Merge branch 'stable-2.14' into stable-2.15
* stable-2.14:
Add explanatory comment to empty BUILD file(s)
Change-Id: I3cceb99854ac32aac27f645ecea5d54660395ad5
diff --git a/WORKSPACE b/WORKSPACE
index b60559f..61d4a3b 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -3,7 +3,7 @@
load("//:bazlets.bzl", "load_bazlets")
load_bazlets(
- commit = "714a32382ebd02919007d3514513af4395768d80",
+ commit = "b54eaed487d37188120da6933b97c571519954ca",
#local_path = "/home/<user>/projects/bazlets",
)
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index c9e4e9f..9980a5a 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -1,13 +1,13 @@
load("//tools/bzl:maven_jar.bzl", "GERRIT", "MAVEN_CENTRAL", "MAVEN_LOCAL", "maven_jar")
-JGIT_VERSION = "4.7.6.201810191618-r"
+JGIT_VERSION = "4.9.7.201810191756-r"
REPO = MAVEN_CENTRAL
def external_plugin_deps():
maven_jar(
name = "jgit-http-apache",
artifact = "org.eclipse.jgit:org.eclipse.jgit.http.apache:" + JGIT_VERSION,
- sha1 = "7da2e0837c13b74aa1cb8705c1f00c8a1763d30e",
+ sha1 = "46b6d5102e0313fd88a681315f3cfceab631262c",
repository = REPO,
unsign = True,
exclude = [
@@ -19,7 +19,7 @@
maven_jar(
name = "jgit-lfs",
artifact = "org.eclipse.jgit:org.eclipse.jgit.lfs:" + JGIT_VERSION,
- sha1 = "c42a483d39dad65e3e87854da385433b4ad45ead",
+ sha1 = "1b78bf52e9aff4dc8142cecbc957129b9c7a2570",
repository = REPO,
unsign = True,
exclude = [
@@ -31,7 +31,7 @@
maven_jar(
name = "jgit-lfs-server",
artifact = "org.eclipse.jgit:org.eclipse.jgit.lfs.server:" + JGIT_VERSION,
- sha1 = "ff24f0d81c5e5f98389221a83671586581e95b31",
+ sha1 = "56fa097f1e3550d2a7ab012cc10e28653806099b",
repository = REPO,
unsign = True,
exclude = [
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
index dcdcbac..40e00b0 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
@@ -14,6 +14,8 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
+
import com.google.common.collect.Maps;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
@@ -21,6 +23,7 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -33,22 +36,25 @@
private final LfsConfigurationFactory lfsConfigFactory;
private final AllProjectsName allProjectsName;
private final Provider<CurrentUser> self;
+ private final PermissionBackend permissionBackend;
@Inject
GetLfsGlobalConfig(
LfsConfigurationFactory lfsConfigFactory,
AllProjectsName allProjectsName,
- Provider<CurrentUser> self) {
+ Provider<CurrentUser> self,
+ PermissionBackend permissionBackend) {
this.lfsConfigFactory = lfsConfigFactory;
this.allProjectsName = allProjectsName;
this.self = self;
+ this.permissionBackend = permissionBackend;
}
@Override
public LfsGlobalConfigInfo apply(ProjectResource resource) throws RestApiException {
IdentifiedUser user = self.get().asIdentifiedUser();
if (!(resource.getNameKey().equals(allProjectsName)
- && user.getCapabilities().canAdministrateServer())) {
+ && permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
index 4e20dd4..dfb5941 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
@@ -18,12 +18,14 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
import static com.google.gerrit.extensions.client.ProjectState.HIDDEN;
import static com.google.gerrit.extensions.client.ProjectState.READ_ONLY;
+import static com.google.gerrit.server.permissions.ProjectPermission.ACCESS;
import com.google.common.base.Strings;
import com.google.gerrit.common.ProjectUtil;
import com.google.gerrit.common.data.Capable;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
@@ -55,6 +57,7 @@
private static final String UPLOAD = "upload";
private final ProjectCache projectCache;
+ private final PermissionBackend permissionBackend;
private final LfsConfigurationFactory lfsConfigFactory;
private final LfsRepositoryResolver repoResolver;
private final LfsAuthUserProvider userProvider;
@@ -62,10 +65,12 @@
@Inject
