Convert project permission check to PermissionBackend
Change-Id: Id5243bf05a21f57c8071800f400f7b9ec401a2d3
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/DeleteImage.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/DeleteImage.java
index 7a6449e..451fd68 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/DeleteImage.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/DeleteImage.java
@@ -15,6 +15,7 @@
package com.googlesource.gerrit.plugins.imagare;
import com.google.gerrit.extensions.annotations.PluginName;
+import com.google.gerrit.extensions.api.access.PluginPermission;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
@@ -23,11 +24,13 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.permissions.RefPermission;
import com.google.inject.Inject;
import com.google.inject.Provider;
-
import com.googlesource.gerrit.plugins.imagare.DeleteImage.Input;
-
+import java.io.IOException;
import org.eclipse.jgit.errors.RepositoryNotFoundException;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.Ref;
@@ -38,8 +41,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.IOException;
-
public class DeleteImage implements RestModifyView<ImageResource, Input> {
private static final Logger log = LoggerFactory.getLogger(DeleteImage.class);
@@ -50,30 +51,36 @@
private final Provider<IdentifiedUser> self;
private final GitRepositoryManager repoManager;
private final GitReferenceUpdated referenceUpdated;
+ private final PermissionBackend permissionBackend;
@Inject
public DeleteImage(@PluginName String pluginName,
Provider<IdentifiedUser> self,
GitRepositoryManager repoManager,
- GitReferenceUpdated referenceUpdated) {
+ GitReferenceUpdated referenceUpdated,
+ PermissionBackend permissionBackend) {
this.pluginName = pluginName;
this.self = self;
this.repoManager = repoManager;
this.referenceUpdated = referenceUpdated;
+ this.permissionBackend = permissionBackend;
}
@Override
public Response<?> apply(ImageResource rsrc, Input input)
throws AuthException, ResourceConflictException,
- RepositoryNotFoundException, IOException, ResourceNotFoundException {
- if (!rsrc.getControl().canDelete()
- && !self.get().getCapabilities()
- .canPerform(pluginName + "-" + DeleteOwnImagesCapability.DELETE_OWN_IMAGES)) {
- throw new AuthException("not allowed to delete image");
+ RepositoryNotFoundException, IOException, ResourceNotFoundException,
+ PermissionBackendException {
+
+ if (!permissionBackend.user(self).ref(rsrc.getBranchKey()).testOrFalse(
+ RefPermission.DELETE)) {
+ permissionBackend.user(self).test(new PluginPermission(pluginName,
+ DeleteOwnImagesCapability.DELETE_OWN_IMAGES));
}
try (Repository r = repoManager.openRepository(rsrc.getProject())) {
- if (!rsrc.getControl().canDelete()) {
+ if (!permissionBackend.user(self).ref(rsrc.getBranchKey()).testOrFalse(
+ RefPermission.DELETE)) {
validateOwnImage(r, rsrc.getRef());
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/GetPreference.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/GetPreference.java
index 0711af9..177d502 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/GetPreference.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/GetPreference.java
@@ -14,6 +14,8 @@
package com.googlesource.gerrit.plugins.imagare;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
+
import com.google.common.base.MoreObjects;
import com.google.gerrit.extensions.annotations.PluginName;
import com.google.gerrit.extensions.restapi.AuthException;
@@ -21,6 +23,8 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.config.ConfigResource;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -39,21 +43,23 @@
private final ProjectCache projectCache;
private final String pluginName;
private final Provider<GetConfig> getConfig;
+ private final PermissionBackend permissionBackend;
@Inject
GetPreference(Provider<IdentifiedUser> self, ProjectCache projectCache,
- @PluginName String pluginName, Provider<GetConfig> getConfig) {
+ @PluginName String pluginName, Provider<GetConfig> getConfig,
+ PermissionBackend permissionBackend) {
this.self = self;
this.projectCache = projectCache;
this.pluginName = pluginName;
this.getConfig = getConfig;
+ this.permissionBackend = permissionBackend;
}
@Override
- public ConfigInfo apply(AccountResource rsrc) throws AuthException {
- if (self.get() != rsrc.getUser()
- && !self.get().getCapabilities().canAdministrateServer()) {
- throw new AuthException("not allowed to get preference");
+ public ConfigInfo apply(AccountResource rsrc) throws AuthException, PermissionBackendException {
+ if (self.get() != rsrc.getUser()) {
+ permissionBackend.user(self).check(ADMINISTRATE_SERVER);
}
String username = self.get().getUserName();
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/ImageServlet.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/ImageServlet.java
index 69ef8d1..6a17543 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/ImageServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/ImageServlet.java
@@ -40,7 +40,6 @@
import com.google.inject.Singleton;
import eu.medsea.mimeutil.MimeType;
-
import org.eclipse.jgit.errors.RepositoryNotFoundException;
import org.eclipse.jgit.errors.RevisionSyntaxException;
import org.eclipse.jgit.lib.Constants;
@@ -55,7 +54,6 @@
import java.io.IOException;
import java.util.concurrent.TimeUnit;
-
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -108,7 +106,7 @@
return;
}
- MimeType mimeType = fileTypeRegistry.getMimeType(key.file, null);
+ MimeType mimeType = fileTypeRegistry.getMimeType(key.file, (byte[])null);
if (!("image".equals(mimeType.getMediaType())
&& fileTypeRegistry.isSafeInline(mimeType))) {
notFound(res);
@@ -116,7 +114,7 @@
}
try {
- ProjectControl projectControl = projectControlFactory.validateFor(key.project);
+ ProjectControl projectControl = projectControlFactory.controlFor(key.project);
String rev = key.revision;
