Merge branch 'stable-2.14'
* stable-2.14:
Upgrade bazlets and use released 2.14.1 API
Upgrade JGit to 4.7.1.201706071930-r
Implement Git LFS 2.0 locking
Validate user permission to Git LFS lock operation
Unify exceptions handling and error reporting with LfsApiServlet
Create REST stub for Git LFS 2.0 Lock API
Change-Id: I0d2533e6468647767fa7cebbd53624efa013c77e
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
index dcdcbac..40e00b0 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
@@ -14,6 +14,8 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
+
import com.google.common.collect.Maps;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
@@ -21,6 +23,7 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -33,22 +36,25 @@
private final LfsConfigurationFactory lfsConfigFactory;
private final AllProjectsName allProjectsName;
private final Provider<CurrentUser> self;
+ private final PermissionBackend permissionBackend;
@Inject
GetLfsGlobalConfig(
LfsConfigurationFactory lfsConfigFactory,
AllProjectsName allProjectsName,
- Provider<CurrentUser> self) {
+ Provider<CurrentUser> self,
+ PermissionBackend permissionBackend) {
this.lfsConfigFactory = lfsConfigFactory;
this.allProjectsName = allProjectsName;
this.self = self;
+ this.permissionBackend = permissionBackend;
}
@Override
public LfsGlobalConfigInfo apply(ProjectResource resource) throws RestApiException {
IdentifiedUser user = self.get().asIdentifiedUser();
if (!(resource.getNameKey().equals(allProjectsName)
- && user.getCapabilities().canAdministrateServer())) {
+ && permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
index 4e20dd4..787ddf5 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
@@ -18,12 +18,14 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
import static com.google.gerrit.extensions.client.ProjectState.HIDDEN;
import static com.google.gerrit.extensions.client.ProjectState.READ_ONLY;
+import static com.google.gerrit.server.permissions.ProjectPermission.READ;
import com.google.common.base.Strings;
import com.google.gerrit.common.ProjectUtil;
import com.google.gerrit.common.data.Capable;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
@@ -55,6 +57,7 @@
private static final String UPLOAD = "upload";
private final ProjectCache projectCache;
+ private final PermissionBackend permissionBackend;
private final LfsConfigurationFactory lfsConfigFactory;
private final LfsRepositoryResolver repoResolver;
private final LfsAuthUserProvider userProvider;
@@ -62,10 +65,12 @@
@Inject
LfsApiServlet(
ProjectCache projectCache,
+ PermissionBackend permissionBackend,
LfsConfigurationFactory lfsConfigFactory,
LfsRepositoryResolver repoResolver,
LfsAuthUserProvider userProvider) {
this.projectCache = projectCache;
+ this.permissionBackend = permissionBackend;
this.lfsConfigFactory = lfsConfigFactory;
this.repoResolver = repoResolver;
this.userProvider = userProvider;
@@ -126,7 +131,11 @@
private void authorizeUser(CurrentUser user, ProjectState state, String operation)
throws LfsUnauthorized {
ProjectControl control = state.controlFor(user);
- if ((operation.equals(DOWNLOAD) && !control.isReadable())
+ if ((operation.equals(DOWNLOAD)
+ && !permissionBackend
+ .user(user)
+ .project(state.getProject().getNameKey())
+ .testOrFalse(READ))
|| (operation.equals(UPLOAD) && Capable.OK != control.canPushToAtLeastOneRef())) {
String op = operation.toLowerCase();
String project = state.getProject().getName();
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
index 5e81e73..5b0468f 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
@@ -14,6 +14,7 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_BACKEND;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_ENABLED;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_MAX_OBJECT_SIZE;
@@ -30,6 +31,7 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.git.MetaDataUpdate;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -47,6 +49,7 @@
private final String pluginName;
private final AllProjectsName allProjectsName;
+ private final PermissionBackend permissionBackned;
private final Provider<CurrentUser> self;
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
private final LfsConfigurationFactory lfsConfigFactory;
@@ -56,12 +59,14 @@
PutLfsGlobalConfig(
@PluginName String pluginName,
AllProjectsName allProjectsName,
+ PermissionBackend permissionBackned,
Provider<CurrentUser> self,
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
LfsConfigurationFactory lfsConfigFactory,
GetLfsGlobalConfig get) {
this.pluginName = pluginName;
this.allProjectsName = allProjectsName;
+ this.permissionBackned = permissionBackned;
this.self = self;
this.metaDataUpdateFactory = metaDataUpdateFactory;
this.lfsConfigFactory = lfsConfigFactory;
@@ -74,7 +79,8 @@
IdentifiedUser user = self.get().asIdentifiedUser();
Project.NameKey projectName = resource.getNameKey();
- if (!(projectName.equals(allProjectsName) && user.getCapabilities().canAdministrateServer())) {
+ if (!(projectName.equals(allProjectsName)
+ && permissionBackned.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}
