Google Git
Sign in
gerrit/plugins/readonly/737aa43c9fc27dfdcd05997d4867eb75b410462d^!/.
commit
737aa43c9fc27dfdcd05997d4867eb75b410462d
[log]
author
Thomas Dräbing <thomas.draebing@sap.com>
Thu Mar 21 14:36:32 2024 +0100
committer
Thomas Dräbing <thomas.draebing@sap.com>
Fri Mar 22 08:11:03 2024 +0000
tree
6299da173a5d5657e7dc9b529c1dc4075866428e
parent
61a1e13e2b7110203898d4da05f2e6e47647e3b3 [diff]
Fix permission handling

Users with MAINTAIN_SERVER capability were not able to get or change
the read only state. The reason was, that the @RequireAnyCapability
annotation does not support GlobalCapabilities provided by Gerrit core
in plugins.

This change fixes that by making an explicit permission check.

Change-Id: Ie38143587b9bd8dad2fabb2107e3195f6a3c1a90

diff --git a/src/main/java/com/googlesource/gerrit/plugins/readonly/DeleteReadOnly.java b/src/main/java/com/googlesource/gerrit/plugins/readonly/DeleteReadOnly.java
new file mode 100644
index 0000000..89162f5
--- /dev/null
+++ b/src/main/java/com/googlesource/gerrit/plugins/readonly/DeleteReadOnly.java

@@ -0,0 +1,49 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.readonly;
+
+import com.google.gerrit.extensions.common.Input;
+import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.extensions.restapi.Response;
+import com.google.gerrit.extensions.restapi.RestModifyView;
+import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.config.ConfigResource;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.io.IOException;
+
+public class DeleteReadOnly extends ReadOnlyEndpoint
+    implements RestModifyView<ConfigResource, Input> {
+  private final ReadOnlyState state;
+
+  @Inject
+  public DeleteReadOnly(
+      Provider<CurrentUser> userProvider,
+      PermissionBackend permissionBackend,
+      ReadOnlyState state) {
+    super(userProvider, permissionBackend);
+    this.state = state;
+  }
+
+  @Override
+  public Response<String> apply(ConfigResource resource, Input input)
+      throws IOException, AuthException, PermissionBackendException {
+    checkPermissions();
+    state.setReadOnly(false);
+    return Response.ok("off");
+  }
+}

diff --git a/src/main/java/com/googlesource/gerrit/plugins/readonly/DisableReadOnlyCommand.java b/src/main/java/com/googlesource/gerrit/plugins/readonly/DisableReadOnlyCommand.java
index a64d0b1..75f5124 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/readonly/DisableReadOnlyCommand.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/readonly/DisableReadOnlyCommand.java

@@ -18,6 +18,8 @@
 import static com.google.gerrit.common.data.GlobalCapability.MAINTAIN_SERVER;
 
 import com.google.gerrit.extensions.annotations.RequiresAnyCapability;
+import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.sshd.CommandMetaData;
 import com.google.gerrit.sshd.SshCommand;
 import com.google.inject.Inject;
@@ -26,10 +28,10 @@
 @RequiresAnyCapability({ADMINISTRATE_SERVER, MAINTAIN_SERVER})
 @CommandMetaData(name = "disable", description = "Disable read only mode")
 class DisableReadOnlyCommand extends SshCommand {
-  @Inject ReadOnlyEndpoint.Delete delete;
+  @Inject DeleteReadOnly delete;
 
   @Override
-  protected void run() throws IOException {
+  protected void run() throws IOException, AuthException, PermissionBackendException {
     delete.apply(null, null);
   }
 }

diff --git a/src/main/java/com/googlesource/gerrit/plugins/readonly/EnableReadOnlyCommand.java b/src/main/java/com/googlesource/gerrit/plugins/readonly/EnableReadOnlyCommand.java
index 322a9f9..c92717d 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/readonly/EnableReadOnlyCommand.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/readonly/EnableReadOnlyCommand.java

@@ -14,22 +14,19 @@
 
 package com.googlesource.gerrit.plugins.readonly;
 
-import static com.google.gerrit.common.data.GlobalCapability.ADMINISTRATE_SERVER;
-import static com.google.gerrit.common.data.GlobalCapability.MAINTAIN_SERVER;
-
-import com.google.gerrit.extensions.annotations.RequiresAnyCapability;
+import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.sshd.CommandMetaData;
 import com.google.gerrit.sshd.SshCommand;
 import com.google.inject.Inject;
 import java.io.IOException;
 
