Search in sources :

Example 36 with StorageException

use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.

the class NoteDbSchemaUpdaterTest method bootstrapUpdateFailsWithoutNotesMigrationConfig.

@Test
public void bootstrapUpdateFailsWithoutNotesMigrationConfig() throws Exception {
    TestUpdate u = new TestUpdate(Optional.empty()) {

        @Override
        public void setUp() {
            seedGroupSequenceRef();
        }
    };
    StorageException thrown = assertThrows(StorageException.class, () -> u.update());
    assertThat(thrown).hasMessageThat().contains("NoteDb change migration was not completed");
    assertThat(u.getMessages()).isEmpty();
    assertThat(u.readVersion()).isEmpty();
}
Also used : StorageException(com.google.gerrit.exceptions.StorageException) Test(org.junit.Test)

Example 37 with StorageException

use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.

the class NoteDbSchemaVersionManagerTest method readInvalid.

@Test
public void readInvalid() throws Exception {
    ObjectId blobId = tr.blob(" 1 2 3 ");
    tr.update(REFS_VERSION, blobId);
    StorageException thrown = assertThrows(StorageException.class, () -> manager.read());
    assertThat(thrown).hasMessageThat().isEqualTo("invalid value in refs/meta/version blob at " + blobId.name());
}
Also used : ObjectId(org.eclipse.jgit.lib.ObjectId) StorageException(com.google.gerrit.exceptions.StorageException) Test(org.junit.Test)

Example 38 with StorageException

use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.

the class ReceiveCommits method parseRewind.

private void parseRewind(ReceiveCommand cmd) throws PermissionBackendException {
    try (TraceTimer traceTimer = newTimer("parseRewind")) {
        try {
            receivePack.getRevWalk().parseCommit(cmd.getNewId());
        } catch (IOException e) {
            throw new StorageException(String.format("Invalid object %s for %s creation", cmd.getNewId().name(), cmd.getRefName()), e);
        }
        logger.atFine().log("Rewinding %s", cmd);
        if (!validRefOperation(cmd)) {
            return;
        }
        validateRegularPushCommits(BranchNameKey.create(project.getNameKey(), cmd.getRefName()), cmd);
        if (cmd.getResult() != NOT_ATTEMPTED) {
            return;
        }
        Optional<AuthException> err = checkRefPermission(cmd, RefPermission.FORCE_UPDATE);
        if (err.isPresent()) {
            rejectProhibited(cmd, err.get());
        }
    }
}
Also used : TraceTimer(com.google.gerrit.server.logging.TraceContext.TraceTimer) AuthException(com.google.gerrit.extensions.restapi.AuthException) IOException(java.io.IOException) StorageException(com.google.gerrit.exceptions.StorageException)

Example 39 with StorageException

use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.

the class RefVisibilityControl method isVisible.

