Search in sources :

Example 61 with AuthException

use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.

the class ListTasks method apply.

@Override
public List<TaskInfo> apply(ConfigResource resource) throws AuthException, PermissionBackendException {
    CurrentUser user = self.get();
    if (!user.isIdentifiedUser()) {
        throw new AuthException("Authentication required");
    }
    List<TaskInfo> allTasks = getTasks();
    try {
        permissionBackend.user(user).check(GlobalPermission.VIEW_QUEUE);
        return allTasks;
    } catch (AuthException e) {
    // Fall through to filter tasks.
    }
    Map<String, Boolean> visibilityCache = new HashMap<>();
    List<TaskInfo> visibleTasks = new ArrayList<>();
    for (TaskInfo task : allTasks) {
        if (task.projectName != null) {
            Boolean visible = visibilityCache.get(task.projectName);
            if (visible == null) {
                try {
                    permissionBackend.user(user).project(new Project.NameKey(task.projectName)).check(ProjectPermission.ACCESS);
                    visible = true;
                } catch (AuthException e) {
                    visible = false;
                }
                visibilityCache.put(task.projectName, visible);
            }
            if (visible) {
                visibleTasks.add(task);
            }
        }
    }
    return visibleTasks;
}
Also used : CurrentUser(com.google.gerrit.server.CurrentUser) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) AuthException(com.google.gerrit.extensions.restapi.AuthException)

Example 62 with AuthException

use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.

the class PostReviewers method addByAccountId.

@Nullable
private Addition addByAccountId(String reviewer, ChangeResource rsrc, ReviewerState state, NotifyHandling notify, ListMultimap<RecipientType, Account.Id> accountsToNotify, boolean allowGroup, boolean allowByEmail) throws OrmException, PermissionBackendException {
    Account.Id accountId = null;
    try {
        accountId = accounts.parse(reviewer).getAccountId();
    } catch (UnprocessableEntityException | AuthException e) {
        // AuthException won't occur since the user is authenticated at this point.
        if (!allowGroup && !allowByEmail) {
            // Only return failure if we aren't going to try other interpretations.
            return fail(reviewer, MessageFormat.format(ChangeMessages.get().reviewerNotFoundUser, reviewer));
        }
        return null;
    }
    ReviewerResource rrsrc = reviewerFactory.create(rsrc, accountId);
    Account member = rrsrc.getReviewerUser().getAccount();
    PermissionBackend.ForRef perm = permissionBackend.user(rrsrc.getReviewerUser()).ref(rrsrc.getChange().getDest());
    if (isValidReviewer(member, perm)) {
        return new Addition(reviewer, rsrc, ImmutableSet.of(member.getId()), null, state, notify, accountsToNotify);
    }
    if (!member.isActive()) {
        if (allowByEmail && state == CC) {
            return null;
        }
        return fail(reviewer, MessageFormat.format(ChangeMessages.get().reviewerInactive, reviewer));
    }
    return fail(reviewer, MessageFormat.format(ChangeMessages.get().reviewerCantSeeChange, reviewer));
}
Also used : Account(com.google.gerrit.reviewdb.client.Account) UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException) PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend) AuthException(com.google.gerrit.extensions.restapi.AuthException) Nullable(com.google.gerrit.common.Nullable)

Example 63 with AuthException

use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.

the class PutAssignee method applyImpl.

@Override
protected AccountInfo applyImpl(BatchUpdate.Factory updateFactory, ChangeResource rsrc, AssigneeInput input) throws RestApiException, UpdateException, OrmException, IOException, PermissionBackendException {
    rsrc.permissions().check(ChangePermission.EDIT_ASSIGNEE);
    input.assignee = Strings.nullToEmpty(input.assignee).trim();
    if (input.assignee.isEmpty()) {
        throw new BadRequestException("missing assignee field");
    }
    IdentifiedUser assignee = accounts.parse(input.assignee);
    if (!assignee.getAccount().isActive()) {
        throw new UnprocessableEntityException(input.assignee + " is not active");
    }
    try {
        rsrc.permissions().database(db).user(assignee).check(ChangePermission.READ);
    } catch (AuthException e) {
        throw new AuthException("read not permitted for " + input.assignee);
    }
    try (BatchUpdate bu = updateFactory.create(db.get(), rsrc.getChange().getProject(), rsrc.getControl().getUser(), TimeUtil.nowTs())) {
        SetAssigneeOp op = assigneeFactory.create(assignee);
        bu.addOp(rsrc.getId(), op);
        PostReviewers.Addition reviewersAddition = addAssigneeAsCC(rsrc, input.assignee);
        bu.addOp(rsrc.getId(), reviewersAddition.op);
        bu.execute();
        return accountLoaderFactory.create(true).fillOne(assignee.getAccountId());
    }
}
Also used : Addition(com.google.gerrit.server.change.PostReviewers.Addition) UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException) BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException) AuthException(com.google.gerrit.extensions.restapi.AuthException) IdentifiedUser(com.google.gerrit.server.IdentifiedUser) BatchUpdate(com.google.gerrit.server.update.BatchUpdate)

Example 64 with AuthException

use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.

the class TestSubmitRule method apply.