-@RequiresAnyCapability({ADMINISTRATE_SERVER, MAINTAIN_SERVER})
 @CommandMetaData(name = "enable", description = "Enable read only mode")
 class EnableReadOnlyCommand extends SshCommand {
-  @Inject ReadOnlyEndpoint.Put put;
+  @Inject PutReadOnly put;
 
   @Override
-  protected void run() throws IOException {
+  protected void run() throws IOException, AuthException, PermissionBackendException {
     put.apply(null, null);
   }
 }

diff --git a/src/main/java/com/googlesource/gerrit/plugins/readonly/GetReadOnly.java b/src/main/java/com/googlesource/gerrit/plugins/readonly/GetReadOnly.java
new file mode 100644
index 0000000..0a3db04
--- /dev/null
+++ b/src/main/java/com/googlesource/gerrit/plugins/readonly/GetReadOnly.java

@@ -0,0 +1,47 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.readonly;
+
+import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.extensions.restapi.Response;
+import com.google.gerrit.extensions.restapi.RestReadView;
+import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.config.ConfigResource;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+
+@Singleton
+public class GetReadOnly extends ReadOnlyEndpoint implements RestReadView<ConfigResource> {
+  private final ReadOnlyState state;
+
+  @Inject
+  public GetReadOnly(
+      Provider<CurrentUser> userProvider,
+      PermissionBackend permissionBackend,
+      ReadOnlyState state) {
+    super(userProvider, permissionBackend);
+    this.state = state;
+  }
+
+  @Override
+  public Response<String> apply(ConfigResource resource)
+      throws AuthException, PermissionBackendException {
+    checkPermissions();
+    return Response.ok(state.isReadOnly() ? "on" : "off");
+  }
+}

diff --git a/src/main/java/com/googlesource/gerrit/plugins/readonly/GetReadOnlyStatusCommand.java b/src/main/java/com/googlesource/gerrit/plugins/readonly/GetReadOnlyStatusCommand.java
index 06a41e5..5ca5c94 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/readonly/GetReadOnlyStatusCommand.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/readonly/GetReadOnlyStatusCommand.java

@@ -14,21 +14,18 @@
 
 package com.googlesource.gerrit.plugins.readonly;
 
-import static com.google.gerrit.common.data.GlobalCapability.ADMINISTRATE_SERVER;
-import static com.google.gerrit.common.data.GlobalCapability.MAINTAIN_SERVER;
-
-import com.google.gerrit.extensions.annotations.RequiresAnyCapability;
+import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.sshd.CommandMetaData;
 import com.google.gerrit.sshd.SshCommand;
 import com.google.inject.Inject;
 
-@RequiresAnyCapability({ADMINISTRATE_SERVER, MAINTAIN_SERVER})
 @CommandMetaData(name = "status", description = "Show read only mode state")
 class GetReadOnlyStatusCommand extends SshCommand {
-  @Inject ReadOnlyEndpoint.Get get;
+  @Inject GetReadOnly get;
 
   @Override
-  protected void run() {
+  protected void run() throws AuthException, PermissionBackendException {
     stdout.println(get.apply(null));
   }
 }

diff --git a/src/main/java/com/googlesource/gerrit/plugins/readonly/Module.java b/src/main/java/com/googlesource/gerrit/plugins/readonly/Module.java
index 69fa804..6044f2e 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/readonly/Module.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/readonly/Module.java

@@ -29,9 +29,9 @@
         new RestApiModule() {
           @Override
           protected void configure() {
-            put(CONFIG_KIND, "readonly").to(ReadOnlyEndpoint.Put.class);
-            delete(CONFIG_KIND, "readonly").to(ReadOnlyEndpoint.Delete.class);
-            get(CONFIG_KIND, "readonly").to(ReadOnlyEndpoint.Get.class);
+            put(CONFIG_KIND, "readonly").to(PutReadOnly.class);
+            delete(CONFIG_KIND, "readonly").to(DeleteReadOnly.class);
+            get(CONFIG_KIND, "readonly").to(GetReadOnly.class);
           }
         });
   }

diff --git a/src/main/java/com/googlesource/gerrit/plugins/readonly/PutReadOnly.java b/src/main/java/com/googlesource/gerrit/plugins/readonly/PutReadOnly.java
new file mode 100644
index 0000000..92ca1be
--- /dev/null
+++ b/src/main/java/com/googlesource/gerrit/plugins/readonly/PutReadOnly.java

