Examples with IdentifiedUser com.google.gerrit.server.IdentifiedUser used on opensource projects

Example 1 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class AgreementJson method format.

public AgreementInfo format(ContributorAgreement ca) {
    AgreementInfo info = new AgreementInfo();
    info.name = ca.getName();
    info.description = ca.getDescription();
    info.url = ca.getAgreementUrl();
    GroupReference autoVerifyGroup = ca.getAutoVerify();
    if (autoVerifyGroup != null && self.get().isIdentifiedUser()) {
        IdentifiedUser user = identifiedUserFactory.create(self.get().getAccountId());
        try {
            GroupControl gc = genericGroupControlFactory.controlFor(user, autoVerifyGroup.getUUID());
            GroupResource group = new GroupResource(gc);
            info.autoVerifyGroup = groupJson.format(group);
        } catch (NoSuchGroupException | OrmException e) {
            log.warn("autoverify group \"" + autoVerifyGroup.getName() + "\" does not exist, referenced in CLA \"" + ca.getName() + "\"");
        }
    }
    return info;
}

Example 2 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class CheckAccess method apply.

@Override
public AccessCheckInfo apply(ConfigResource unused, AccessCheckInput input) throws OrmException, PermissionBackendException, RestApiException, IOException {
    permissionBackend.user(currentUser.get()).check(GlobalPermission.ADMINISTRATE_SERVER);
    if (input == null) {
        throw new BadRequestException("input is required");
    }
    if (Strings.isNullOrEmpty(input.account)) {
        throw new BadRequestException("input requires 'account'");
    }
    if (Strings.isNullOrEmpty(input.project)) {
        throw new BadRequestException("input requires 'project'");
    }
    Account match = accountResolver.find(db.get(), input.account);
    if (match == null) {
        throw new BadRequestException(String.format("cannot find account %s", input.account));
    }
    AccessCheckInfo info = new AccessCheckInfo();
    Project.NameKey key = new Project.NameKey(input.project);
    if (projectCache.get(key) == null) {
        info.message = String.format("project %s does not exist", key);
        info.status = HttpServletResponse.SC_NOT_FOUND;
        return info;
    }
    IdentifiedUser user = userFactory.create(match.getId());
    try {
        permissionBackend.user(user).project(key).check(ProjectPermission.ACCESS);
    } catch (AuthException | PermissionBackendException e) {
        info.message = String.format("user %s (%s) cannot see project %s", user.getNameEmail(), user.getAccount().getId(), key);
        info.status = HttpServletResponse.SC_FORBIDDEN;
        return info;
    }
    if (!Strings.isNullOrEmpty(input.ref)) {
        try {
            permissionBackend.user(user).ref(new Branch.NameKey(key, input.ref)).check(RefPermission.READ);
        } catch (AuthException | PermissionBackendException e) {
            info.status = HttpServletResponse.SC_FORBIDDEN;
            info.message = String.format("user %s (%s) cannot see ref %s in project %s", user.getNameEmail(), user.getAccount().getId(), input.ref, key);
            return info;
        }
    }
    info.status = HttpServletResponse.SC_OK;
    return info;
}

Example 3 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class CheckConsistency method apply.

@Override
public ConsistencyCheckInfo apply(ConfigResource resource, ConsistencyCheckInput input) throws RestApiException, IOException {
    IdentifiedUser user = userProvider.get();
    if (!user.isIdentifiedUser()) {
        throw new AuthException("Authentication required");
    }
    if (!user.getCapabilities().canAccessDatabase()) {
        throw new AuthException("not allowed to run consistency checks");
    }
    if (input == null || input.checkAccountExternalIds == null) {
        throw new BadRequestException("input required");
    }
    ConsistencyCheckInfo consistencyCheckInfo = new ConsistencyCheckInfo();
    if (input.checkAccountExternalIds != null) {
        consistencyCheckInfo.checkAccountExternalIdsResult = new CheckAccountExternalIdsResultInfo(externalIdsConsistencyChecker.check());
    }
    return consistencyCheckInfo;
}

Example 4 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class Submit method applyImpl.

@Override
protected Output applyImpl(BatchUpdate.Factory updateFactory, RevisionResource rsrc, SubmitInput input) throws RestApiException, RepositoryNotFoundException, IOException, OrmException, PermissionBackendException {
    input.onBehalfOf = Strings.emptyToNull(input.onBehalfOf);
    IdentifiedUser submitter;
    if (input.onBehalfOf != null) {
        submitter = onBehalfOf(rsrc, input);
    } else {
        rsrc.permissions().check(ChangePermission.SUBMIT);
        submitter = rsrc.getUser().asIdentifiedUser();
    }
    return new Output(mergeChange(updateFactory, rsrc, submitter, input));
}

Example 5 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class Submit method onBehalfOf.

private IdentifiedUser onBehalfOf(RevisionResource rsrc, SubmitInput in) throws AuthException, UnprocessableEntityException, OrmException, PermissionBackendException {
    PermissionBackend.ForChange perm = rsrc.permissions().database(dbProvider);
    perm.check(ChangePermission.SUBMIT);
    perm.check(ChangePermission.SUBMIT_AS);
    CurrentUser caller = rsrc.getUser();
    IdentifiedUser submitter = accounts.parseOnBehalfOf(caller, in.onBehalfOf);
    try {
        perm.user(submitter).check(ChangePermission.READ);
    } catch (AuthException e) {
        throw new UnprocessableEntityException(String.format("on_behalf_of account %s cannot see change", submitter.getAccountId()));
    }
    return submitter;
}