Convert project permission check to PermissionBackend
Change-Id: I85713b0e9e22abad0119aff61914225bce330ffb
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
index dcdcbac..40e00b0 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
@@ -14,6 +14,8 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
+
import com.google.common.collect.Maps;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
@@ -21,6 +23,7 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -33,22 +36,25 @@
private final LfsConfigurationFactory lfsConfigFactory;
private final AllProjectsName allProjectsName;
private final Provider<CurrentUser> self;
+ private final PermissionBackend permissionBackend;
@Inject
GetLfsGlobalConfig(
LfsConfigurationFactory lfsConfigFactory,
AllProjectsName allProjectsName,
- Provider<CurrentUser> self) {
+ Provider<CurrentUser> self,
+ PermissionBackend permissionBackend) {
this.lfsConfigFactory = lfsConfigFactory;
this.allProjectsName = allProjectsName;
this.self = self;
+ this.permissionBackend = permissionBackend;
}
@Override
public LfsGlobalConfigInfo apply(ProjectResource resource) throws RestApiException {
IdentifiedUser user = self.get().asIdentifiedUser();
if (!(resource.getNameKey().equals(allProjectsName)
- && user.getCapabilities().canAdministrateServer())) {
+ && permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
index d6b168c..1cb92e4 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
@@ -17,12 +17,14 @@
import static com.google.gerrit.extensions.client.ProjectState.HIDDEN;
import static com.google.gerrit.extensions.client.ProjectState.READ_ONLY;
import static com.google.gerrit.httpd.plugins.LfsPluginServlet.URL_REGEX;
+import static com.google.gerrit.server.permissions.ProjectPermission.READ;
import com.google.common.base.Strings;
import com.google.gerrit.common.ProjectUtil;
import com.google.gerrit.common.data.Capable;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
@@ -52,6 +54,7 @@
private static final String UPLOAD = "upload";
private final ProjectCache projectCache;
+ private final PermissionBackend permissionBackend;
private final LfsConfigurationFactory lfsConfigFactory;
private final LfsRepositoryResolver repoResolver;
private final LfsAuthUserProvider userProvider;
@@ -59,10 +62,12 @@
@Inject
LfsApiServlet(
ProjectCache projectCache,
+ PermissionBackend permissionBackend,
LfsConfigurationFactory lfsConfigFactory,
LfsRepositoryResolver repoResolver,
LfsAuthUserProvider userProvider) {
this.projectCache = projectCache;
+ this.permissionBackend = permissionBackend;
this.lfsConfigFactory = lfsConfigFactory;
this.repoResolver = repoResolver;
this.userProvider = userProvider;
@@ -123,7 +128,11 @@
private void authorizeUser(CurrentUser user, ProjectState state, String operation)
throws LfsUnauthorized {
ProjectControl control = state.controlFor(user);
- if ((operation.equals(DOWNLOAD) && !control.isReadable())
+ if ((operation.equals(DOWNLOAD)
+ && !permissionBackend
+ .user(user)
+ .project(state.getProject().getNameKey())
+ .testOrFalse(READ))
|| (operation.equals(UPLOAD) && Capable.OK != control.canPushToAtLeastOneRef())) {
String op = operation.toLowerCase();
String project = state.getProject().getName();
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
index 5e81e73..5b0468f 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
@@ -14,6 +14,7 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_BACKEND;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_ENABLED;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_MAX_OBJECT_SIZE;
@@ -30,6 +31,7 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.git.MetaDataUpdate;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -47,6 +49,7 @@
private final String pluginName;
private final AllProjectsName allProjectsName;
+ private final PermissionBackend permissionBackned;
private final Provider<CurrentUser> self;
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
private final LfsConfigurationFactory lfsConfigFactory;
@@ -56,12 +59,14 @@
PutLfsGlobalConfig(
@PluginName String pluginName,
AllProjectsName allProjectsName,
+ PermissionBackend permissionBackned,
Provider<CurrentUser> self,
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
LfsConfigurationFactory lfsConfigFactory,
GetLfsGlobalConfig get) {
this.pluginName = pluginName;
this.allProjectsName = allProjectsName;
+ this.permissionBackned = permissionBackned;
this.self = self;
this.metaDataUpdateFactory = metaDataUpdateFactory;
this.lfsConfigFactory = lfsConfigFactory;
@@ -74,7 +79,8 @@
IdentifiedUser user = self.get().asIdentifiedUser();
Project.NameKey projectName = resource.getNameKey();
- if (!(projectName.equals(allProjectsName) && user.getCapabilities().canAdministrateServer())) {
+ if (!(projectName.equals(allProjectsName)
+ && permissionBackned.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}