CapabilityChecker: Migrate to using permission backend
Change-Id: I43619427dc3479a3f80b49a4262097ae9c804ac8
diff --git a/src/main/java/com/googlesource/gerrit/plugins/javamelody/CapabilityChecker.java b/src/main/java/com/googlesource/gerrit/plugins/javamelody/CapabilityChecker.java
index d8e8fe5..fc7bef2 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/javamelody/CapabilityChecker.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/javamelody/CapabilityChecker.java
@@ -14,27 +14,45 @@
package com.googlesource.gerrit.plugins.javamelody;
+import com.google.common.collect.ImmutableSet;
import com.google.gerrit.extensions.annotations.PluginName;
+import com.google.gerrit.extensions.api.access.PluginPermission;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.server.CurrentUser;
-import com.google.gerrit.server.account.CapabilityControl;
+import com.google.gerrit.server.permissions.GlobalPermission;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
+import com.google.inject.Singleton;
+@Singleton
public class CapabilityChecker {
+ private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> userProvider;
- private final String capabilityName;
+ private final String pluginName;
@Inject
- CapabilityChecker(Provider<CurrentUser> userProvider, @PluginName String pluginName) {
+ CapabilityChecker(
+ PermissionBackend permissionBackend,
+ Provider<CurrentUser> userProvider,
+ @PluginName String pluginName) {
+ this.permissionBackend = permissionBackend;
this.userProvider = userProvider;
- this.capabilityName = String.format("%s-%s", pluginName, MonitoringCapability.ID);
+ this.pluginName = pluginName;
}
public boolean canMonitor() {
- if (userProvider.get().isIdentifiedUser()) {
- CapabilityControl ctl = userProvider.get().getCapabilities();
- return ctl.canAdministrateServer() || ctl.canPerform(capabilityName);
+ try {
+ permissionBackend
+ .user(userProvider)
+ .checkAny(
+ ImmutableSet.of(
+ GlobalPermission.ADMINISTRATE_SERVER,
+ new PluginPermission(pluginName, MonitoringCapability.ID)));
+ return true;
+ } catch (AuthException | PermissionBackendException e) {
+ return false;
}
- return false;
}
}