Google Git
Sign in
gerrit/plugins/lfs/3138300a4e0eed8ac9bc8756070f6f8d2315e439^2..3138300a4e0eed8ac9bc8756070f6f8d2315e439/.
commit
3138300a4e0eed8ac9bc8756070f6f8d2315e439
[log]
author
Marco Miller <marco.miller@ericsson.com>
Tue Jan 22 16:08:22 2019 -0500
committer
Marco Miller <marco.miller@ericsson.com>
Tue Jan 22 16:28:30 2019 -0500
tree
4bacecd8c98036ee4ac924622735fe928a66e4df
parent
134e19f08df9976626eec5bc3812e09fbd5c4182 [diff]
parent
090bb17b2af028d481659513748e89d5dad21b2c [diff]
Merge branch 'stable-2.14' into stable-2.15

* stable-2.14:
  Upgrade bazlets to latest stable-2.14 to build with 2.14.18 API

Change-Id: I0f3bd32b19c4d10de6fc8655e4e41a5671b1ace6

diff --git a/WORKSPACE b/WORKSPACE
index 3b6e008..54a1175 100644
--- a/WORKSPACE
+++ b/WORKSPACE

@@ -3,7 +3,7 @@
 load("//:bazlets.bzl", "load_bazlets")
 
 load_bazlets(
-    commit = "2c39029a585bd1d5b785150948f162730f7b7e42",
+    commit = "d4e586bd341207f0b8aafcbe7dbcd4843f852826",
     #local_path = "/home/<user>/projects/bazlets",
 )
 

diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index c9e4e9f..9980a5a 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl

@@ -1,13 +1,13 @@
 load("//tools/bzl:maven_jar.bzl", "GERRIT", "MAVEN_CENTRAL", "MAVEN_LOCAL", "maven_jar")
 
-JGIT_VERSION = "4.7.6.201810191618-r"
+JGIT_VERSION = "4.9.7.201810191756-r"
 REPO = MAVEN_CENTRAL
 
 def external_plugin_deps():
     maven_jar(
         name = "jgit-http-apache",
         artifact = "org.eclipse.jgit:org.eclipse.jgit.http.apache:" + JGIT_VERSION,
-        sha1 = "7da2e0837c13b74aa1cb8705c1f00c8a1763d30e",
+        sha1 = "46b6d5102e0313fd88a681315f3cfceab631262c",
         repository = REPO,
         unsign = True,
         exclude = [
@@ -19,7 +19,7 @@
     maven_jar(
         name = "jgit-lfs",
         artifact = "org.eclipse.jgit:org.eclipse.jgit.lfs:" + JGIT_VERSION,
-        sha1 = "c42a483d39dad65e3e87854da385433b4ad45ead",
+        sha1 = "1b78bf52e9aff4dc8142cecbc957129b9c7a2570",
         repository = REPO,
         unsign = True,
         exclude = [
@@ -31,7 +31,7 @@
     maven_jar(
         name = "jgit-lfs-server",
         artifact = "org.eclipse.jgit:org.eclipse.jgit.lfs.server:" + JGIT_VERSION,
-        sha1 = "ff24f0d81c5e5f98389221a83671586581e95b31",
+        sha1 = "56fa097f1e3550d2a7ab012cc10e28653806099b",
         repository = REPO,
         unsign = True,
         exclude = [

diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
index dcdcbac..40e00b0 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java

@@ -14,6 +14,8 @@
 
 package com.googlesource.gerrit.plugins.lfs;
 
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
+
 import com.google.common.collect.Maps;
 import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
 import com.google.gerrit.extensions.restapi.RestApiException;
@@ -21,6 +23,7 @@
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.config.AllProjectsName;
+import com.google.gerrit.server.permissions.PermissionBackend;
 import com.google.gerrit.server.project.ProjectResource;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
@@ -33,22 +36,25 @@
   private final LfsConfigurationFactory lfsConfigFactory;
   private final AllProjectsName allProjectsName;
   private final Provider<CurrentUser> self;
+  private final PermissionBackend permissionBackend;
 
   @Inject
   GetLfsGlobalConfig(
       LfsConfigurationFactory lfsConfigFactory,
       AllProjectsName allProjectsName,
-      Provider<CurrentUser> self) {
+      Provider<CurrentUser> self,
+      PermissionBackend permissionBackend) {
     this.lfsConfigFactory = lfsConfigFactory;
     this.allProjectsName = allProjectsName;
     this.self = self;
+    this.permissionBackend = permissionBackend;
   }
 
   @Override
   public LfsGlobalConfigInfo apply(ProjectResource resource) throws RestApiException {
     IdentifiedUser user = self.get().asIdentifiedUser();
     if (!(resource.getNameKey().equals(allProjectsName)
-        && user.getCapabilities().canAdministrateServer())) {
+        && permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
       throw new ResourceNotFoundException();
     }
 

diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
index 4e20dd4..dfb5941 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java