/**
 * Returns an authoritative answer if the ref is visible to the user. Does not have support for
 * tags and will throw a {@link PermissionBackendException} if asked for tags visibility.
 */
boolean isVisible(ProjectControl projectControl, String refName) throws PermissionBackendException {
    if (refName.startsWith(Constants.R_TAGS)) {
        throw new PermissionBackendException("can't check tags through RefVisibilityControl. Use PermissionBackend#filter instead.");
    }
    if (!RefNames.isGerritRef(refName)) {
        // refs/heads or another ref the user created. Apply the regular permissions with inheritance.
        return projectControl.controlForRef(refName).hasReadPermissionOnRef(false);
    }
    if (refName.startsWith(REFS_CACHE_AUTOMERGE)) {
        // Internal cache state that is accessible to no one.
        return false;
    }
    boolean hasAccessDatabase = permissionBackend.user(projectControl.getUser()).testOrFalse(GlobalPermission.ACCESS_DATABASE);
    if (hasAccessDatabase) {
        return true;
    }
    // Change and change edit visibility
    Change.Id changeId;
    if ((changeId = Change.Id.fromRef(refName)) != null) {
        // Change ref is visible only if the change is visible.
        ChangeData cd;
        try {
            cd = changeDataFactory.create(projectControl.getProject().getNameKey(), changeId);
            checkState(cd.change().getId().equals(changeId));
        } catch (StorageException e) {
            if (Throwables.getCausalChain(e).stream().anyMatch(e2 -> e2 instanceof NoSuchChangeException)) {
                // The change was deleted or is otherwise not accessible anymore.
                // If the caller can see all refs and is allowed to see private changes on refs/, allow
                // access. This is an escape hatch for receivers of "ref deleted" events.
                PermissionBackend.ForProject forProject = projectControl.asForProject();
                return forProject.test(ProjectPermission.READ) && forProject.ref("refs/").test(RefPermission.READ_PRIVATE_CHANGES);
            }
            throw new PermissionBackendException(e);
        }
        if (RefNames.isRefsEdit(refName)) {
            // Edits are visible only to the owning user, if change is visible.
            return visibleEdit(refName, projectControl, cd);
        }
        return projectControl.controlFor(cd).isVisible();
    }
    // Account visibility
    CurrentUser user = projectControl.getUser();
    Account.Id currentUserAccountId = user.isIdentifiedUser() ? user.getAccountId() : null;
    Account.Id accountId;
    if ((accountId = Account.Id.fromRef(refName)) != null) {
        // Account ref is visible only to the corresponding account.
        if (accountId.equals(currentUserAccountId)) {
            // refs, check if the user has read permissions.
            if (RefNames.isRefsDraftsComments(refName) || RefNames.isRefsStarredChanges(refName) || projectControl.controlForRef(refName).hasReadPermissionOnRef(true)) {
                return true;
            }
        }
        return false;
    }
    // Group visibility
    AccountGroup.UUID accountGroupUuid;
    if ((accountGroupUuid = AccountGroup.UUID.fromRef(refName)) != null) {
        // Group ref is visible only to the corresponding owner group.
        try {
            return projectControl.controlForRef(refName).hasReadPermissionOnRef(true) && groupControlFactory.controlFor(user, accountGroupUuid).isOwner();
        } catch (NoSuchGroupException e) {
            // The group is broken, but the ref is still around. Pretend the ref is not visible.
            logger.atWarning().withCause(e).log("Found group ref %s but group isn't parsable", refName);
            return false;
        }
    }
    // We are done checking all cases where we would allow access to Gerrit-managed refs. Deny
    // access in case we got this far.
    logger.atFine().log("Denying access to %s because user doesn't have access to this Gerrit ref", refName);
    return false;
}
Also used : AccountGroup(com.google.gerrit.entities.AccountGroup) CurrentUser(com.google.gerrit.server.CurrentUser) GroupControl(com.google.gerrit.server.account.GroupControl) NoSuchGroupException(com.google.gerrit.exceptions.NoSuchGroupException) StorageException(com.google.gerrit.exceptions.StorageException) Throwables(com.google.common.base.Throwables) Account(com.google.gerrit.entities.Account) Constants(org.eclipse.jgit.lib.Constants) Singleton(javax.inject.Singleton) Preconditions.checkState(com.google.common.base.Preconditions.checkState) Inject(javax.inject.Inject) ChangeData(com.google.gerrit.server.query.change.ChangeData) REFS_CACHE_AUTOMERGE(com.google.gerrit.entities.RefNames.REFS_CACHE_AUTOMERGE) RefNames(com.google.gerrit.entities.RefNames) NoSuchChangeException(com.google.gerrit.server.project.NoSuchChangeException) Change(com.google.gerrit.entities.Change) FluentLogger(com.google.common.flogger.FluentLogger) Account(com.google.gerrit.entities.Account) CurrentUser(com.google.gerrit.server.CurrentUser) Change(com.google.gerrit.entities.Change) ChangeData(com.google.gerrit.server.query.change.ChangeData) NoSuchGroupException(com.google.gerrit.exceptions.NoSuchGroupException) NoSuchChangeException(com.google.gerrit.server.project.NoSuchChangeException) AccountGroup(com.google.gerrit.entities.AccountGroup) StorageException(com.google.gerrit.exceptions.StorageException)

Example 40 with StorageException

use of com.google.gerrit.exceptions.StorageException in project gerrit by GerritCodeReview.

the class VisibleChangesCache method visibleChangesBySearch.

private void visibleChangesBySearch() throws PermissionBackendException {
    visibleChanges = new HashMap<>();
    Project.NameKey project = projectState.getNameKey();
    try {
        for (ChangeData cd : changeCache.getChangeData(project)) {
            if (!projectState.statePermitsRead()) {
                continue;
            }
            if (permissionBackendForProject.change(cd).test(ChangePermission.READ)) {
                visibleChanges.put(cd.getId(), cd.change().getDest());
            }
        }
    } catch (StorageException e) {
        logger.atSevere().withCause(e).log("Cannot load changes for project %s, assuming no changes are visible", project);
    }
}
Also used : Project(com.google.gerrit.entities.Project) ChangeData(com.google.gerrit.server.query.change.ChangeData) StorageException(com.google.gerrit.exceptions.StorageException)

Aggregations

StorageException (com.google.gerrit.exceptions.StorageException)153 IOException (java.io.IOException)68 Change (com.google.gerrit.entities.Change)47 ObjectId (org.eclipse.jgit.lib.ObjectId)37 Repository (org.eclipse.jgit.lib.Repository)33 ChangeNotes (com.google.gerrit.server.notedb.ChangeNotes)30 PatchSet (com.google.gerrit.entities.PatchSet)29 RevCommit (org.eclipse.jgit.revwalk.RevCommit)28 ArrayList (java.util.ArrayList)25 ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)24 Project (com.google.gerrit.entities.Project)22 Ref (org.eclipse.jgit.lib.Ref)22 ChangeData (com.google.gerrit.server.query.change.ChangeData)21 RevWalk (org.eclipse.jgit.revwalk.RevWalk)21 Account (com.google.gerrit.entities.Account)20 Inject (com.google.inject.Inject)19 Map (java.util.Map)19 Test (org.junit.Test)19 List (java.util.List)18 BranchNameKey (com.google.gerrit.entities.BranchNameKey)17