Example 56 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class ChangeArgumentParser method addChange.
public void addChange(String id, Map<Change.Id, ChangeResource> changes, ProjectControl projectControl, boolean useIndex) throws UnloggedFailure, OrmException {
List<ChangeControl> matched = useIndex ? changeFinder.find(id, currentUser) : changeFromNotesFactory(id, currentUser);
List<ChangeControl> toAdd = new ArrayList<>(changes.size());
boolean canMaintainServer;
try {
permissionBackend.user(currentUser).check(GlobalPermission.MAINTAIN_SERVER);
canMaintainServer = true;
} catch (AuthException | PermissionBackendException e) {
canMaintainServer = false;
}
for (ChangeControl ctl : matched) {
if (!changes.containsKey(ctl.getId()) && inProject(projectControl, ctl.getProject()) && (canMaintainServer || ctl.isVisible(db))) {
toAdd.add(ctl);
}
}
if (toAdd.isEmpty()) {
throw new UnloggedFailure(1, "\"" + id + "\" no such change");
} else if (toAdd.size() > 1) {
throw new UnloggedFailure(1, "\"" + id + "\" matches multiple changes");
}
ChangeControl ctl = toAdd.get(0);
changes.put(ctl.getId(), changesCollection.parse(ctl));
}
Also used :
UnloggedFailure(com.google.gerrit.sshd.BaseCommand.UnloggedFailure)
ChangeControl(com.google.gerrit.server.project.ChangeControl)
ArrayList(java.util.ArrayList)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
PermissionBackendException(com.google.gerrit.server.permissions.PermissionBackendException)
Example 57 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class PostReview method onBehalfOf.
private RevisionResource onBehalfOf(RevisionResource rev, ReviewInput in) throws BadRequestException, AuthException, UnprocessableEntityException, OrmException, PermissionBackendException {
if (in.labels == null || in.labels.isEmpty()) {
throw new AuthException(String.format("label required to post review on behalf of \"%s\"", in.onBehalfOf));
}
if (in.drafts == null) {
in.drafts = DraftHandling.KEEP;
}
if (in.drafts != DraftHandling.KEEP) {
throw new AuthException("not allowed to modify other user's drafts");
}
CurrentUser caller = rev.getUser();
PermissionBackend.ForChange perm = rev.permissions().database(db);
LabelTypes labelTypes = rev.getControl().getLabelTypes();
Iterator<Map.Entry<String, Short>> itr = in.labels.entrySet().iterator();
while (itr.hasNext()) {
Map.Entry<String, Short> ent = itr.next();
LabelType type = labelTypes.byLabel(ent.getKey());
if (type == null && in.strictLabels) {
throw new BadRequestException(String.format("label \"%s\" is not a configured label", ent.getKey()));
} else if (type == null) {
itr.remove();
continue;
}
if (!caller.isInternalUser()) {
try {
perm.check(new LabelPermission.WithValue(ON_BEHALF_OF, type, ent.getValue()));
} catch (AuthException e) {
throw new AuthException(String.format("not permitted to modify label \"%s\" on behalf of \"%s\"", type.getName(), in.onBehalfOf));
}
}
}
if (in.labels.isEmpty()) {
throw new AuthException(String.format("label required to post review on behalf of \"%s\"", in.onBehalfOf));
}
IdentifiedUser reviewer = accounts.parseOnBehalfOf(caller, in.onBehalfOf);
try {
perm.user(reviewer).check(ChangePermission.READ);
} catch (AuthException e) {
throw new UnprocessableEntityException(String.format("on_behalf_of account %s cannot see change", reviewer.getAccountId()));
}
ChangeControl ctl = rev.getControl().forUser(reviewer);
return new RevisionResource(changes.parse(ctl), rev.getPatchSet());
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
LabelTypes(com.google.gerrit.common.data.LabelTypes)
CurrentUser(com.google.gerrit.server.CurrentUser)
PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
ChangeControl(com.google.gerrit.server.project.ChangeControl)
LabelType(com.google.gerrit.common.data.LabelType)
BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)
Map(java.util.Map)
HashMap(java.util.HashMap)
LabelPermission(com.google.gerrit.server.permissions.LabelPermission)
Example 58 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class PostReview method checkLabels.
private void checkLabels(RevisionResource rsrc, boolean strict, Map<String, Short> labels) throws BadRequestException, AuthException, PermissionBackendException {
LabelTypes types = rsrc.getControl().getLabelTypes();
PermissionBackend.ForChange perm = rsrc.permissions();
Iterator<Map.Entry<String, Short>> itr = labels.entrySet().iterator();
while (itr.hasNext()) {
Map.Entry<String, Short> ent = itr.next();
LabelType lt = types.byLabel(ent.getKey());
if (lt == null) {
if (strict) {
throw new BadRequestException(String.format("label \"%s\" is not a configured label", ent.getKey()));
}
itr.remove();
continue;
}
if (ent.getValue() == null || ent.getValue() == 0) {
// Later null/0 will be deleted and revoke the label.
continue;
}
if (lt.getValue(ent.getValue()) == null) {
if (strict) {
throw new BadRequestException(String.format("label \"%s\": %d is not a valid value", ent.getKey(), ent.getValue()));
}
itr.remove();
continue;
}
short val = ent.getValue();
try {
perm.check(new LabelPermission.WithValue(lt, val));
} catch (AuthException e) {
if (strict) {
throw new AuthException(String.format("Applying label \"%s\": %d is restricted", lt.getName(), val));
}
ent.setValue(perm.squashThenCheck(lt, val));
}
}
}
Also used :
LabelTypes(com.google.gerrit.common.data.LabelTypes)
PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
LabelType(com.google.gerrit.common.data.LabelType)
BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)
Map(java.util.Map)
HashMap(java.util.HashMap)
LabelPermission(com.google.gerrit.server.permissions.LabelPermission)
Example 59 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class DeleteReviewerOp method updateChange.
