Fix: enable to add a user within a project's ACL using 'user/username'
Currently, a user cannot be added to a project's ACL unless the user
already has READ permission in the project's ACL. For example, a user
cannot be given READ permission on refs/* if the user does not already
has READ permission on refs/*. In other words, it is impossible to give
READ permission of refs/* to an individual user.
The fix is done by disabling the filter which prevents any user that
does not have READ permission in the project's ACL from being added
within the project's ACL.
Verified using following steps:
1.Create a project with default configurations
2.Select the project and go to Access
3.Start typing 'user/' followed by a username at any refs for any
permission type
4.Users containing the typed string is suggested for auto-completion
5.Choose a user to be added to the permission
Change-Id: I7342e87d2f200d698e247a3c35f339d122aaea82
diff --git a/src/main/java/com/googlesource/gerrit/plugins/singleusergroup/SingleUserGroup.java b/src/main/java/com/googlesource/gerrit/plugins/singleusergroup/SingleUserGroup.java
index 9d72b1b..3359865 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/singleusergroup/SingleUserGroup.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/singleusergroup/SingleUserGroup.java
@@ -78,17 +78,13 @@
private final SchemaFactory<ReviewDb> schemaFactory;
private final AccountCache accountCache;
private final AccountControl.Factory accountControlFactory;
- private final IdentifiedUser.GenericFactory userFactory;
-
@Inject
SingleUserGroup(SchemaFactory<ReviewDb> schemaFactory,
AccountCache accountCache,
- AccountControl.Factory accountControlFactory,
- IdentifiedUser.GenericFactory userFactory) {
+ AccountControl.Factory accountControlFactory) {
this.schemaFactory = schemaFactory;
this.accountCache = accountCache;
this.accountControlFactory = accountControlFactory;
- this.userFactory = userFactory;
}
@Override
@@ -171,7 +167,7 @@
if (name.matches(ACCOUNT_ID_PATTERN)) {
Account.Id id = new Account.Id(Integer.parseInt(name));
if (db.accounts().get(id) != null) {
- add(matches, ids, ctl, project, id);
+ add(matches, ids, ctl, id);
return matches;
}
}
@@ -184,7 +180,7 @@
if (!e.getSchemeRest().startsWith(a)) {
break;
}
- add(matches, ids, ctl, project, e.getAccountId());
+ add(matches, ids, ctl, e.getAccountId());
}
}
@@ -192,14 +188,14 @@
if (!p.getFullName().startsWith(a)) {
break;
}
- add(matches, ids, ctl, project, p.getId());
+ add(matches, ids, ctl, p.getId());
}
for (Account p : db.accounts().suggestByPreferredEmail(a, b, MAX)) {
if (!p.getPreferredEmail().startsWith(a)) {
break;
}
- add(matches, ids, ctl, project, p.getId());
+ add(matches, ids, ctl, p.getId());
}
for (AccountExternalId e : db.accountExternalIds()
@@ -207,7 +203,7 @@
if (!e.getEmailAddress().startsWith(a)) {
break;
}
- add(matches, ids, ctl, project, e.getAccountId());
+ add(matches, ids, ctl, e.getAccountId());
}
return matches;
@@ -226,13 +222,13 @@
}
private void add(List<GroupReference> matches, Set<Account.Id> ids,
- AccountControl ctl, @Nullable ProjectControl project, Account.Id id) {
+ AccountControl ctl, Account.Id id) {
if (!ids.add(id) || !ctl.canSee(id)) {
return;
}
AccountState state = accountCache.get(id);
- if (state == null || !isVisible(project, id)) {
+ if (state == null) {
return;
}
@@ -245,11 +241,6 @@
matches.add(new GroupReference(uuid, nameOf(uuid, state)));
}
- private boolean isVisible(@Nullable ProjectControl project, Account.Id id) {
- return project == null
- || project.forUser(userFactory.create(id)).isVisible();
- }
-
private static String username(AccountGroup.UUID uuid) {
checkUUID(uuid);
return uuid.get().substring(UUID_PREFIX.length());