Merge branch 'stable-2.15' into stable-2.16
* stable-2.15:
Implement visibility using permission backend
Do not assign reviewers that cannot see the change
Change-Id: I36e4f17c7a18b8303208be858775aa6682aa6439
diff --git a/owners-autoassign/src/main/java/com/googlesource/gerrit/owners/common/ReviewerManager.java b/owners-autoassign/src/main/java/com/googlesource/gerrit/owners/common/ReviewerManager.java
index efb9910..70c3e67 100644
--- a/owners-autoassign/src/main/java/com/googlesource/gerrit/owners/common/ReviewerManager.java
+++ b/owners-autoassign/src/main/java/com/googlesource/gerrit/owners/common/ReviewerManager.java
@@ -23,6 +23,14 @@
import com.google.gerrit.extensions.common.ChangeInfo;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.reviewdb.client.Account;
+import com.google.gerrit.reviewdb.client.Account.Id;
+import com.google.gerrit.reviewdb.client.Change;
+import com.google.gerrit.reviewdb.client.Project;
+import com.google.gerrit.reviewdb.server.ReviewDb;
+import com.google.gerrit.server.IdentifiedUser;
+import com.google.gerrit.server.permissions.ChangePermission;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.query.change.ChangeData;
import com.google.gerrit.server.util.ManualRequestContext;
import com.google.gerrit.server.util.OneOffRequestContext;
import com.google.gwtorm.server.OrmException;
@@ -39,11 +47,22 @@
private final OneOffRequestContext requestContext;
private final GerritApi gApi;
+ private final IdentifiedUser.GenericFactory userFactory;
+ private final ChangeData.Factory changeDataFactory;
+ private final PermissionBackend permissionBackend;
@Inject
- public ReviewerManager(OneOffRequestContext requestContext, GerritApi gApi) {
+ public ReviewerManager(
+ OneOffRequestContext requestContext,
+ GerritApi gApi,
+ IdentifiedUser.GenericFactory userFactory,
+ ChangeData.Factory changeDataFactory,
+ PermissionBackend permissionBackend) {
this.requestContext = requestContext;
this.gApi = gApi;
+ this.userFactory = userFactory;
+ this.changeDataFactory = changeDataFactory;
+ this.permissionBackend = permissionBackend;
}
public void addReviewers(ChangeApi cApi, Collection<Account.Id> reviewers)
@@ -57,15 +76,32 @@
ReviewInput in = new ReviewInput();
in.reviewers = new ArrayList<>(reviewers.size());
for (Account.Id account : reviewers) {
- AddReviewerInput addReviewerInput = new AddReviewerInput();
- addReviewerInput.reviewer = account.toString();
- in.reviewers.add(addReviewerInput);
+ if (isVisibleTo(ctx.getReviewDbProvider().get(), changeInfo, account)) {
+ AddReviewerInput addReviewerInput = new AddReviewerInput();
+ addReviewerInput.reviewer = account.toString();
+ in.reviewers.add(addReviewerInput);
+ } else {
+ log.warn(
+ "Not adding account {} as reviewer to change {} because the associated ref is not visible",
+ account,
+ changeInfo._number);
+ }
+ gApi.changes().id(changeInfo.id).current().review(in);
}
- gApi.changes().id(changeInfo.id).current().review(in);
}
} catch (RestApiException | OrmException e) {
log.error("Couldn't add reviewers to the change", e);
throw new ReviewerManagerException(e);
}
}
+
+ private boolean isVisibleTo(ReviewDb reviewDb, ChangeInfo changeInfo, Id account) {
+ ChangeData changeData =
+ changeDataFactory.create(
+ reviewDb, new Project.NameKey(changeInfo.project), new Change.Id(changeInfo._number));
+ return permissionBackend
+ .user(userFactory.create(account))
+ .change(changeData)
+ .testOrFalse(ChangePermission.READ);
+ }
}