use of com.google.gerrit.entities.Account in project gerrit by GerritCodeReview.
the class CheckAccess method apply.
public Response<AccessCheckInfo> apply(ProjectResource rsrc, AccessCheckInput input) throws PermissionBackendException, RestApiException, IOException, ConfigInvalidException {
permissionBackend.user(rsrc.getUser()).check(GlobalPermission.VIEW_ACCESS);
rsrc.getProjectState().checkStatePermitsRead();
if (input == null) {
throw new BadRequestException("input is required");
}
if (Strings.isNullOrEmpty(input.account)) {
throw new BadRequestException("input requires 'account'");
}
try (TraceContext traceContext = TraceContext.open()) {
traceContext.enableAclLogging();
Account.Id match = accountResolver.resolve(input.account).asUnique().account().id();
try {
permissionBackend.absentUser(match).project(rsrc.getNameKey()).check(ProjectPermission.ACCESS);
} catch (AuthException e) {
return Response.ok(createInfo(HttpServletResponse.SC_FORBIDDEN, String.format("user %s cannot see project %s", match, rsrc.getName())));
}
RefPermission refPerm;
if (!Strings.isNullOrEmpty(input.permission)) {
if (Strings.isNullOrEmpty(input.ref)) {
throw new BadRequestException("must set 'ref' when specifying 'permission'");
}
Optional<RefPermission> rp = DefaultPermissionMappings.refPermission(input.permission);
if (!rp.isPresent()) {
throw new BadRequestException(String.format("'%s' is not recognized as ref permission", input.permission));
}
refPerm = rp.get();
} else {
refPerm = RefPermission.READ;
}
String message = null;
if (!Strings.isNullOrEmpty(input.ref)) {
try {
permissionBackend.absentUser(match).ref(BranchNameKey.create(rsrc.getNameKey(), input.ref)).check(refPerm);
} catch (AuthException e) {
return Response.ok(createInfo(HttpServletResponse.SC_FORBIDDEN, String.format("user %s lacks permission %s for %s in project %s", match, input.permission, input.ref, rsrc.getName())));
}
} else {
// as access denied looks the same as no branches to the user.
try (Repository repo = gitRepositoryManager.openRepository(rsrc.getNameKey())) {
if (repo.getRefDatabase().getRefsByPrefix(REFS_HEADS).isEmpty()) {
message = "access is OK, but repository has no branches under refs/heads/";
}
}
}
return Response.ok(createInfo(HttpServletResponse.SC_OK, message));
}
}
use of com.google.gerrit.entities.Account in project gerrit by GerritCodeReview.
the class AccountIT method stalenessChecker.
@Test
// Instants
@SuppressWarnings("JdkObsolete")
public void stalenessChecker() throws Exception {
// Newly created account is not stale.
AccountInfo accountInfo = gApi.accounts().create(name("foo")).get();
Account.Id accountId = Account.id(accountInfo._accountId);
assertThat(stalenessChecker.check(accountId).isStale()).isFalse();
// Manually updating the user ref makes the index document stale.
String userRef = RefNames.refsUsers(accountId);
try (Repository repo = repoManager.openRepository(allUsers);
ObjectInserter oi = repo.newObjectInserter();
RevWalk rw = new RevWalk(repo)) {
RevCommit commit = rw.parseCommit(repo.exactRef(userRef).getObjectId());
PersonIdent ident = new PersonIdent(serverIdent.get(), Date.from(TimeUtil.now()));
CommitBuilder cb = new CommitBuilder();
cb.setTreeId(commit.getTree());
cb.setCommitter(ident);
cb.setAuthor(ident);
cb.setMessage(commit.getFullMessage());
ObjectId emptyCommit = oi.insert(cb);
oi.flush();
RefUpdate updateRef = repo.updateRef(userRef);
updateRef.setExpectedOldObjectId(commit.toObjectId());
updateRef.setNewObjectId(emptyCommit);
assertThat(updateRef.forceUpdate()).isEqualTo(RefUpdate.Result.FORCED);
}
assertStaleAccountAndReindex(accountId);
// stale.
