commit 3d24c6900d1574413fb4de5e180061b5ab385463
author David Ostrovsky <david@ostrovsky.org> Fri Apr 28 12:40:18 2017 +0200
committer David Ostrovsky <david@ostrovsky.org> Fri Apr 28 12:48:08 2017 +0200
tree 1c2201f5ce9f7fc91344bde6de27fa609e235871
parent a9625380109100f1723566a5e1d9533101f64b92

CapabilityChecker: Migrate to using permission backend

Change-Id: I43619427dc3479a3f80b49a4262097ae9c804ac8

src/main/java/com/googlesource/gerrit/plugins/javamelody/CapabilityChecker.java

diff --git a/src/main/java/com/googlesource/gerrit/plugins/javamelody/CapabilityChecker.java b/src/main/java/com/googlesource/gerrit/plugins/javamelody/CapabilityChecker.java
index d8e8fe5..fc7bef2 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/javamelody/CapabilityChecker.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/javamelody/CapabilityChecker.java
@@ -14,27 +14,45 @@
 
 package com.googlesource.gerrit.plugins.javamelody;
 
+import com.google.common.collect.ImmutableSet;
 import com.google.gerrit.extensions.annotations.PluginName;
+import com.google.gerrit.extensions.api.access.PluginPermission;
+import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.server.CurrentUser;
-import com.google.gerrit.server.account.CapabilityControl;
+import com.google.gerrit.server.permissions.GlobalPermission;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
+import com.google.inject.Singleton;
 
+@Singleton
 public class CapabilityChecker {
+  private final PermissionBackend permissionBackend;
   private final Provider<CurrentUser> userProvider;
-  private final String capabilityName;
+  private final String pluginName;
 
   @Inject
-  CapabilityChecker(Provider<CurrentUser> userProvider, @PluginName String pluginName) {
+  CapabilityChecker(
+      PermissionBackend permissionBackend,
+      Provider<CurrentUser> userProvider,
+      @PluginName String pluginName) {
+    this.permissionBackend = permissionBackend;
     this.userProvider = userProvider;
-    this.capabilityName = String.format("%s-%s", pluginName, MonitoringCapability.ID);
+    this.pluginName = pluginName;
   }
 
   public boolean canMonitor() {
-    if (userProvider.get().isIdentifiedUser()) {
-      CapabilityControl ctl = userProvider.get().getCapabilities();
-      return ctl.canAdministrateServer() || ctl.canPerform(capabilityName);
+    try {
+      permissionBackend
+          .user(userProvider)
+          .checkAny(
+              ImmutableSet.of(
+                  GlobalPermission.ADMINISTRATE_SERVER,
+                  new PluginPermission(pluginName, MonitoringCapability.ID)));
+      return true;
+    } catch (AuthException | PermissionBackendException e) {
+      return false;
     }
-    return false;
   }
 }