@@ -18,12 +18,14 @@
 import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
 import static com.google.gerrit.extensions.client.ProjectState.HIDDEN;
 import static com.google.gerrit.extensions.client.ProjectState.READ_ONLY;
+import static com.google.gerrit.server.permissions.ProjectPermission.ACCESS;
 
 import com.google.common.base.Strings;
 import com.google.gerrit.common.ProjectUtil;
 import com.google.gerrit.common.data.Capable;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.gerrit.server.project.ProjectControl;
 import com.google.gerrit.server.project.ProjectState;
@@ -55,6 +57,7 @@
   private static final String UPLOAD = "upload";
 
   private final ProjectCache projectCache;
+  private final PermissionBackend permissionBackend;
   private final LfsConfigurationFactory lfsConfigFactory;
   private final LfsRepositoryResolver repoResolver;
   private final LfsAuthUserProvider userProvider;
@@ -62,10 +65,12 @@
   @Inject
   LfsApiServlet(
       ProjectCache projectCache,
+      PermissionBackend permissionBackend,
       LfsConfigurationFactory lfsConfigFactory,
       LfsRepositoryResolver repoResolver,
       LfsAuthUserProvider userProvider) {
     this.projectCache = projectCache;
+    this.permissionBackend = permissionBackend;
     this.lfsConfigFactory = lfsConfigFactory;
     this.repoResolver = repoResolver;
     this.userProvider = userProvider;
@@ -126,7 +131,11 @@
   private void authorizeUser(CurrentUser user, ProjectState state, String operation)
       throws LfsUnauthorized {
     ProjectControl control = state.controlFor(user);
-    if ((operation.equals(DOWNLOAD) && !control.isReadable())
+    if ((operation.equals(DOWNLOAD)
+            && !permissionBackend
+                .user(user)
+                .project(state.getProject().getNameKey())
+                .testOrFalse(ACCESS))
         || (operation.equals(UPLOAD) && Capable.OK != control.canPushToAtLeastOneRef())) {
       String op = operation.toLowerCase();
       String project = state.getProject().getName();

diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
index 5e81e73..5b0468f 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java

@@ -14,6 +14,7 @@
 
 package com.googlesource.gerrit.plugins.lfs;
 
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
 import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_BACKEND;
 import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_ENABLED;
 import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_MAX_OBJECT_SIZE;
@@ -30,6 +31,7 @@
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.config.AllProjectsName;
 import com.google.gerrit.server.git.MetaDataUpdate;
+import com.google.gerrit.server.permissions.PermissionBackend;
 import com.google.gerrit.server.project.ProjectResource;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
@@ -47,6 +49,7 @@
 
   private final String pluginName;
   private final AllProjectsName allProjectsName;
+  private final PermissionBackend permissionBackned;
   private final Provider<CurrentUser> self;
   private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
   private final LfsConfigurationFactory lfsConfigFactory;
@@ -56,12 +59,14 @@
   PutLfsGlobalConfig(
       @PluginName String pluginName,
       AllProjectsName allProjectsName,
+      PermissionBackend permissionBackned,
       Provider<CurrentUser> self,
       Provider<MetaDataUpdate.User> metaDataUpdateFactory,
       LfsConfigurationFactory lfsConfigFactory,
       GetLfsGlobalConfig get) {
     this.pluginName = pluginName;
     this.allProjectsName = allProjectsName;
+    this.permissionBackned = permissionBackned;
     this.self = self;
     this.metaDataUpdateFactory = metaDataUpdateFactory;
     this.lfsConfigFactory = lfsConfigFactory;
@@ -74,7 +79,8 @@
     IdentifiedUser user = self.get().asIdentifiedUser();
     Project.NameKey projectName = resource.getNameKey();
 
-    if (!(projectName.equals(allProjectsName) && user.getCapabilities().canAdministrateServer())) {
+    if (!(projectName.equals(allProjectsName)
+        && permissionBackned.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
       throw new ResourceNotFoundException();
     }
 

diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
index e30703e..32616f6 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java

@@ -16,10 +16,14 @@
 
 import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_LOCKS_PATH_REGEX;
 import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
+import static com.google.gerrit.server.permissions.ProjectPermission.ACCESS;
 
 import com.google.common.base.Strings;
+import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.gerrit.server.project.ProjectControl;
 import com.google.gerrit.server.project.ProjectState;
@@ -38,13 +42,17 @@
   static final Pattern LFS_LOCKS_URL_PATTERN =
       Pattern.compile(String.format(LFS_URL_REGEX_TEMPLATE, LFS_LOCKS_PATH_REGEX));
 
+  private final PermissionBackend permissionBackend;
+
   @Inject
   LfsGetLocksAction(
+      PermissionBackend permissionBackend,
       ProjectCache projectCache,
       LfsAuthUserProvider userProvider,
       LfsLocksHandler handler,
       @Assisted LfsLocksContext context) {
     super(projectCache, userProvider, handler, context);
+    this.permissionBackend = permissionBackend;
   }
 
   @Override
@@ -59,7 +67,12 @@
 
   @Override
   protected void authorizeUser(ProjectControl control) throws LfsUnauthorized {
-    if (!control.isReadable()) {
+    try {
+      permissionBackend
+          .user(control.getUser())
+          .project(control.getProject().getNameKey())
+          .check(ACCESS);
+    } catch (AuthException | PermissionBackendException e) {
       throwUnauthorizedOp("list locks", control);
     }
   }