Allow internal user to delete project in Pull Replication API in a primary node Bug: Issue 16328 Change-Id: I2a08b59d306487e77d344cbf1f9f797ae99e8deb
diff --git a/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectDeletionAction.java b/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectDeletionAction.java index 8915e78..2e1c5d4 100644 --- a/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectDeletionAction.java +++ b/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectDeletionAction.java
@@ -22,9 +22,11 @@ import com.google.gerrit.extensions.restapi.Response; import com.google.gerrit.extensions.restapi.RestModifyView; import com.google.gerrit.extensions.restapi.UnprocessableEntityException; +import com.google.gerrit.server.CurrentUser; import com.google.gerrit.server.permissions.PermissionBackend; import com.google.gerrit.server.project.ProjectResource; import com.google.inject.Inject; +import com.google.inject.Provider; import com.googlesource.gerrit.plugins.replication.LocalFS; import com.googlesource.gerrit.plugins.replication.pull.GerritConfigOps; import java.util.Optional; @@ -37,20 +39,29 @@ static class DeleteInput {} + private final Provider<CurrentUser> userProvider; private final GerritConfigOps gerritConfigOps; private final PermissionBackend permissionBackend; @Inject - ProjectDeletionAction(GerritConfigOps gerritConfigOps, PermissionBackend permissionBackend) { + ProjectDeletionAction( + GerritConfigOps gerritConfigOps, + PermissionBackend permissionBackend, + Provider<CurrentUser> userProvider) { this.gerritConfigOps = gerritConfigOps; this.permissionBackend = permissionBackend; + this.userProvider = userProvider; } @Override public Response<?> apply(ProjectResource projectResource, DeleteInput input) throws AuthException, BadRequestException, ResourceConflictException, Exception { - permissionBackend.user(projectResource.getUser()).check(DELETE_PROJECT); + // When triggered internally(for example by consuming stream events) user is not provided + // and internal user is returned. Project deletion should be always allowed for internal user. + if (!userProvider.get().isInternalUser()) { + permissionBackend.user(projectResource.getUser()).check(DELETE_PROJECT); + } Optional<URIish> maybeRepoURI = gerritConfigOps.getGitRepositoryURI(String.format("%s.git", projectResource.getName()));