Merge branch 'stable-2.14'
* stable-2.14:
DeleteImage: Add missing cases in switch on RefUpdate.Result
PostImage: Remove unused Config
ImageServlet: Suppress warning about deprecated Hashing.md5()
Fix unnecessarily nested else-clauses
Format Java files with google-java-format
Change-Id: I0f4b84f78a41a169c64634d1d5cd5a927235e2fe
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/DeleteImage.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/DeleteImage.java
index 33311c0..9f71e9d 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/DeleteImage.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/DeleteImage.java
@@ -15,6 +15,7 @@
package com.googlesource.gerrit.plugins.imagare;
import com.google.gerrit.extensions.annotations.PluginName;
+import com.google.gerrit.extensions.api.access.PluginPermission;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
@@ -23,6 +24,9 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.permissions.RefPermission;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.googlesource.gerrit.plugins.imagare.DeleteImage.Input;
@@ -46,32 +50,38 @@
private final Provider<IdentifiedUser> self;
private final GitRepositoryManager repoManager;
private final GitReferenceUpdated referenceUpdated;
+ private final PermissionBackend permissionBackend;
@Inject
public DeleteImage(
@PluginName String pluginName,
Provider<IdentifiedUser> self,
GitRepositoryManager repoManager,
- GitReferenceUpdated referenceUpdated) {
+ GitReferenceUpdated referenceUpdated,
+ PermissionBackend permissionBackend) {
this.pluginName = pluginName;
this.self = self;
this.repoManager = repoManager;
this.referenceUpdated = referenceUpdated;
+ this.permissionBackend = permissionBackend;
}
@Override
public Response<?> apply(ImageResource rsrc, Input input)
throws AuthException, ResourceConflictException, RepositoryNotFoundException, IOException,
- ResourceNotFoundException {
- if (!rsrc.getControl().canDelete()
- && !self.get()
- .getCapabilities()
- .canPerform(pluginName + "-" + DeleteOwnImagesCapability.DELETE_OWN_IMAGES)) {
- throw new AuthException("not allowed to delete image");
+ ResourceNotFoundException, PermissionBackendException {
+
+ if (!permissionBackend.user(self).ref(rsrc.getBranchKey()).testOrFalse(RefPermission.DELETE)) {
+ permissionBackend
+ .user(self)
+ .test(new PluginPermission(pluginName, DeleteOwnImagesCapability.DELETE_OWN_IMAGES));
}
try (Repository r = repoManager.openRepository(rsrc.getProject())) {
- if (!rsrc.getControl().canDelete()) {
+ if (!permissionBackend
+ .user(self)
+ .ref(rsrc.getBranchKey())
+ .testOrFalse(RefPermission.DELETE)) {
validateOwnImage(r, rsrc.getRef());
}
@@ -103,6 +113,8 @@
case NOT_ATTEMPTED:
case REJECTED:
case RENAMED:
+ case REJECTED_MISSING_OBJECT:
+ case REJECTED_OTHER_REASON:
default:
log.error("Cannot delete " + rsrc.getRef() + ": " + result.name());
throw new ResourceConflictException("cannot delete branch: " + result.name());
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/GetPreference.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/GetPreference.java
index 0fc0732..4c5041b 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/GetPreference.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/GetPreference.java
@@ -14,6 +14,8 @@
package com.googlesource.gerrit.plugins.imagare;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
+
import com.google.common.base.MoreObjects;
import com.google.gerrit.extensions.annotations.PluginName;
import com.google.gerrit.extensions.restapi.AuthException;
@@ -21,6 +23,8 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.config.ConfigResource;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -37,23 +41,26 @@
private final ProjectCache projectCache;
private final String pluginName;
private final Provider<GetConfig> getConfig;
+ private final PermissionBackend permissionBackend;
@Inject
GetPreference(
Provider<IdentifiedUser> self,
ProjectCache projectCache,
@PluginName String pluginName,
- Provider<GetConfig> getConfig) {
+ Provider<GetConfig> getConfig,
+ PermissionBackend permissionBackend) {
this.self = self;
this.projectCache = projectCache;
this.pluginName = pluginName;
this.getConfig = getConfig;
+ this.permissionBackend = permissionBackend;
}
@Override
- public ConfigInfo apply(AccountResource rsrc) throws AuthException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
- throw new AuthException("not allowed to get preference");
+ public ConfigInfo apply(AccountResource rsrc) throws AuthException, PermissionBackendException {
+ if (self.get() != rsrc.getUser()) {
+ permissionBackend.user(self).check(ADMINISTRATE_SERVER);
}
String username = self.get().getUserName();
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/ImageServlet.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/ImageServlet.java
index 8252fb2..6c52b46 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/ImageServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/ImageServlet.java
@@ -25,9 +25,13 @@
import com.google.gerrit.extensions.restapi.IdString;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.reviewdb.server.ReviewDb;
+import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.mime.FileTypeRegistry;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.permissions.RefPermission;
