getSections().size() > 0) {
return cfg;
}
}
- return new Config();
+
+ return getGlobalConfig();
}
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitiles/Resolver.java b/src/main/java/com/googlesource/gerrit/plugins/gitiles/Resolver.java
index 4b08996..fcdae61 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitiles/Resolver.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitiles/Resolver.java
@@ -18,6 +18,7 @@
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -68,7 +69,7 @@
// Avoid leaking information by not distinguishing between
// project not existing and no access rights.
throw new ServiceNotAuthorizedException();
- } catch (IOException e) {
+ } catch (IOException | PermissionBackendException e) {
ServiceMayNotContinueException err =
new ServiceMayNotContinueException("error opening repository " + name);
err.initCause(e);
diff --git a/tools/bzl/maven_jar.bzl b/tools/bzl/maven_jar.bzl
index 528bffe..fb20419 100644
--- a/tools/bzl/maven_jar.bzl
+++ b/tools/bzl/maven_jar.bzl
@@ -3,8 +3,10 @@
_gerrit = "GERRIT",
_maven_central = "MAVEN_CENTRAL",
_maven_jar = "maven_jar",
+ _maven_local = "MAVEN_LOCAL",
)
GERRIT = _gerrit
MAVEN_CENTRAL = _maven_central
+MAVEN_LOCAL = _maven_local
maven_jar = _maven_jar