Example 1 with GlobalOrPluginPermission
use of com.google.gerrit.extensions.api.access.GlobalOrPluginPermission in project gerrit by GerritCodeReview.
the class Capabilities method parse.
@Override
public Capability parse(AccountResource parent, IdString id) throws ResourceNotFoundException, AuthException, PermissionBackendException {
IdentifiedUser target = parent.getUser();
if (self.get() != target) {
permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER);
}
GlobalOrPluginPermission perm = parse(id);
if (permissionBackend.user(target).test(perm)) {
return new AccountResource.Capability(target, perm.permissionName());
}
throw new ResourceNotFoundException(id);
}
Also used :
Capability(com.google.gerrit.server.account.AccountResource.Capability)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
GlobalOrPluginPermission(com.google.gerrit.extensions.api.access.GlobalOrPluginPermission)
Example 2 with GlobalOrPluginPermission
use of com.google.gerrit.extensions.api.access.GlobalOrPluginPermission in project gerrit by GerritCodeReview.
the class Capabilities method parse.
private GlobalOrPluginPermission parse(IdString id) throws ResourceNotFoundException {
String name = id.get();
GlobalOrPluginPermission perm = GlobalPermission.byName(name);
if (perm != null) {
return perm;
}
int dash = name.lastIndexOf('-');
if (dash < 0) {
throw new ResourceNotFoundException(id);
}
String pluginName = name.substring(0, dash);
String capability = name.substring(dash + 1);
if (pluginName.isEmpty() || capability.isEmpty()) {
throw new ResourceNotFoundException(id);
}
return new PluginPermission(pluginName, capability);
}
Also used :
GlobalOrPluginPermission(com.google.gerrit.extensions.api.access.GlobalOrPluginPermission)
PluginPermission(com.google.gerrit.extensions.api.access.PluginPermission)
IdString(com.google.gerrit.extensions.restapi.IdString)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
GlobalOrPluginPermission(com.google.gerrit.extensions.api.access.GlobalOrPluginPermission)
Example 3 with GlobalOrPluginPermission
use of com.google.gerrit.extensions.api.access.GlobalOrPluginPermission in project gerrit by GerritCodeReview.
the class UiActions method describe.
@Nullable
private <R extends RestResource> UiAction.Description describe(Extension<RestView<R>> e, R resource) {
int d = e.getExportName().indexOf('.');
if (d < 0) {
return null;
}
RestView<R> view;
try {
view = e.getProvider().get();
} catch (RuntimeException err) {
logger.atSevere().withCause(err).log("error creating view %s.%s", e.getPluginName(), e.getExportName());
return null;
}
if (!(view instanceof UiAction)) {
return null;
}
String name = e.getExportName().substring(d + 1);
UiAction.Description dsc = null;
try (Timer1.Context<String> ignored = uiActionLatency.start(name)) {
dsc = ((UiAction<R>) view).getDescription(resource);
} catch (Exception ex) {
logger.atSevere().withCause(ex).log("Unable to render UIAction. Will omit from actions");
}
if (dsc == null) {
return null;
}
Set<GlobalOrPluginPermission> globalRequired;
try {
globalRequired = GlobalPermission.fromAnnotation(e.getPluginName(), view.getClass());
} catch (PermissionBackendException err) {
logger.atSevere().withCause(err).log("exception testing view %s.%s", e.getPluginName(), e.getExportName());
return null;
}
if (!globalRequired.isEmpty()) {
PermissionBackend.WithUser withUser = permissionBackend.currentUser();
Iterator<GlobalOrPluginPermission> i = globalRequired.iterator();
BooleanCondition p = withUser.testCond(i.next());
while (i.hasNext()) {
p = or(p, withUser.testCond(i.next()));
}
dsc.setVisible(and(p, dsc.getVisibleCondition()));
}
PrivateInternals_UiActionDescription.setMethod(dsc, e.getExportName().substring(0, d));
PrivateInternals_UiActionDescription.setId(dsc, PluginName.GERRIT.equals(e.getPluginName()) ? name : e.getPluginName() + '~' + name);
return dsc;
}
Also used :
BooleanCondition(com.google.gerrit.extensions.conditions.BooleanCondition)
PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend)
Description(com.google.gerrit.extensions.webui.UiAction.Description)
PermissionBackendException(com.google.gerrit.server.permissions.PermissionBackendException)
UiAction(com.google.gerrit.extensions.webui.UiAction)
PermissionBackendException(com.google.gerrit.server.permissions.PermissionBackendException)
Timer1(com.google.gerrit.metrics.Timer1)
GlobalOrPluginPermission(com.google.gerrit.extensions.api.access.GlobalOrPluginPermission)
Nullable(com.google.gerrit.common.Nullable)
Example 4 with GlobalOrPluginPermission
use of com.google.gerrit.extensions.api.access.GlobalOrPluginPermission in project gerrit by GerritCodeReview.