@Override
public boolean updateChange(ChangeContext ctx) throws AuthException, ResourceNotFoundException, OrmException {
Account.Id reviewerId = reviewer.getId();
if (!approvalsUtil.getReviewers(ctx.getDb(), ctx.getNotes()).all().contains(reviewerId)) {
throw new ResourceNotFoundException();
}
currChange = ctx.getChange();
currPs = psUtil.current(ctx.getDb(), ctx.getNotes());
LabelTypes labelTypes = ctx.getControl().getLabelTypes();
// removing a reviewer will remove all her votes
for (LabelType lt : labelTypes.getLabelTypes()) {
newApprovals.put(lt.getName(), (short) 0);
}
StringBuilder msg = new StringBuilder();
msg.append("Removed reviewer " + reviewer.getFullName());
StringBuilder removedVotesMsg = new StringBuilder();
removedVotesMsg.append(" with the following votes:\n\n");
List<PatchSetApproval> del = new ArrayList<>();
boolean votesRemoved = false;
for (PatchSetApproval a : approvals(ctx, reviewerId)) {
if (ctx.getControl().canRemoveReviewer(a)) {
del.add(a);
if (a.getPatchSetId().equals(currPs.getId()) && a.getValue() != 0) {
oldApprovals.put(a.getLabel(), a.getValue());
removedVotesMsg.append("* ").append(a.getLabel()).append(formatLabelValue(a.getValue())).append(" by ").append(userFactory.create(a.getAccountId()).getNameEmail()).append("\n");
votesRemoved = true;
}
} else {
throw new AuthException("delete reviewer not permitted");
}
}
if (votesRemoved) {
msg.append(removedVotesMsg);
} else {
msg.append(".");
}
ctx.getDb().patchSetApprovals().delete(del);
ChangeUpdate update = ctx.getUpdate(currPs.getId());
update.removeReviewer(reviewerId);
changeMessage = ChangeMessagesUtil.newMessage(ctx, msg.toString(), ChangeMessagesUtil.TAG_DELETE_REVIEWER);
cmUtil.addChangeMessage(ctx.getDb(), update, changeMessage);
return true;
}
Also used :
Account(com.google.gerrit.reviewdb.client.Account)
LabelTypes(com.google.gerrit.common.data.LabelTypes)
LabelType(com.google.gerrit.common.data.LabelType)
ArrayList(java.util.ArrayList)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
PatchSetApproval(com.google.gerrit.reviewdb.client.PatchSetApproval)
ChangeUpdate(com.google.gerrit.server.notedb.ChangeUpdate)
Example 60 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class DeleteChange method applyImpl.
@Override
protected Response<?> applyImpl(BatchUpdate.Factory updateFactory, ChangeResource rsrc, Input input) throws RestApiException, UpdateException, PermissionBackendException {
if (rsrc.getChange().getStatus() == Change.Status.MERGED) {
throw new MethodNotAllowedException("delete not permitted");
} else if (!allowDrafts && rsrc.getChange().getStatus() == Change.Status.DRAFT) {
// If drafts are disabled, only an administrator can delete a draft.
try {
permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
} catch (AuthException e) {
throw new MethodNotAllowedException("Draft workflow is disabled");
}
} else {
rsrc.permissions().database(db).check(ChangePermission.DELETE);
}
try (BatchUpdate bu = updateFactory.create(db.get(), rsrc.getProject(), rsrc.getUser(), TimeUtil.nowTs())) {
Change.Id id = rsrc.getChange().getId();
bu.setOrder(Order.DB_BEFORE_REPO);
bu.addOp(id, opProvider.get());
bu.execute();
}
return Response.none();
}
Also used :
MethodNotAllowedException(com.google.gerrit.extensions.restapi.MethodNotAllowedException)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
Change(com.google.gerrit.reviewdb.client.Change)
BatchUpdate(com.google.gerrit.server.update.BatchUpdate)
Aggregations
AuthException (com.google.gerrit.extensions.restapi.AuthException)68
ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)22
BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)20
UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)16
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)15
MethodNotAllowedException (com.google.gerrit.extensions.restapi.MethodNotAllowedException)14
Change (com.google.gerrit.reviewdb.client.Change)13
IOException (java.io.IOException)12
Account (com.google.gerrit.reviewdb.client.Account)11
Project (com.google.gerrit.reviewdb.client.Project)11
CurrentUser (com.google.gerrit.server.CurrentUser)11
IdentifiedUser (com.google.gerrit.server.IdentifiedUser)11
PermissionBackendException (com.google.gerrit.server.permissions.PermissionBackendException)11
ArrayList (java.util.ArrayList)11
AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)10
BatchUpdate (com.google.gerrit.server.update.BatchUpdate)8
ChangeControl (com.google.gerrit.server.project.ChangeControl)7
PermissionBackend (com.google.gerrit.server.permissions.PermissionBackend)6
OrmException (com.google.gwtorm.server.OrmException)6
RepositoryNotFoundException (org.eclipse.jgit.errors.RepositoryNotFoundException)6