@@ -0,0 +1,50 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.readonly;
+
+import com.google.gerrit.extensions.common.Input;
+import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.extensions.restapi.Response;
+import com.google.gerrit.extensions.restapi.RestModifyView;
+import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.config.ConfigResource;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import java.io.IOException;
+
+@Singleton
+public class PutReadOnly extends ReadOnlyEndpoint implements RestModifyView<ConfigResource, Input> {
+  private final ReadOnlyState state;
+
+  @Inject
+  public PutReadOnly(
+      Provider<CurrentUser> userProvider,
+      PermissionBackend permissionBackend,
+      ReadOnlyState state) {
+    super(userProvider, permissionBackend);
+    this.state = state;
+  }
+
+  @Override
+  public Response<String> apply(ConfigResource resource, Input input)
+      throws IOException, AuthException, PermissionBackendException {
+    checkPermissions();
+    state.setReadOnly(true);
+    return Response.ok("on");
+  }
+}

diff --git a/src/main/java/com/googlesource/gerrit/plugins/readonly/ReadOnlyEndpoint.java b/src/main/java/com/googlesource/gerrit/plugins/readonly/ReadOnlyEndpoint.java
index 6a4b916..5b63a08 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/readonly/ReadOnlyEndpoint.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/readonly/ReadOnlyEndpoint.java

@@ -14,68 +14,31 @@
 
 package com.googlesource.gerrit.plugins.readonly;
 
-import static com.google.gerrit.common.data.GlobalCapability.ADMINISTRATE_SERVER;
-import static com.google.gerrit.common.data.GlobalCapability.MAINTAIN_SERVER;
+import static com.google.gerrit.server.permissions.GlobalPermission.ADMINISTRATE_SERVER;
+import static com.google.gerrit.server.permissions.GlobalPermission.MAINTAIN_SERVER;
 
-import com.google.gerrit.extensions.annotations.RequiresAnyCapability;
-import com.google.gerrit.extensions.restapi.Response;
-import com.google.gerrit.extensions.restapi.RestModifyView;
-import com.google.gerrit.extensions.restapi.RestReadView;
-import com.google.gerrit.server.config.ConfigResource;
-import com.google.inject.Inject;
-import com.google.inject.Singleton;
-import java.io.IOException;
+import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.inject.Provider;
+import java.util.Set;
 
 public class ReadOnlyEndpoint {
-  static class Input {}
+  private final Provider<CurrentUser> userProvider;
+  private final PermissionBackend permissionBackend;
 
-  @RequiresAnyCapability({ADMINISTRATE_SERVER, MAINTAIN_SERVER})
-  @Singleton
-  public static class Get implements RestReadView<ConfigResource> {
-    private final ReadOnlyState state;
-
-    @Inject
-    Get(ReadOnlyState state) {
-      this.state = state;
-    }
-
-    @Override
-    public Response<String> apply(ConfigResource resource) {
-      return Response.ok(state.isReadOnly() ? "on" : "off");
-    }
+  public ReadOnlyEndpoint(Provider<CurrentUser> userProvider, PermissionBackend permissionBackend) {
+    this.userProvider = userProvider;
+    this.permissionBackend = permissionBackend;
   }
 
-  @RequiresAnyCapability({ADMINISTRATE_SERVER, MAINTAIN_SERVER})
-  @Singleton
-  public static class Put implements RestModifyView<ConfigResource, Input> {
-    private final ReadOnlyState state;
-
-    @Inject
-    Put(ReadOnlyState state) {
-      this.state = state;
+  void checkPermissions() throws AuthException, PermissionBackendException {
+    CurrentUser requestingUser = userProvider.get();
+    if (requestingUser == null || !requestingUser.isIdentifiedUser()) {
+      throw new AuthException("authentication required");
     }
 
-    @Override
-    public Response<String> apply(ConfigResource resource, Input input) throws IOException {
-      state.setReadOnly(true);
-      return Response.ok("on");
-    }
-  }
-
-  @RequiresAnyCapability({ADMINISTRATE_SERVER, MAINTAIN_SERVER})
-  @Singleton
-  public static class Delete implements RestModifyView<ConfigResource, Input> {
-    private final ReadOnlyState state;
-
-    @Inject
-    Delete(ReadOnlyState state) {
-      this.state = state;
-    }
-
-    @Override
-    public Response<String> apply(ConfigResource resource, Input input) throws IOException {
-      state.setReadOnly(false);
-      return Response.ok("off");
-    }
+    permissionBackend.user(requestingUser).checkAny(Set.of(ADMINISTRATE_SERVER, MAINTAIN_SERVER));
   }
 }