try (Repository repo = repoManager.openRepository(allUsers)) {
ExternalIdNotes extIdNotes = ExternalIdNotes.load(allUsers, repo, externalIdFactory, authConfig.isUserNameCaseInsensitiveMigrationMode());
ExternalId.Key key = externalIdKeyFactory.create("foo", "foo");
extIdNotes.insert(externalIdFactory.create(key, accountId));
try (MetaDataUpdate update = metaDataUpdateFactory.create(allUsers)) {
extIdNotes.commit(update);
}
assertStaleAccountAndReindex(accountId);
extIdNotes = ExternalIdNotes.load(allUsers, repo, externalIdFactory, authConfig.isUserNameCaseInsensitiveMigrationMode());
extIdNotes.upsert(externalIdFactory.createWithEmail(key, accountId, "foo@example.com"));
try (MetaDataUpdate update = metaDataUpdateFactory.create(allUsers)) {
extIdNotes.commit(update);
}
assertStaleAccountAndReindex(accountId);
extIdNotes = ExternalIdNotes.load(allUsers, repo, externalIdFactory, authConfig.isUserNameCaseInsensitiveMigrationMode());
extIdNotes.delete(accountId, key);
try (MetaDataUpdate update = metaDataUpdateFactory.create(allUsers)) {
extIdNotes.commit(update);
}
assertStaleAccountAndReindex(accountId);
}
// Manually delete account
try (Repository repo = repoManager.openRepository(allUsers);
RevWalk rw = new RevWalk(repo)) {
RevCommit commit = rw.parseCommit(repo.exactRef(userRef).getObjectId());
RefUpdate updateRef = repo.updateRef(userRef);
updateRef.setExpectedOldObjectId(commit.toObjectId());
updateRef.setNewObjectId(ObjectId.zeroId());
updateRef.setForceUpdate(true);
assertThat(updateRef.delete()).isEqualTo(RefUpdate.Result.FORCED);
}
assertStaleAccountAndReindex(accountId);
}
use of com.google.gerrit.entities.Account in project gerrit by GerritCodeReview.
the class AccountIT method atomicReadMofifyWrite.
@Test
public void atomicReadMofifyWrite() throws Exception {
gApi.accounts().id(admin.id().get()).setStatus("A-1");
AtomicInteger bgCounterA1 = new AtomicInteger(0);
AtomicInteger bgCounterA2 = new AtomicInteger(0);
PersonIdent ident = serverIdent.get();
AccountsUpdate update = new AccountsUpdate(repoManager, gitReferenceUpdated, Optional.empty(), allUsers, externalIds, metaDataUpdateInternalFactory, new RetryHelper(cfg, retryMetrics, null, null, null, exceptionHooks, r -> r.withBlockStrategy(noSleepBlockStrategy)), extIdNotesFactory, ident, ident, Runnables.doNothing(), () -> {
try {
accountsUpdateProvider.get().update("Set Status", admin.id(), u -> u.setStatus("A-2"));
} catch (IOException | ConfigInvalidException | StorageException e) {
// Ignore, the expected exception is asserted later
}
});
assertThat(bgCounterA1.get()).isEqualTo(0);
assertThat(bgCounterA2.get()).isEqualTo(0);
assertThat(gApi.accounts().id(admin.id().get()).get().status).isEqualTo("A-1");
Optional<AccountState> updatedAccountState = update.update("Set Status", admin.id(), (a, u) -> {
if ("A-1".equals(a.account().status())) {
bgCounterA1.getAndIncrement();
u.setStatus("B-1");
}
if ("A-2".equals(a.account().status())) {
bgCounterA2.getAndIncrement();
u.setStatus("B-2");
}
});
assertThat(bgCounterA1.get()).isEqualTo(1);
assertThat(bgCounterA2.get()).isEqualTo(1);
assertThat(updatedAccountState).isPresent();
assertThat(updatedAccountState.get().account().status()).isEqualTo("B-2");
assertThat(accounts.get(admin.id()).get().account().status()).isEqualTo("B-2");
assertThat(gApi.accounts().id(admin.id().get()).get().status).isEqualTo("B-2");
}
use of com.google.gerrit.entities.Account in project gerrit by GerritCodeReview.
the class AccountIT method updateNonExistingAccount.
@Test
public void updateNonExistingAccount() throws Exception {
Account.Id nonExistingAccountId = Account.id(999999);
AtomicBoolean consumerCalled = new AtomicBoolean();
Optional<AccountState> accountState = accountsUpdateProvider.get().update("Update Non-Existing Account", nonExistingAccountId, a -> consumerCalled.set(true));
assertThat(accountState).isEmpty();
assertThat(consumerCalled.get()).isFalse();
}
use of com.google.gerrit.entities.Account in project gerrit by GerritCodeReview.
the class AccountIT method checkMetaId.
@Test
public void checkMetaId() throws Exception {
// metaId is set when account is loaded
assertThat(accounts.get(admin.id()).get().account().metaId()).isEqualTo(getMetaId(admin.id()));
// metaId is set when account is created
AccountsUpdate au = accountsUpdateProvider.get();
Account.Id accountId = Account.id(seq.nextAccountId());
AccountState accountState = au.insert("Create Test Account", accountId, u -> {
});
assertThat(accountState.account().metaId()).isEqualTo(getMetaId(accountId));
// metaId is set when account is updated
Optional<AccountState> updatedAccountState = au.update("Set Full Name", accountId, u -> u.setFullName("foo"));
assertThat(updatedAccountState).isPresent();
Account updatedAccount = updatedAccountState.get().account();
assertThat(accountState.account().metaId()).isNotEqualTo(updatedAccount.metaId());
assertThat(updatedAccount.metaId()).isEqualTo(getMetaId(accountId));
}
Aggregations