if (rev == null || Constants.HEAD.equals(rev)) {
rev = getHead.get().apply(new ProjectResource(projectControl));
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/ImagesCollection.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/ImagesCollection.java
index 33e2ab6..2304a68 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/ImagesCollection.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/ImagesCollection.java
@@ -22,8 +22,9 @@
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.reviewdb.client.Branch;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.RefPermission;
import com.google.gerrit.server.project.ProjectResource;
-import com.google.gerrit.server.project.RefControl;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -32,12 +33,15 @@
AcceptsPost<ProjectResource> {
private final DynamicMap<RestView<ImageResource>> views;
private final Provider<PostImage> createImage;
+ private final PermissionBackend permissionBackend;
@Inject
public ImagesCollection(DynamicMap<RestView<ImageResource>> views,
- Provider<PostImage> createImage) {
+ Provider<PostImage> createImage,
+ PermissionBackend permissionBackend) {
this.views = views;
this.createImage = createImage;
+ this.permissionBackend = permissionBackend;
}
@Override
@@ -48,14 +52,14 @@
@Override
public ImageResource parse(ProjectResource parent, IdString id)
throws ResourceNotFoundException {
- RefControl refControl =
- parent.getControl().controlForRef(
- new Branch.NameKey(parent.getNameKey(), id.get()));
- if (refControl.canRead()) {
- return new ImageResource(refControl);
- } else {
- throw new ResourceNotFoundException(id);
+ Branch.NameKey branchName = new Branch.NameKey(parent.getNameKey(), id.get());
+ if (permissionBackend
+ .user(parent.getControl().getUser())
+ .ref(branchName)
+ .testOrFalse(RefPermission.READ)) {
+ return new ImageResource(parent.getControl().controlForRef(branchName));
}
+ throw new ResourceNotFoundException(id);
}
@Override
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/PostImage.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/PostImage.java
index 5b58590..a777989 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/PostImage.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/PostImage.java
@@ -23,25 +23,21 @@
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.reviewdb.server.ReviewDb;
-import com.google.gerrit.server.mime.FileTypeRegistry;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
+import com.google.gerrit.server.mime.FileTypeRegistry;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectResource;
import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.project.RefControl;
import com.google.inject.Inject;
import com.google.inject.Provider;
-
import com.googlesource.gerrit.plugins.imagare.PostImage.Input;
-
import eu.medsea.mimeutil.MimeType;
-
import org.apache.commons.lang.ArrayUtils;
import org.eclipse.jgit.lib.CommitBuilder;
import org.eclipse.jgit.lib.Config;
@@ -75,7 +71,6 @@
private final PersonIdent myIdent;
private final String canonicalWebUrl;
private final Config cfg;
- private final Provider<ReviewDb> db;
private final String pluginName;
@Inject
@@ -86,7 +81,6 @@
@GerritPersonIdent PersonIdent myIdent,
@CanonicalWebUrl String canonicalWebUrl,
@GerritServerConfig Config cfg,
- Provider<ReviewDb> db,
@PluginName String pluginName) {
this.registry = registry;
this.imageDataPattern = Pattern.compile("data:([\\w/.-]+);([\\w]+),(.*)");
@@ -96,7 +90,6 @@
this.myIdent = myIdent;
this.canonicalWebUrl = canonicalWebUrl;
this.cfg = cfg;
- this.db = db;
this.pluginName = pluginName;
}
@@ -192,7 +185,7 @@
commitId = oi.insert(cb);
oi.flush();
- if (!rc.canCreate(db.get(), repo, rw.parseCommit(commitId))) {
+ if (!rc.canCreate(repo, rw.parseCommit(commitId))) {
throw new AuthException(String.format(
"Project %s doesn't allow image upload.", pc.getProject().getName()));
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/PutPreference.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/PutPreference.java
index cf81032..4a45db4 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/PutPreference.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/PutPreference.java
@@ -14,6 +14,7 @@
package com.googlesource.gerrit.plugins.imagare;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
import static com.googlesource.gerrit.plugins.imagare.GetPreference.PREFERENCE;
import static com.googlesource.gerrit.plugins.imagare.GetPreference.KEY_DEFAULT_PROJECT;
import static com.googlesource.gerrit.plugins.imagare.GetPreference.KEY_LINK_DECORATION;
@@ -30,6 +31,8 @@
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectLevelConfig;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -46,23 +49,25 @@
private final ProjectCache projectCache;
private final MetaDataUpdate.User metaDataUpdateFactory;
private final String pluginName;
+ private final PermissionBackend permissionBackend;
@Inject
PutPreference(Provider<IdentifiedUser> self, ProjectCache projectCache,
- MetaDataUpdate.User metaDataUpdateFactory, @PluginName String pluginName) {
+ MetaDataUpdate.User metaDataUpdateFactory, @PluginName String pluginName,
+ PermissionBackend permissionBackend) {
this.self = self;
this.projectCache = projectCache;
this.metaDataUpdateFactory = metaDataUpdateFactory;
this.pluginName = pluginName;
+ this.permissionBackend = permissionBackend;
}
@Override
public Response<String> apply(AccountResource rsrc, Input input)
throws AuthException, RepositoryNotFoundException, IOException,
- UnprocessableEntityException {
- if (self.get() != rsrc.getUser()
- && !self.get().getCapabilities().canAdministrateServer()) {
- throw new AuthException("not allowed to change preference");
+ UnprocessableEntityException, PermissionBackendException {
+ if (self.get() != rsrc.getUser()) {
+ permissionBackend.user(self).check(ADMINISTRATE_SERVER);
}
if (input == null) {
input = new Input();