@Override
public List<Record> apply(RevisionResource rsrc, TestSubmitRuleInput input) throws AuthException, OrmException {
    if (input == null) {
        input = new TestSubmitRuleInput();
    }
    if (input.rule != null && !rules.isProjectRulesEnabled()) {
        throw new AuthException("project rules are disabled");
    }
    input.filters = MoreObjects.firstNonNull(input.filters, filters);
    SubmitRuleEvaluator evaluator = new SubmitRuleEvaluator(changeDataFactory.create(db.get(), rsrc.getControl()));
    List<SubmitRecord> records = evaluator.setPatchSet(rsrc.getPatchSet()).setLogErrors(false).setSkipSubmitFilters(input.filters == Filters.SKIP).setRule(input.rule).evaluate();
    List<Record> out = Lists.newArrayListWithCapacity(records.size());
    AccountLoader accounts = accountInfoFactory.create(true);
    for (SubmitRecord r : records) {
        out.add(new Record(r, accounts));
    }
    if (!out.isEmpty()) {
        out.get(0).prologReductionCount = evaluator.getReductionsConsumed();
    }
    accounts.fill();
    return out;
}
Also used : SubmitRuleEvaluator(com.google.gerrit.server.project.SubmitRuleEvaluator) SubmitRecord(com.google.gerrit.common.data.SubmitRecord) TestSubmitRuleInput(com.google.gerrit.extensions.common.TestSubmitRuleInput) AccountLoader(com.google.gerrit.server.account.AccountLoader) AuthException(com.google.gerrit.extensions.restapi.AuthException) SubmitRecord(com.google.gerrit.common.data.SubmitRecord)

Example 65 with AuthException

use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.

the class TasksCollection method parse.

@Override
public TaskResource parse(ConfigResource parent, IdString id) throws ResourceNotFoundException, AuthException, PermissionBackendException {
    CurrentUser user = self.get();
    if (!user.isIdentifiedUser()) {
        throw new AuthException("Authentication required");
    }
    int taskId;
    try {
        taskId = (int) Long.parseLong(id.get(), 16);
    } catch (NumberFormatException e) {
        throw new ResourceNotFoundException(id);
    }
    Task<?> task = workQueue.getTask(taskId);
    if (task instanceof ProjectTask) {
        try {
            permissionBackend.user(user).project(((ProjectTask<?>) task).getProjectNameKey()).check(ProjectPermission.ACCESS);
            return new TaskResource(task);
        } catch (AuthException e) {
        // Fall through and try view queue permission.
        }
    }
    if (task != null) {
        try {
            permissionBackend.user(user).check(GlobalPermission.VIEW_QUEUE);
            return new TaskResource(task);
        } catch (AuthException e) {
        // Fall through and return not found.
        }
    }
    throw new ResourceNotFoundException(id);
}
Also used : CurrentUser(com.google.gerrit.server.CurrentUser) AuthException(com.google.gerrit.extensions.restapi.AuthException) ProjectTask(com.google.gerrit.server.git.WorkQueue.ProjectTask) ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)

Aggregations

AuthException (com.google.gerrit.extensions.restapi.AuthException)68 ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)22 BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)20 UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)16 ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)15 MethodNotAllowedException (com.google.gerrit.extensions.restapi.MethodNotAllowedException)14 Change (com.google.gerrit.reviewdb.client.Change)13 IOException (java.io.IOException)12 Account (com.google.gerrit.reviewdb.client.Account)11 Project (com.google.gerrit.reviewdb.client.Project)11 CurrentUser (com.google.gerrit.server.CurrentUser)11 IdentifiedUser (com.google.gerrit.server.IdentifiedUser)11 PermissionBackendException (com.google.gerrit.server.permissions.PermissionBackendException)11 ArrayList (java.util.ArrayList)11 AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)10 BatchUpdate (com.google.gerrit.server.update.BatchUpdate)8 ChangeControl (com.google.gerrit.server.project.ChangeControl)7 PermissionBackend (com.google.gerrit.server.permissions.PermissionBackend)6 OrmException (com.google.gwtorm.server.OrmException)6 RepositoryNotFoundException (org.eclipse.jgit.errors.RepositoryNotFoundException)6