+import com.google.gerrit.server.project.CommitsCollection;
import com.google.gerrit.server.project.GetHead;
import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.gerrit.server.project.ProjectCache;
@@ -63,29 +67,35 @@
public static final String PATH_PREFIX = "/project/";
private final String pluginName;
- private final Provider<ReviewDb> db;
private final ProjectControl.Factory projectControlFactory;
private final ProjectCache projectCache;
private final Provider<GetHead> getHead;
private final GitRepositoryManager repoManager;
private final FileTypeRegistry fileTypeRegistry;
+ private final CommitsCollection commits;
+ private final Provider<CurrentUser> self;
+ private final PermissionBackend permissionBackend;
@Inject
ImageServlet(
@PluginName String pluginName,
- Provider<ReviewDb> db,
ProjectControl.Factory projectControlFactory,
ProjectCache projectCache,
Provider<GetHead> getHead,
GitRepositoryManager repoManager,
- FileTypeRegistry fileTypeRegistry) {
+ FileTypeRegistry fileTypeRegistry,
+ CommitsCollection commits,
+ Provider<CurrentUser> self,
+ PermissionBackend permissionBackend) {
this.pluginName = pluginName;
- this.db = db;
this.projectControlFactory = projectControlFactory;
this.projectCache = projectCache;
this.getHead = getHead;
this.repoManager = repoManager;
this.fileTypeRegistry = fileTypeRegistry;
+ this.commits = commits;
+ this.self = self;
+ this.permissionBackend = permissionBackend;
}
@Override
@@ -103,14 +113,14 @@
return;
}
- MimeType mimeType = fileTypeRegistry.getMimeType(key.file, null);
+ MimeType mimeType = fileTypeRegistry.getMimeType(key.file, (byte[]) null);
if (!("image".equals(mimeType.getMediaType()) && fileTypeRegistry.isSafeInline(mimeType))) {
notFound(res);
return;
}
try {
- ProjectControl projectControl = projectControlFactory.validateFor(key.project);
+ ProjectControl projectControl = projectControlFactory.controlFor(key.project);
String rev = key.revision;
if (rev == null || Constants.HEAD.equals(rev)) {
rev = getHead.get().apply(new ProjectResource(projectControl));
@@ -119,7 +129,10 @@
if (!rev.startsWith(Constants.R_REFS)) {
rev = Constants.R_HEADS + rev;
}
- if (!projectControl.controlForRef(rev).isVisible()) {
+ PermissionBackend.ForProject perm = permissionBackend.user(self).project(key.project);
+ try {
+ perm.ref(rev).check(RefPermission.READ);
+ } catch (AuthException e) {
notFound(res);
return;
}
@@ -135,7 +148,7 @@
if (ObjectId.isId(rev)) {
try (RevWalk rw = new RevWalk(repo)) {
RevCommit commit = rw.parseCommit(repo.resolve(rev));
- if (!projectControl.canReadCommit(db.get(), repo, commit)) {
+ if (!commits.canRead(state, repo, commit)) {
notFound(res);
return;
}
@@ -193,7 +206,8 @@
| NoSuchProjectException
| ResourceNotFoundException
| AuthException
- | RevisionSyntaxException e) {
+ | RevisionSyntaxException
+ | PermissionBackendException e) {
notFound(res);
return;
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/ImagesCollection.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/ImagesCollection.java
index c810abb..992bbff 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/ImagesCollection.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/ImagesCollection.java
@@ -22,8 +22,9 @@
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.reviewdb.client.Branch;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.RefPermission;
import com.google.gerrit.server.project.ProjectResource;
-import com.google.gerrit.server.project.RefControl;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -31,12 +32,16 @@
implements ChildCollection<ProjectResource, ImageResource>, AcceptsPost<ProjectResource> {
private final DynamicMap<RestView<ImageResource>> views;
private final Provider<PostImage> createImage;
+ private final PermissionBackend permissionBackend;
@Inject
public ImagesCollection(
- DynamicMap<RestView<ImageResource>> views, Provider<PostImage> createImage) {
+ DynamicMap<RestView<ImageResource>> views,
+ Provider<PostImage> createImage,
+ PermissionBackend permissionBackend) {
this.views = views;
this.createImage = createImage;
+ this.permissionBackend = permissionBackend;
}
@Override
@@ -46,10 +51,12 @@
@Override
public ImageResource parse(ProjectResource parent, IdString id) throws ResourceNotFoundException {
- RefControl refControl =
- parent.getControl().controlForRef(new Branch.NameKey(parent.getNameKey(), id.get()));
- if (refControl.canRead()) {
- return new ImageResource(refControl);
+ Branch.NameKey branchName = new Branch.NameKey(parent.getNameKey(), id.get());
+ if (permissionBackend
+ .user(parent.getControl().getUser())
+ .ref(branchName)
+ .testOrFalse(RefPermission.READ)) {
+ return new ImageResource(parent.getControl().controlForRef(branchName));
}
throw new ResourceNotFoundException(id);
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/PostImage.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/PostImage.java
index f336cc4..f1b54d3 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/PostImage.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/PostImage.java
@@ -21,18 +21,21 @@
import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.Response;
