Merge branch 'stable-2.14' into stable-2.15
* stable-2.14:
Update bazlets to latest revision on stable-2.14
Change-Id: I3fe37745a5d40494f227876261bcf731a1830f06
diff --git a/WORKSPACE b/WORKSPACE
index d2af040..af6559b 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -3,7 +3,7 @@
load("//:bazlets.bzl", "load_bazlets")
load_bazlets(
- commit = "80add197d1cb9a89fa906dde2d26d804697517f6",
+ commit = "523118896767024b74c17d087591eefe070055e9",
# local_path = "/home/<user>/projects/bazlets",
)
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index ed005bc..065ccfd 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -1,13 +1,13 @@
load("//tools/bzl:maven_jar.bzl", "maven_jar", "GERRIT", "MAVEN_LOCAL", "MAVEN_CENTRAL")
-JGIT_VERSION = '4.7.1.201706071930-r'
-REPO = MAVEN_CENTRAL
+JGIT_VERSION = '4.9.2.201712150930-r.4-g085d1f959'
+REPO = GERRIT
def external_plugin_deps():
maven_jar(
name = 'jgit_http_apache',
artifact = 'org.eclipse.jgit:org.eclipse.jgit.http.apache:' + JGIT_VERSION,
- sha1 = '16d49a8824753f2d421151c68be05e0869e0b8f6',
+ sha1 = '13859b30c8a20eb99dca3b9d2bb595e82d90320b',
repository = REPO,
unsign = True,
exclude = [
@@ -19,7 +19,7 @@
maven_jar(
name = 'jgit_lfs',
artifact = 'org.eclipse.jgit:org.eclipse.jgit.lfs:' + JGIT_VERSION,
- sha1 = '35e8245b5c77822581dc354387e8e78846cf4e7e',
+ sha1 = '70dea6582f956fbaea003391fac8d79d280a9d24',
repository = REPO,
unsign = True,
exclude = [
@@ -31,7 +31,7 @@
maven_jar(
name = 'jgit_lfs_server',
artifact = 'org.eclipse.jgit:org.eclipse.jgit.lfs.server:' + JGIT_VERSION,
- sha1 = '9c4fc91f095b13348081acf40f6c402e10b7255d',
+ sha1 = '1e704bf986e2f882666ca3b8ae1446137346b8ee',
repository = REPO,
unsign = True,
exclude = [
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
index dcdcbac..40e00b0 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/GetLfsGlobalConfig.java
@@ -14,6 +14,8 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
+
import com.google.common.collect.Maps;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
@@ -21,6 +23,7 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -33,22 +36,25 @@
private final LfsConfigurationFactory lfsConfigFactory;
private final AllProjectsName allProjectsName;
private final Provider<CurrentUser> self;
+ private final PermissionBackend permissionBackend;
@Inject
GetLfsGlobalConfig(
LfsConfigurationFactory lfsConfigFactory,
AllProjectsName allProjectsName,
- Provider<CurrentUser> self) {
+ Provider<CurrentUser> self,
+ PermissionBackend permissionBackend) {
this.lfsConfigFactory = lfsConfigFactory;
this.allProjectsName = allProjectsName;
this.self = self;
+ this.permissionBackend = permissionBackend;
}
@Override
public LfsGlobalConfigInfo apply(ProjectResource resource) throws RestApiException {
IdentifiedUser user = self.get().asIdentifiedUser();
if (!(resource.getNameKey().equals(allProjectsName)
- && user.getCapabilities().canAdministrateServer())) {
+ && permissionBackend.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
index 4e20dd4..787ddf5 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/LfsApiServlet.java
@@ -18,12 +18,14 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
import static com.google.gerrit.extensions.client.ProjectState.HIDDEN;
import static com.google.gerrit.extensions.client.ProjectState.READ_ONLY;
+import static com.google.gerrit.server.permissions.ProjectPermission.READ;
import com.google.common.base.Strings;
import com.google.gerrit.common.ProjectUtil;
import com.google.gerrit.common.data.Capable;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
@@ -55,6 +57,7 @@
private static final String UPLOAD = "upload";
private final ProjectCache projectCache;
+ private final PermissionBackend permissionBackend;
private final LfsConfigurationFactory lfsConfigFactory;
private final LfsRepositoryResolver repoResolver;
private final LfsAuthUserProvider userProvider;
@@ -62,10 +65,12 @@
@Inject
LfsApiServlet(
ProjectCache projectCache,
+ PermissionBackend permissionBackend,
LfsConfigurationFactory lfsConfigFactory,