LfsApiServlet(
ProjectCache projectCache,
+ PermissionBackend permissionBackend,
LfsConfigurationFactory lfsConfigFactory,
LfsRepositoryResolver repoResolver,
LfsAuthUserProvider userProvider) {
this.projectCache = projectCache;
+ this.permissionBackend = permissionBackend;
this.lfsConfigFactory = lfsConfigFactory;
this.repoResolver = repoResolver;
this.userProvider = userProvider;
@@ -126,7 +131,11 @@
private void authorizeUser(CurrentUser user, ProjectState state, String operation)
throws LfsUnauthorized {
ProjectControl control = state.controlFor(user);
- if ((operation.equals(DOWNLOAD) && !control.isReadable())
+ if ((operation.equals(DOWNLOAD)
+ && !permissionBackend
+ .user(user)
+ .project(state.getProject().getNameKey())
+ .testOrFalse(ACCESS))
|| (operation.equals(UPLOAD) && Capable.OK != control.canPushToAtLeastOneRef())) {
String op = operation.toLowerCase();
String project = state.getProject().getName();
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
index 5e81e73..5b0468f 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
@@ -14,6 +14,7 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_BACKEND;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_ENABLED;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_MAX_OBJECT_SIZE;
@@ -30,6 +31,7 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.git.MetaDataUpdate;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -47,6 +49,7 @@
private final String pluginName;
private final AllProjectsName allProjectsName;
+ private final PermissionBackend permissionBackned;
private final Provider<CurrentUser> self;
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
private final LfsConfigurationFactory lfsConfigFactory;
@@ -56,12 +59,14 @@
PutLfsGlobalConfig(
@PluginName String pluginName,
AllProjectsName allProjectsName,
+ PermissionBackend permissionBackned,
Provider<CurrentUser> self,
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
LfsConfigurationFactory lfsConfigFactory,
GetLfsGlobalConfig get) {
this.pluginName = pluginName;
this.allProjectsName = allProjectsName;
+ this.permissionBackned = permissionBackned;
this.self = self;
this.metaDataUpdateFactory = metaDataUpdateFactory;
this.lfsConfigFactory = lfsConfigFactory;
@@ -74,7 +79,8 @@
IdentifiedUser user = self.get().asIdentifiedUser();
Project.NameKey projectName = resource.getNameKey();
- if (!(projectName.equals(allProjectsName) && user.getCapabilities().canAdministrateServer())) {
+ if (!(projectName.equals(allProjectsName)
+ && permissionBackned.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
index e30703e..32616f6 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
@@ -16,10 +16,14 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_LOCKS_PATH_REGEX;
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
+import static com.google.gerrit.server.permissions.ProjectPermission.ACCESS;
import com.google.common.base.Strings;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
@@ -38,13 +42,17 @@
static final Pattern LFS_LOCKS_URL_PATTERN =
Pattern.compile(String.format(LFS_URL_REGEX_TEMPLATE, LFS_LOCKS_PATH_REGEX));
+ private final PermissionBackend permissionBackend;
+
@Inject
LfsGetLocksAction(
+ PermissionBackend permissionBackend,
ProjectCache projectCache,
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
@Assisted LfsLocksContext context) {
super(projectCache, userProvider, handler, context);
+ this.permissionBackend = permissionBackend;
}
@Override
@@ -59,7 +67,12 @@
@Override
protected void authorizeUser(ProjectControl control) throws LfsUnauthorized {
- if (!control.isReadable()) {
+ try {
+ permissionBackend
+ .user(control.getUser())
+ .project(control.getProject().getNameKey())
+ .check(ACCESS);
+ } catch (AuthException | PermissionBackendException e) {
throwUnauthorizedOp("list locks", control);
}
}