+import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
+import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.mime.FileTypeRegistry;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.project.CreateRefControl;
+import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectResource;
-import com.google.gerrit.server.project.RefControl;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.googlesource.gerrit.plugins.imagare.PostImage.Input;
@@ -67,8 +70,8 @@
private final GitReferenceUpdated referenceUpdated;
private final PersonIdent myIdent;
private final String canonicalWebUrl;
- private final Provider<ReviewDb> db;
private final String pluginName;
+ private final CreateRefControl createRefControl;
@Inject
public PostImage(
@@ -78,8 +81,8 @@
GitReferenceUpdated referenceUpdated,
@GerritPersonIdent PersonIdent myIdent,
@CanonicalWebUrl String canonicalWebUrl,
- Provider<ReviewDb> db,
- @PluginName String pluginName) {
+ @PluginName String pluginName,
+ CreateRefControl createRefControl) {
this.registry = registry;
this.imageDataPattern = Pattern.compile("data:([\\w/.-]+);([\\w]+),(.*)");
this.self = self;
@@ -87,14 +90,13 @@
this.referenceUpdated = referenceUpdated;
this.myIdent = myIdent;
this.canonicalWebUrl = canonicalWebUrl;
- this.db = db;
this.pluginName = pluginName;
+ this.createRefControl = createRefControl;
}
@Override
public Response<ImageInfo> apply(ProjectResource rsrc, Input input)
- throws MethodNotAllowedException, BadRequestException, AuthException, IOException,
- ResourceConflictException {
+ throws RestApiException, IOException, PermissionBackendException, NoSuchProjectException {
if (input == null) {
input = new Input();
}
@@ -108,8 +110,7 @@
}
private ImageInfo storeImage(ProjectControl pc, String imageData, String fileName)
- throws MethodNotAllowedException, BadRequestException, AuthException, IOException,
- ResourceConflictException {
+ throws RestApiException, IOException, PermissionBackendException, NoSuchProjectException {
Matcher m = imageDataPattern.matcher(imageData);
if (m.matches()) {
String receivedMimeType = m.group(1);
@@ -142,7 +143,8 @@
}
private String storeImage(ProjectControl pc, byte[] content, String fileName)
- throws AuthException, IOException, ResourceConflictException {
+ throws AuthException, IOException, ResourceConflictException, PermissionBackendException,
+ NoSuchProjectException {
long maxSize = pc.getProjectState().getEffectiveMaxObjectSizeLimit().value;
// maxSize == 0 means that there is no limit
if (maxSize > 0 && content.length > maxSize) {
@@ -150,7 +152,6 @@
}
String ref = getRef(content, fileName);
- RefControl rc = pc.controlForRef(ref);
try (Repository repo = repoManager.openRepository(pc.getProject().getNameKey())) {
ObjectId commitId = repo.resolve(ref);
@@ -180,7 +181,13 @@
commitId = oi.insert(cb);
oi.flush();
- if (!rc.canCreate(db.get(), repo, rw.parseCommit(commitId))) {
+ try {
+ createRefControl.checkCreateRef(
+ self,
+ repo,
+ new Branch.NameKey(pc.getProject().getNameKey(), ref),
+ rw.parseCommit(commitId));
+ } catch (AuthException e) {
throw new AuthException(
String.format("Project %s doesn't allow image upload.", pc.getProject().getName()));
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/imagare/PutPreference.java b/src/main/java/com/googlesource/gerrit/plugins/imagare/PutPreference.java
index bebef61..025475a 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/imagare/PutPreference.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/imagare/PutPreference.java
@@ -14,6 +14,7 @@
package com.googlesource.gerrit.plugins.imagare;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
import static com.googlesource.gerrit.plugins.imagare.GetPreference.KEY_DEFAULT_PROJECT;
import static com.googlesource.gerrit.plugins.imagare.GetPreference.KEY_LINK_DECORATION;
import static com.googlesource.gerrit.plugins.imagare.GetPreference.KEY_STAGE;
@@ -30,6 +31,8 @@
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectLevelConfig;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -43,24 +46,28 @@
private final ProjectCache projectCache;
private final MetaDataUpdate.User metaDataUpdateFactory;
private final String pluginName;
+ private final PermissionBackend permissionBackend;
@Inject
PutPreference(
Provider<IdentifiedUser> self,
ProjectCache projectCache,
MetaDataUpdate.User metaDataUpdateFactory,
- @PluginName String pluginName) {
+ @PluginName String pluginName,
+ PermissionBackend permissionBackend) {
this.self = self;
this.projectCache = projectCache;
this.metaDataUpdateFactory = metaDataUpdateFactory;
this.pluginName = pluginName;
+ this.permissionBackend = permissionBackend;
}
@Override
public Response<String> apply(AccountResource rsrc, Input input)
- throws AuthException, RepositoryNotFoundException, IOException, UnprocessableEntityException {
- if (self.get() != rsrc.getUser() && !self.get().getCapabilities().canAdministrateServer()) {
- throw new AuthException("not allowed to change preference");
+ throws AuthException, RepositoryNotFoundException, IOException, UnprocessableEntityException,
+ PermissionBackendException {
+ if (self.get() != rsrc.getUser()) {
+ permissionBackend.user(self).check(ADMINISTRATE_SERVER);
}
if (input == null) {
input = new Input();
