Adapt to changed visibility of ProjectControl
Since I4ef6c523b the ProjectControl class is package-private and
can't be used by the plugin.
Adapt to use the permission backend instead.
Change-Id: I018772925454d13c465bf344832ef97382f48896
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
index 787ddf5..06d2099 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
@@ -18,16 +18,15 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
import static com.google.gerrit.extensions.client.ProjectState.HIDDEN;
import static com.google.gerrit.extensions.client.ProjectState.READ_ONLY;
+import static com.google.gerrit.server.permissions.ProjectPermission.PUSH_AT_LEAST_ONE_REF;
import static com.google.gerrit.server.permissions.ProjectPermission.READ;
import com.google.common.base.Strings;
import com.google.gerrit.common.ProjectUtil;
-import com.google.gerrit.common.data.Capable;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Singleton;
@@ -130,13 +129,14 @@
private void authorizeUser(CurrentUser user, ProjectState state, String operation)
throws LfsUnauthorized {
- ProjectControl control = state.controlFor(user);
+ Project.NameKey projectName = state.getNameKey();
if ((operation.equals(DOWNLOAD)
+ && !permissionBackend.user(user).project(projectName).testOrFalse(READ))
+ || (operation.equals(UPLOAD)
&& !permissionBackend
.user(user)
- .project(state.getProject().getNameKey())
- .testOrFalse(READ))
- || (operation.equals(UPLOAD) && Capable.OK != control.canPushToAtLeastOneRef())) {
+ .project(projectName)
+ .testOrFalse(PUSH_AT_LEAST_ONE_REF))) {
String op = operation.toLowerCase();
String project = state.getProject().getName();
String userName =
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
index 32616f6..6861303 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
@@ -25,7 +25,6 @@
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
@@ -66,14 +65,11 @@
}
@Override
- protected void authorizeUser(ProjectControl control) throws LfsUnauthorized {
+ protected void authorizeUser(ProjectState state, CurrentUser user) throws LfsUnauthorized {
try {
- permissionBackend
- .user(control.getUser())
- .project(control.getProject().getNameKey())
- .check(ACCESS);
+ permissionBackend.user(user).project(state.getProject().getNameKey()).check(ACCESS);
} catch (AuthException | PermissionBackendException e) {
- throwUnauthorizedOp("list locks", control);
+ throwUnauthorizedOp("list locks", state, user);
}
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java
index 8a13514..e56e156 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsLocksAction.java
@@ -26,7 +26,6 @@
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
import com.googlesource.gerrit.plugins.lfs.LfsAuthUserProvider;
import com.googlesource.gerrit.plugins.lfs.locks.LfsLocksHandler.LfsLockExistsException;
@@ -67,8 +66,8 @@
String name = getProjectName();
ProjectState project = getProject(name);
CurrentUser user = getUser(name);
- ProjectControl control = project.controlFor(user);
- authorizeUser(control);
+ ProjectState state = projectCache.checkedGet(project.getNameKey());
+ authorizeUser(state, user);
doRun(project, user);
} catch (LfsUnauthorized e) {
context.sendError(SC_UNAUTHORIZED, e.getMessage());
@@ -83,7 +82,8 @@
protected abstract String getProjectName() throws LfsException;
- protected abstract void authorizeUser(ProjectControl control) throws LfsUnauthorized;
+ protected abstract void authorizeUser(ProjectState state, CurrentUser user)
+ throws LfsUnauthorized;
protected abstract void doRun(ProjectState project, CurrentUser user)
throws LfsException, IOException;
@@ -102,12 +102,10 @@
context.getHeader(HDR_AUTHORIZATION), project, LFS_LOCKING_OPERATION);
}
- protected void throwUnauthorizedOp(String op, ProjectControl control) throws LfsUnauthorized {
- String project = control.getProject().getName();
- String userName =
- Strings.isNullOrEmpty(control.getUser().getUserName())
- ? "anonymous"
- : control.getUser().getUserName();
+ protected void throwUnauthorizedOp(String op, ProjectState state, CurrentUser user)
+ throws LfsUnauthorized {
+ String project = state.getProject().getName();
+ String userName = Strings.isNullOrEmpty(user.getUserName()) ? "anonymous" : user.getUserName();
log.debug(
String.format(
"operation %s unauthorized for user %s on project %s", op, userName, project));
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java
index ffbcc8d..344b0b2 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsPutLocksAction.java
@@ -16,13 +16,15 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_VERIFICATION_PATH;
+import static com.google.gerrit.server.permissions.ProjectPermission.PUSH_AT_LEAST_ONE_REF;
import static com.googlesource.gerrit.plugins.lfs.locks.LfsGetLocksAction.LFS_LOCKS_URL_PATTERN;
import com.google.common.base.Strings;
-import com.google.gerrit.common.data.Capable;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
@@ -39,6 +41,8 @@
private static final Pattern LFS_VERIFICATION_URL_PATTERN =
Pattern.compile(String.format(LFS_URL_REGEX_TEMPLATE, LFS_VERIFICATION_PATH));
+ private final PermissionBackend permissionBackend;
+
protected LockAction action;
@Inject
@@ -46,8 +50,10 @@
ProjectCache projectCache,
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
+ PermissionBackend permissionBackend,
@Assisted LfsLocksContext context) {
super(projectCache, userProvider, handler, context);
+ this.permissionBackend = permissionBackend;
}
@Override
@@ -74,10 +80,12 @@
}
@Override
- protected void authorizeUser(ProjectControl control) throws LfsUnauthorized {
+ protected void authorizeUser(ProjectState state, CurrentUser user) throws LfsUnauthorized {
// all operations require push permission
- if (Capable.OK != control.canPushToAtLeastOneRef()) {
- throwUnauthorizedOp(action.getName(), control);
+ try {
+ permissionBackend.user(user).project(state.getNameKey()).check(PUSH_AT_LEAST_ONE_REF);
+ } catch (AuthException | PermissionBackendException e) {
+ throwUnauthorizedOp(action.getName(), state, user);
}
}
