Refactor authenticateUser to take PermissionBackend.ForProject
Change-Id: I9ddf108ee61247ac9afc2dbe16d7ac436c0b19e6
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
index 6861303..53a4b10 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
@@ -24,6 +24,7 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.permissions.PermissionBackend.ForProject;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
@@ -33,7 +34,6 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.eclipse.jgit.lfs.errors.LfsException;
-import org.eclipse.jgit.lfs.errors.LfsUnauthorized;
public class LfsGetLocksAction extends LfsLocksAction {
interface Factory extends LfsLocksAction.Factory<LfsGetLocksAction> {}
@@ -41,8 +41,6 @@
static final Pattern LFS_LOCKS_URL_PATTERN =
Pattern.compile(String.format(LFS_URL_REGEX_TEMPLATE, LFS_LOCKS_PATH_REGEX));
- private final PermissionBackend permissionBackend;
-
@Inject
LfsGetLocksAction(
PermissionBackend permissionBackend,
@@ -50,8 +48,7 @@
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
@Assisted LfsLocksContext context) {
- super(projectCache, userProvider, handler, context);
- this.permissionBackend = permissionBackend;
+ super(permissionBackend, projectCache, userProvider, handler, context);
}
@Override
@@ -65,12 +62,13 @@
}
@Override
- protected void authorizeUser(ProjectState state, CurrentUser user) throws LfsUnauthorized {
- try {
- permissionBackend.user(user).project(state.getProject().getNameKey()).check(ACCESS);
- } catch (AuthException | PermissionBackendException e) {
- throwUnauthorizedOp("list locks", state, user);
- }
+ protected void authorizeUser(ForProject project) throws AuthException, PermissionBackendException {
+ project.check(ACCESS);
+ }
+
+ @Override
+ protected String getAction() {
+ return "list-locks";
}
@Override
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java
index e56e156..5b23864 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java
@@ -23,8 +23,12 @@
import com.google.common.base.Strings;
import com.google.gerrit.common.ProjectUtil;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.permissions.PermissionBackend.ForProject;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
import com.googlesource.gerrit.plugins.lfs.LfsAuthUserProvider;
@@ -49,12 +53,15 @@
protected final LfsAuthUserProvider userProvider;
protected final LfsLocksHandler handler;
protected final LfsLocksContext context;
+ protected final PermissionBackend permissionBackend;
protected LfsLocksAction(
+ PermissionBackend permissionBackend,
ProjectCache projectCache,
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
LfsLocksContext context) {
+ this.permissionBackend = permissionBackend;
this.projectCache = projectCache;
this.userProvider = userProvider;
this.handler = handler;
@@ -67,7 +74,11 @@
ProjectState project = getProject(name);
CurrentUser user = getUser(name);
ProjectState state = projectCache.checkedGet(project.getNameKey());
- authorizeUser(state, user);
+ try {
+ authorizeUser(permissionBackend.user(user).project(state.getNameKey()));
+ } catch (AuthException | PermissionBackendException e) {
+ throwUnauthorizedOp(getAction(), project, user);
+ }
doRun(project, user);
} catch (LfsUnauthorized e) {
context.sendError(SC_UNAUTHORIZED, e.getMessage());
@@ -82,8 +93,9 @@
protected abstract String getProjectName() throws LfsException;
- protected abstract void authorizeUser(ProjectState state, CurrentUser user)
- throws LfsUnauthorized;
+ protected abstract String getAction();
+
+ protected abstract void authorizeUser(ForProject project) throws AuthException, PermissionBackendException;
protected abstract void doRun(ProjectState project, CurrentUser user)
throws LfsException, IOException;
@@ -102,7 +114,7 @@
context.getHeader(HDR_AUTHORIZATION), project, LFS_LOCKING_OPERATION);
}
- protected void throwUnauthorizedOp(String op, ProjectState state, CurrentUser user)
+ private void throwUnauthorizedOp(String op, ProjectState state, CurrentUser user)
throws LfsUnauthorized {
String project = state.getProject().getName();
String userName = Strings.isNullOrEmpty(user.getUserName()) ? "anonymous" : user.getUserName();
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java
index 344b0b2..72e848f 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java
@@ -23,6 +23,7 @@
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackend.ForProject;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
@@ -33,7 +34,6 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.eclipse.jgit.lfs.errors.LfsException;
-import org.eclipse.jgit.lfs.errors.LfsUnauthorized;
public class LfsPutLocksAction extends LfsLocksAction {
interface Factory extends LfsLocksAction.Factory<LfsPutLocksAction> {}
@@ -41,19 +41,16 @@
private static final Pattern LFS_VERIFICATION_URL_PATTERN =
Pattern.compile(String.format(LFS_URL_REGEX_TEMPLATE, LFS_VERIFICATION_PATH));
- private final PermissionBackend permissionBackend;
-
protected LockAction action;
@Inject
LfsPutLocksAction(
+ PermissionBackend permissionBackend,
ProjectCache projectCache,
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
- PermissionBackend permissionBackend,
@Assisted LfsLocksContext context) {
- super(projectCache, userProvider, handler, context);
- this.permissionBackend = permissionBackend;
+ super(permissionBackend, projectCache, userProvider, handler, context);
}
@Override
@@ -80,13 +77,14 @@
}
@Override
- protected void authorizeUser(ProjectState state, CurrentUser user) throws LfsUnauthorized {
+ protected void authorizeUser(ForProject project) throws AuthException, PermissionBackendException {
// all operations require push permission
- try {
- permissionBackend.user(user).project(state.getNameKey()).check(PUSH_AT_LEAST_ONE_REF);
- } catch (AuthException | PermissionBackendException e) {
- throwUnauthorizedOp(action.getName(), state, user);
- }
+ project.check(PUSH_AT_LEAST_ONE_REF);
+ }
+
+ @Override
+ protected String getAction() {
+ return action.getName();
}
@Override