Merge branch 'stable-2.14' into stable-2.15
* stable-2.14:
Bump bazel version to 1.0.0
Change-Id: I09ed91b5894bcd64f9ba79810be75c278ff91db2
diff --git a/WORKSPACE b/WORKSPACE
index b8021e7..4a42485 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -3,7 +3,7 @@
load("//:bazlets.bzl", "load_bazlets")
load_bazlets(
- commit = "bec81c8319e560d2a92ba0fe35d40d021ffd7708",
+ commit = "ae1cd231b0262b2738e6c0593eb3c504209ad4f5",
#local_path = "/home/<user>/projects/bazlets",
)
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index fca9fbb..3457c2f 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -1,13 +1,13 @@
load("//tools/bzl:maven_jar.bzl", "GERRIT", "MAVEN_CENTRAL", "MAVEN_LOCAL", "maven_jar")
-JGIT_VERSION = "4.7.9.201904161809-r"
+JGIT_VERSION = "4.11.9.201909030838-r"
REPO = MAVEN_CENTRAL
def external_plugin_deps():
maven_jar(
name = "jgit-http-apache",
artifact = "org.eclipse.jgit:org.eclipse.jgit.http.apache:" + JGIT_VERSION,
- sha1 = "d6f23663efeb2bfab032c75915765e086a26d494",
+ sha1 = "f28a659ca83e2aa644f4ba81d28312d291d385ad",
repository = REPO,
unsign = True,
exclude = [
@@ -19,7 +19,7 @@
maven_jar(
name = "jgit-lfs",
artifact = "org.eclipse.jgit:org.eclipse.jgit.lfs:" + JGIT_VERSION,
- sha1 = "6e8485a140b2f58195f3ed48ecb0dd7acf46410f",
+ sha1 = "88234aa639497cf725f2a32e47dbd7433975da67",
repository = REPO,
unsign = True,
exclude = [
@@ -31,7 +31,7 @@
maven_jar(
name = "jgit-lfs-server",
artifact = "org.eclipse.jgit:org.eclipse.jgit.lfs.server:" + JGIT_VERSION,
- sha1 = "8dc0cf32615b15d327c70574022964b34f101226",
+ sha1 = "a1cd4548172c62a24cec195399e2dba877f44d32",
repository = REPO,
unsign = True,
exclude = [
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
index dcdcbac..40e00b0 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
@@ -14,6 +14,8 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
+
import com.google.common.collect.Maps;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
@@ -21,6 +23,7 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -33,22 +36,25 @@
private final LfsConfigurationFactory lfsConfigFactory;
private final AllProjectsName allProjectsName;
private final Provider<CurrentUser> self;
+ private final PermissionBackend permissionBackend;
@Inject
GetLfsGlobalConfig(
LfsConfigurationFactory lfsConfigFactory,
AllProjectsName allProjectsName,
- Provider<CurrentUser> self) {
+ Provider<CurrentUser> self,
+ PermissionBackend permissionBackend) {
this.lfsConfigFactory = lfsConfigFactory;
this.allProjectsName = allProjectsName;
this.self = self;
+ this.permissionBackend = permissionBackend;
}
@Override
public LfsGlobalConfigInfo apply(ProjectResource resource) throws RestApiException {
IdentifiedUser user = self.get().asIdentifiedUser();
if (!(resource.getNameKey().equals(allProjectsName)
- && user.getCapabilities().canAdministrateServer())) {
+ && permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
index 3c9b4cc..d5eeddc 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
@@ -18,12 +18,14 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
import static com.google.gerrit.extensions.client.ProjectState.HIDDEN;
import static com.google.gerrit.extensions.client.ProjectState.READ_ONLY;
+import static com.google.gerrit.server.permissions.ProjectPermission.ACCESS;
import com.google.common.base.Strings;
import com.google.gerrit.common.ProjectUtil;
import com.google.gerrit.common.data.Capable;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
@@ -51,10 +53,9 @@
private static final Logger log = LoggerFactory.getLogger(LfsApiServlet.class);
private static final long serialVersionUID = 1L;
private static final Pattern URL_PATTERN = Pattern.compile(LFS_OBJECTS_REGEX_REST);
- private static final String DOWNLOAD = "download";
- private static final String UPLOAD = "upload";
private final ProjectCache projectCache;
+ private final PermissionBackend permissionBackend;
private final LfsConfigurationFactory lfsConfigFactory;
private final LfsRepositoryResolver repoResolver;
private final LfsAuthUserProvider userProvider;
@@ -62,10 +63,12 @@
@Inject
LfsApiServlet(
ProjectCache projectCache,
+ PermissionBackend permissionBackend,
LfsConfigurationFactory lfsConfigFactory,
LfsRepositoryResolver repoResolver,
LfsAuthUserProvider userProvider) {
this.projectCache = projectCache;
+ this.permissionBackend = permissionBackend;
this.lfsConfigFactory = lfsConfigFactory;
this.repoResolver = repoResolver;
this.userProvider = userProvider;
@@ -85,12 +88,9 @@
if (state == null || state.getProject().getState() == HIDDEN) {
throw new LfsRepositoryNotFound(project.get());
}
- authorizeUser(
- userProvider.getUser(auth, projName, request.getOperation()),
- state,
- request.getOperation());
+ authorizeUser(userProvider.getUser(auth, projName, request.getOperation()), state, request);
- if (request.getOperation().equals(UPLOAD) && state.getProject().getState() == READ_ONLY) {
+ if (request.isUpload() && state.getProject().getState() == READ_ONLY) {
throw new LfsRepositoryReadOnly(project.get());
}
@@ -99,7 +99,7 @@
// No config means we default to "not enabled".
