use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.
the class NoteDbSchemaUpdaterTest method bootstrapUpdateFailsWithoutNotesMigrationConfig.
@Test
public void bootstrapUpdateFailsWithoutNotesMigrationConfig() throws Exception {
TestUpdate u = new TestUpdate(Optional.empty()) {
@Override
public void setUp() {
seedGroupSequenceRef();
}
};
StorageException thrown = assertThrows(StorageException.class, () -> u.update());
assertThat(thrown).hasMessageThat().contains("NoteDb change migration was not completed");
assertThat(u.getMessages()).isEmpty();
assertThat(u.readVersion()).isEmpty();
}
use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.
the class NoteDbSchemaVersionManagerTest method readInvalid.
@Test
public void readInvalid() throws Exception {
ObjectId blobId = tr.blob(" 1 2 3 ");
tr.update(REFS_VERSION, blobId);
StorageException thrown = assertThrows(StorageException.class, () -> manager.read());
assertThat(thrown).hasMessageThat().isEqualTo("invalid value in refs/meta/version blob at " + blobId.name());
}
use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.
the class ReceiveCommits method parseRewind.
private void parseRewind(ReceiveCommand cmd) throws PermissionBackendException {
try (TraceTimer traceTimer = newTimer("parseRewind")) {
try {
receivePack.getRevWalk().parseCommit(cmd.getNewId());
} catch (IOException e) {
throw new StorageException(String.format("Invalid object %s for %s creation", cmd.getNewId().name(), cmd.getRefName()), e);
}
logger.atFine().log("Rewinding %s", cmd);
if (!validRefOperation(cmd)) {
return;
}
validateRegularPushCommits(BranchNameKey.create(project.getNameKey(), cmd.getRefName()), cmd);
if (cmd.getResult() != NOT_ATTEMPTED) {
return;
}
Optional<AuthException> err = checkRefPermission(cmd, RefPermission.FORCE_UPDATE);
if (err.isPresent()) {
rejectProhibited(cmd, err.get());
}
}
}
use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.
the class RefVisibilityControl method isVisible.
/**
* Returns an authoritative answer if the ref is visible to the user. Does not have support for
* tags and will throw a {@link PermissionBackendException} if asked for tags visibility.
*/
boolean isVisible(ProjectControl projectControl, String refName) throws PermissionBackendException {
if (refName.startsWith(Constants.R_TAGS)) {
throw new PermissionBackendException("can't check tags through RefVisibilityControl. Use PermissionBackend#filter instead.");
}
if (!RefNames.isGerritRef(refName)) {
// refs/heads or another ref the user created. Apply the regular permissions with inheritance.
return projectControl.controlForRef(refName).hasReadPermissionOnRef(false);
}
if (refName.startsWith(REFS_CACHE_AUTOMERGE)) {
// Internal cache state that is accessible to no one.
return false;
}
boolean hasAccessDatabase = permissionBackend.user(projectControl.getUser()).testOrFalse(GlobalPermission.ACCESS_DATABASE);
if (hasAccessDatabase) {
return true;
}
// Change and change edit visibility
Change.Id changeId;
if ((changeId = Change.Id.fromRef(refName)) != null) {
// Change ref is visible only if the change is visible.
ChangeData cd;
try {
cd = changeDataFactory.create(projectControl.getProject().getNameKey(), changeId);
checkState(cd.change().getId().equals(changeId));
} catch (StorageException e) {
if (Throwables.getCausalChain(e).stream().anyMatch(e2 -> e2 instanceof NoSuchChangeException)) {
// The change was deleted or is otherwise not accessible anymore.
// If the caller can see all refs and is allowed to see private changes on refs/, allow
// access. This is an escape hatch for receivers of "ref deleted" events.
PermissionBackend.ForProject forProject = projectControl.asForProject();
return forProject.test(ProjectPermission.READ) && forProject.ref("refs/").test(RefPermission.READ_PRIVATE_CHANGES);
}
throw new PermissionBackendException(e);
}
if (RefNames.isRefsEdit(refName)) {
// Edits are visible only to the owning user, if change is visible.
return visibleEdit(refName, projectControl, cd);
}
return projectControl.controlFor(cd).isVisible();
}
// Account visibility
CurrentUser user = projectControl.getUser();
Account.Id currentUserAccountId = user.isIdentifiedUser() ? user.getAccountId() : null;
Account.Id accountId;
if ((accountId = Account.Id.fromRef(refName)) != null) {
// Account ref is visible only to the corresponding account.
if (accountId.equals(currentUserAccountId)) {
// refs, check if the user has read permissions.
if (RefNames.isRefsDraftsComments(refName) || RefNames.isRefsStarredChanges(refName) || projectControl.controlForRef(refName).hasReadPermissionOnRef(true)) {
return true;
}
}
return false;
}
// Group visibility
AccountGroup.UUID accountGroupUuid;
if ((accountGroupUuid = AccountGroup.UUID.fromRef(refName)) != null) {
// Group ref is visible only to the corresponding owner group.
try {
return projectControl.controlForRef(refName).hasReadPermissionOnRef(true) && groupControlFactory.controlFor(user, accountGroupUuid).isOwner();
} catch (NoSuchGroupException e) {
// The group is broken, but the ref is still around. Pretend the ref is not visible.
logger.atWarning().withCause(e).log("Found group ref %s but group isn't parsable", refName);
return false;
}
}
// We are done checking all cases where we would allow access to Gerrit-managed refs. Deny
// access in case we got this far.
logger.atFine().log("Denying access to %s because user doesn't have access to this Gerrit ref", refName);
return false;
}
use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.
the class VisibleChangesCache method visibleChangesBySearch.
private void visibleChangesBySearch() throws PermissionBackendException {
visibleChanges = new HashMap<>();
Project.NameKey project = projectState.getNameKey();
try {
for (ChangeData cd : changeCache.getChangeData(project)) {
if (!projectState.statePermitsRead()) {
continue;
}
if (permissionBackendForProject.change(cd).test(ChangePermission.READ)) {
visibleChanges.put(cd.getId(), cd.change().getDest());
}
}
} catch (StorageException e) {
logger.atSevere().withCause(e).log("Cannot load changes for project %s, assuming no changes are visible", project);
}
}
Aggregations