the class GetCapabilities method apply.
@Override
public Response<Map<String, Object>> apply(AccountResource resource) throws RestApiException, PermissionBackendException {
permissionBackend.checkUsesDefaultCapabilities();
PermissionBackend.WithUser perm = permissionBackend.currentUser();
if (!self.get().hasSameAccountId(resource.getUser())) {
perm.check(GlobalPermission.ADMINISTRATE_SERVER);
perm = permissionBackend.absentUser(resource.getUser().getAccountId());
}
Map<String, Object> have = new LinkedHashMap<>();
for (GlobalOrPluginPermission p : perm.test(permissionsToTest())) {
have.put(globalOrPluginPermissionName(p), true);
}
AccountLimits limits = limitsFactory.create(resource.getUser());
addRanges(have, limits);
addPriority(have, limits);
return Response.ok(have);
}
Also used :
AccountLimits(com.google.gerrit.server.account.AccountLimits)
PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend)
GlobalOrPluginPermission(com.google.gerrit.extensions.api.access.GlobalOrPluginPermission)
LinkedHashMap(java.util.LinkedHashMap)
Example 5 with GlobalOrPluginPermission
use of com.google.gerrit.extensions.api.access.GlobalOrPluginPermission in project gerrit by GerritCodeReview.
the class Capabilities method parse.
private GlobalOrPluginPermission parse(IdString id) throws ResourceNotFoundException {
String name = id.get();
Optional<GlobalPermission> perm = globalPermission(name);
if (perm.isPresent()) {
return perm.get();
}
int dash = name.lastIndexOf('-');
if (dash < 0) {
throw new ResourceNotFoundException(id);
}
String pluginName = name.substring(0, dash);
String capability = name.substring(dash + 1);
if (pluginName.isEmpty() || capability.isEmpty()) {
throw new ResourceNotFoundException(id);
}
return new PluginPermission(pluginName, capability);
}
Also used :
GlobalOrPluginPermission(com.google.gerrit.extensions.api.access.GlobalOrPluginPermission)
PluginPermission(com.google.gerrit.extensions.api.access.PluginPermission)
GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission)
IdString(com.google.gerrit.extensions.restapi.IdString)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
Aggregations
GlobalOrPluginPermission (com.google.gerrit.extensions.api.access.GlobalOrPluginPermission)7
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)4
PermissionBackend (com.google.gerrit.server.permissions.PermissionBackend)3
PluginPermission (com.google.gerrit.extensions.api.access.PluginPermission)2
IdString (com.google.gerrit.extensions.restapi.IdString)2
IdentifiedUser (com.google.gerrit.server.IdentifiedUser)2
Capability (com.google.gerrit.server.account.AccountResource.Capability)2
LinkedHashMap (java.util.LinkedHashMap)2
Nullable (com.google.gerrit.common.Nullable)1
BooleanCondition (com.google.gerrit.extensions.conditions.BooleanCondition)1
UiAction (com.google.gerrit.extensions.webui.UiAction)1
Description (com.google.gerrit.extensions.webui.UiAction.Description)1
Timer1 (com.google.gerrit.metrics.Timer1)1
AccountLimits (com.google.gerrit.server.account.AccountLimits)1
GlobalPermission (com.google.gerrit.server.permissions.GlobalPermission)1
PermissionBackendException (com.google.gerrit.server.permissions.PermissionBackendException)1
TypeToken (com.google.gson.reflect.TypeToken)1