LfsRepositoryResolver repoResolver,
LfsAuthUserProvider userProvider) {
this.projectCache = projectCache;
+ this.permissionBackend = permissionBackend;
this.lfsConfigFactory = lfsConfigFactory;
this.repoResolver = repoResolver;
this.userProvider = userProvider;
@@ -126,7 +131,11 @@
private void authorizeUser(CurrentUser user, ProjectState state, String operation)
throws LfsUnauthorized {
ProjectControl control = state.controlFor(user);
- if ((operation.equals(DOWNLOAD) && !control.isReadable())
+ if ((operation.equals(DOWNLOAD)
+ && !permissionBackend
+ .user(user)
+ .project(state.getProject().getNameKey())
+ .testOrFalse(READ))
|| (operation.equals(UPLOAD) && Capable.OK != control.canPushToAtLeastOneRef())) {
String op = operation.toLowerCase();
String project = state.getProject().getName();
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
index 5e81e73..5b0468f 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/PutLfsGlobalConfig.java
@@ -14,6 +14,7 @@
package com.googlesource.gerrit.plugins.lfs;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_BACKEND;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_ENABLED;
import static com.googlesource.gerrit.plugins.lfs.LfsProjectConfigSection.KEY_MAX_OBJECT_SIZE;
@@ -30,6 +31,7 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.git.MetaDataUpdate;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.project.ProjectResource;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -47,6 +49,7 @@
private final String pluginName;
private final AllProjectsName allProjectsName;
+ private final PermissionBackend permissionBackned;
private final Provider<CurrentUser> self;
private final Provider<MetaDataUpdate.User> metaDataUpdateFactory;
private final LfsConfigurationFactory lfsConfigFactory;
@@ -56,12 +59,14 @@
PutLfsGlobalConfig(
@PluginName String pluginName,
AllProjectsName allProjectsName,
+ PermissionBackend permissionBackned,
Provider<CurrentUser> self,
Provider<MetaDataUpdate.User> metaDataUpdateFactory,
LfsConfigurationFactory lfsConfigFactory,
GetLfsGlobalConfig get) {
this.pluginName = pluginName;
this.allProjectsName = allProjectsName;
+ this.permissionBackned = permissionBackned;
this.self = self;
this.metaDataUpdateFactory = metaDataUpdateFactory;
this.lfsConfigFactory = lfsConfigFactory;
@@ -74,7 +79,8 @@
IdentifiedUser user = self.get().asIdentifiedUser();
Project.NameKey projectName = resource.getNameKey();
- if (!(projectName.equals(allProjectsName) && user.getCapabilities().canAdministrateServer())) {
+ if (!(projectName.equals(allProjectsName)
+ && permissionBackned.user(user).testOrFalse(ADMINISTRATE_SERVER))) {
throw new ResourceNotFoundException();
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
index e30703e..32616f6 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/lfs/locks/LfsGetLocksAction.java
@@ -16,10 +16,14 @@
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_LOCKS_PATH_REGEX;
import static com.google.gerrit.extensions.api.lfs.LfsDefinitions.LFS_URL_REGEX_TEMPLATE;
+import static com.google.gerrit.server.permissions.ProjectPermission.ACCESS;
import com.google.common.base.Strings;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
@@ -38,13 +42,17 @@
static final Pattern LFS_LOCKS_URL_PATTERN =
Pattern.compile(String.format(LFS_URL_REGEX_TEMPLATE, LFS_LOCKS_PATH_REGEX));
+ private final PermissionBackend permissionBackend;
+
@Inject
LfsGetLocksAction(
+ PermissionBackend permissionBackend,
ProjectCache projectCache,
LfsAuthUserProvider userProvider,
LfsLocksHandler handler,
@Assisted LfsLocksContext context) {
super(projectCache, userProvider, handler, context);
+ this.permissionBackend = permissionBackend;
}
@Override
@@ -59,7 +67,12 @@
@Override
protected void authorizeUser(ProjectControl control) throws LfsUnauthorized {
- if (!control.isReadable()) {
+ try {
+ permissionBackend
+ .user(control.getUser())
+ .project(control.getProject().getNameKey())
+ .check(ACCESS);
+ } catch (AuthException | PermissionBackendException e) {
throwUnauthorizedOp("list locks", control);
}
}
