Use PermissionBackend for plugins management
Rely on the new PermissionBackend interface for detecting whether
to enable or not the menus and functionalities of the Plugin Manager.
Change-Id: Ie3ce2874ae3e3940c932b39c8c312c5ef1e74dcd
diff --git a/src/main/java/com/googlesource/gerrit/plugins/manager/FirstWebLoginListener.java b/src/main/java/com/googlesource/gerrit/plugins/manager/FirstWebLoginListener.java
index feea5d4..2746bff 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/manager/FirstWebLoginListener.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/manager/FirstWebLoginListener.java
@@ -32,21 +32,24 @@
private final Path pluginData;
private final PluginLoader pluginLoader;
private final String pluginUrl;
+ private final PluginManagerConfig config;
@Inject
public FirstWebLoginListener(
PluginLoader pluginLoader,
@PluginData Path pluginData,
- @PluginCanonicalWebUrl String pluginUrl) {
+ @PluginCanonicalWebUrl String pluginUrl,
+ PluginManagerConfig config) {
this.pluginData = pluginData;
this.pluginLoader = pluginLoader;
this.pluginUrl = pluginUrl;
+ this.config = config;
}
@Override
public void onLogin(IdentifiedUser user, HttpServletRequest request, HttpServletResponse response)
throws IOException {
- if (pluginLoader.isRemoteAdminEnabled() && user.getCapabilities().canAdministrateServer()) {
+ if (pluginLoader.isRemoteAdminEnabled() && config.canAdministerPlugins()) {
Path firstLoginFile = pluginData.resolve("firstLogin." + user.getAccountId().get());
if (!firstLoginFile.toFile().exists()) {
response.sendRedirect(pluginUrl + "static/index.html");
diff --git a/src/main/java/com/googlesource/gerrit/plugins/manager/PluginManagerConfig.java b/src/main/java/com/googlesource/gerrit/plugins/manager/PluginManagerConfig.java
index 37c9b1f..02e4a58 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/manager/PluginManagerConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/manager/PluginManagerConfig.java
@@ -15,18 +15,32 @@
package com.googlesource.gerrit.plugins.manager;
import com.google.gerrit.extensions.annotations.PluginName;
+import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.PluginConfig;
import com.google.gerrit.server.config.PluginConfigFactory;
+import com.google.gerrit.server.permissions.GlobalPermission;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
+import com.google.inject.Provider;
public class PluginManagerConfig {
private static final String DEFAULT_GERRIT_CI_URL = "https://gerrit-ci.gerritforge.com";
private final PluginConfig config;
+ private final Provider<CurrentUser> currentUserProvider;
+ private final PermissionBackend permissions;
@Inject
- public PluginManagerConfig(PluginConfigFactory configFactory, @PluginName String pluginName) {
+ public PluginManagerConfig(
+ PluginConfigFactory configFactory,
+ @PluginName String pluginName,
+ Provider<CurrentUser> currentUserProvider,
+ PermissionBackend permissions) {
this.config = configFactory.getFromGerritConfig(pluginName);
+ this.currentUserProvider = currentUserProvider;
+ this.permissions = permissions;
}
public String getJenkinsUrl() {
@@ -36,4 +50,13 @@
public boolean isCachePreloadEnabled() {
return config.getBoolean("preload", true);
}
+
+ public boolean canAdministerPlugins() {
+ try {
+ permissions.user(currentUserProvider).check(GlobalPermission.ADMINISTRATE_SERVER);
+ return true;
+ } catch (AuthException | PermissionBackendException e) {
+ return false;
+ }
+ }
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/manager/PluginManagerTopMenu.java b/src/main/java/com/googlesource/gerrit/plugins/manager/PluginManagerTopMenu.java
index 9cddbd3..c79a818 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/manager/PluginManagerTopMenu.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/manager/PluginManagerTopMenu.java
@@ -17,10 +17,8 @@
import com.google.gerrit.extensions.annotations.PluginCanonicalWebUrl;
import com.google.gerrit.extensions.client.MenuItem;
import com.google.gerrit.extensions.webui.TopMenu;
-import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.plugins.PluginLoader;
import com.google.inject.Inject;
-import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.util.Arrays;
import java.util.Collections;
@@ -29,17 +27,15 @@
@Singleton
public class PluginManagerTopMenu implements TopMenu {
- private PluginLoader loader;
- private List<MenuEntry> menuEntries;
- private Provider<CurrentUser> userProvider;
+ private final PluginLoader loader;
+ private final PluginManagerConfig config;
+ private final List<MenuEntry> menuEntries;
@Inject
public PluginManagerTopMenu(
- @PluginCanonicalWebUrl String myUrl,
- PluginLoader loader,
- Provider<CurrentUser> userProvider) {
+ @PluginCanonicalWebUrl String myUrl, PluginLoader loader, PluginManagerConfig config) {
this.loader = loader;
- this.userProvider = userProvider;
+ this.config = config;
this.menuEntries =
Arrays.asList(
new MenuEntry(
@@ -49,8 +45,7 @@
@Override
public List<MenuEntry> getEntries() {
- if (loader.isRemoteAdminEnabled()
- && userProvider.get().getCapabilities().canAdministrateServer()) {
+ if (loader.isRemoteAdminEnabled() && config.canAdministerPlugins()) {
return menuEntries;
}
return Collections.emptyList();