if (config != null && config.isEnabled()) {
// For uploads, check object sizes against limit if configured
- if (request.getOperation().equals(UPLOAD)) {
+ if (request.isUpload()) {
if (config.isReadOnly()) {
throw new LfsRepositoryReadOnly(project.get());
}
@@ -123,12 +123,16 @@
throw new LfsUnavailable(project.get());
}
- private void authorizeUser(CurrentUser user, ProjectState state, String operation)
+ private void authorizeUser(CurrentUser user, ProjectState state, LfsRequest request)
throws LfsUnauthorized {
ProjectControl control = state.controlFor(user);
- if ((operation.equals(DOWNLOAD) && !control.isReadable())
- || (operation.equals(UPLOAD) && Capable.OK != control.canPushToAtLeastOneRef())) {
- String op = operation.toLowerCase();
+ if ((request.isDownload()
+ && !permissionBackend
+ .user(user)
+ .project(state.getProject().getNameKey())
+ .testOrFalse(ACCESS))
+ || (request.isUpload() && Capable.OK != control.canPushToAtLeastOneRef())) {
+ String op = request.getOperation().toLowerCase();
String project = state.getProject().getName();
String userName =
Strings.isNullOrEmpty(user.getUserName()) ? "anonymous" : user.getUserName();
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
index 5e81e73..b747925 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
@@ -14,6 +14,7 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_BACKEND;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_ENABLED;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_MAX_OBJECT_SIZE;
@@ -30,6 +31,7 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.git.MetaDataUpdate;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -47,6 +49,7 @@
private final String pluginName;
private final AllProjectsName allProjectsName;
+ private final PermissionBackend permissionBackend;
private final Provider<CurrentUser> self;
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
private final LfsConfigurationFactory lfsConfigFactory;
@@ -56,12 +59,14 @@
PutLfsGlobalConfig(
@PluginName String pluginName,
AllProjectsName allProjectsName,
+ PermissionBackend permissionBackend,
Provider<CurrentUser> self,
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
LfsConfigurationFactory lfsConfigFactory,
GetLfsGlobalConfig get) {
this.pluginName = pluginName;
this.allProjectsName = allProjectsName;
+ this.permissionBackend = permissionBackend;
this.self = self;
this.metaDataUpdateFactory = metaDataUpdateFactory;
this.lfsConfigFactory = lfsConfigFactory;
@@ -74,7 +79,8 @@
IdentifiedUser user = self.get().asIdentifiedUser();
Project.NameKey projectName = resource.getNameKey();
- if (!(projectName.equals(allProjectsName) && user.getCapabilities().canAdministrateServer())) {
+ if (!(projectName.equals(allProjectsName)
+ && permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
index e30703e..32616f6 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
@@ -16,10 +16,14 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_LOCKS_PATH_REGEX;
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
+import static com.google.gerrit.server.permissions.ProjectPermission.ACCESS;
import com.google.common.base.Strings;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
@@ -38,13 +42,17 @@
static final Pattern LFS_LOCKS_URL_PATTERN =
Pattern.compile(String.format(LFS_URL_REGEX_TEMPLATE, LFS_LOCKS_PATH_REGEX));
+ private final PermissionBackend permissionBackend;
+
@Inject
LfsGetLocksAction(
+ PermissionBackend permissionBackend,
ProjectCache projectCache,
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
@Assisted LfsLocksContext context) {
super(projectCache, userProvider, handler, context);
+ this.permissionBackend = permissionBackend;
}
@Override
@@ -59,7 +67,12 @@
@Override
protected void authorizeUser(ProjectControl control) throws LfsUnauthorized {
- if (!control.isReadable()) {
+ try {
+ permissionBackend
+ .user(control.getUser())
+ .project(control.getProject().getNameKey())
+ .check(ACCESS);
+ } catch (AuthException | PermissionBackendException e) {
throwUnauthorizedOp("list locks", control);
}
}