Example 31 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class Index method apply.
@Override
public Response<?> apply(GroupResource rsrc, Input input) throws IOException, AuthException, UnprocessableEntityException {
if (!rsrc.getControl().isOwner()) {
throw new AuthException("not allowed to index group");
}
AccountGroup group = GroupDescriptions.toAccountGroup(rsrc.getGroup());
if (group == null) {
throw new UnprocessableEntityException(String.format("External Group Not Allowed: %s", rsrc.getGroupUUID().get()));
}
// evicting the group from the cache, reindexes the group
groupCache.evict(group);
return Response.none();
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
Example 32 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class DeleteMembers method apply.
@Override
public Response<?> apply(GroupResource resource, Input input) throws AuthException, MethodNotAllowedException, UnprocessableEntityException, OrmException, IOException {
AccountGroup internalGroup = resource.toAccountGroup();
if (internalGroup == null) {
throw new MethodNotAllowedException();
}
input = Input.init(input);
final GroupControl control = resource.getControl();
final Map<Account.Id, AccountGroupMember> members = getMembers(internalGroup.getId());
final List<AccountGroupMember> toRemove = new ArrayList<>();
for (final String nameOrEmail : input.members) {
Account a = accounts.parse(nameOrEmail).getAccount();
if (!control.canRemoveMember()) {
throw new AuthException("Cannot delete member: " + a.getFullName());
}
final AccountGroupMember m = members.remove(a.getId());
if (m != null) {
toRemove.add(m);
}
}
writeAudits(toRemove);
db.get().accountGroupMembers().delete(toRemove);
for (final AccountGroupMember m : toRemove) {
accountCache.evict(m.getAccountId());
}
return Response.none();
}
Also used :
GroupControl(com.google.gerrit.server.account.GroupControl)
Account(com.google.gerrit.reviewdb.client.Account)
MethodNotAllowedException(com.google.gerrit.extensions.restapi.MethodNotAllowedException)
AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup)
AccountGroupMember(com.google.gerrit.reviewdb.client.AccountGroupMember)
ArrayList(java.util.ArrayList)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
Example 33 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class GroupsCollection method parse.
@Override
public GroupResource parse(TopLevelResource parent, IdString id) throws AuthException, ResourceNotFoundException {
final CurrentUser user = self.get();
if (user instanceof AnonymousUser) {
throw new AuthException("Authentication required");
} else if (!(user.isIdentifiedUser())) {
throw new ResourceNotFoundException(id);
}
GroupDescription.Basic group = parseId(id.get());
if (group == null) {
throw new ResourceNotFoundException(id.get());
}
GroupControl ctl = groupControlFactory.controlFor(group);
if (!ctl.isVisible()) {
throw new ResourceNotFoundException(id);
}
return new GroupResource(ctl);
}
Also used :
GroupDescription(com.google.gerrit.common.data.GroupDescription)
GroupControl(com.google.gerrit.server.account.GroupControl)
CurrentUser(com.google.gerrit.server.CurrentUser)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
AnonymousUser(com.google.gerrit.server.AnonymousUser)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
Example 34 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class SetHead method apply.
@Override
public String apply(final ProjectResource rsrc, Input input) throws AuthException, ResourceNotFoundException, BadRequestException, UnprocessableEntityException, IOException {
if (!rsrc.getControl().isOwner()) {
throw new AuthException("restricted to project owner");
}
if (input == null || Strings.isNullOrEmpty(input.ref)) {
throw new BadRequestException("ref required");
}
String ref = RefNames.fullName(input.ref);
try (Repository repo = repoManager.openRepository(rsrc.getNameKey())) {
Map<String, Ref> cur = repo.getRefDatabase().exactRef(Constants.HEAD, ref);
if (!cur.containsKey(ref)) {
throw new UnprocessableEntityException(String.format("Ref Not Found: %s", ref));
}
final String oldHead = cur.get(Constants.HEAD).getTarget().getName();
final String newHead = ref;
if (!oldHead.equals(newHead)) {
final RefUpdate u = repo.updateRef(Constants.HEAD, true);
u.setRefLogIdent(identifiedUser.get().newRefLogIdent());
RefUpdate.Result res = u.link(newHead);
switch(res) {
case NO_CHANGE:
case RENAMED:
case FORCED:
case NEW:
break;
case FAST_FORWARD:
case IO_FAILURE:
case LOCK_FAILURE:
case NOT_ATTEMPTED:
case REJECTED:
case REJECTED_CURRENT_BRANCH:
default:
throw new IOException("Setting HEAD failed with " + res);
}
fire(rsrc.getNameKey(), oldHead, newHead);
}
return ref;
} catch (RepositoryNotFoundException e) {
throw new ResourceNotFoundException(rsrc.getName());
}
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
Repository(org.eclipse.jgit.lib.Repository)
Ref(org.eclipse.jgit.lib.Ref)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)
IOException(java.io.IOException)
RepositoryNotFoundException(org.eclipse.jgit.errors.RepositoryNotFoundException)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
RefUpdate(org.eclipse.jgit.lib.RefUpdate)
Example 35 with AuthException
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class SetAccess method apply.
@Override
public ProjectAccessInfo apply(ProjectResource rsrc, ProjectAccessInput input) throws ResourceNotFoundException, ResourceConflictException, IOException, AuthException, BadRequestException, UnprocessableEntityException, PermissionBackendException {
List<AccessSection> removals = getAccessSections(input.remove);
List<AccessSection> additions = getAccessSections(input.add);
MetaDataUpdate.User metaDataUpdateUser = metaDataUpdateFactory.get();
ProjectControl projectControl = rsrc.getControl();
ProjectConfig config;
Project.NameKey newParentProjectName = input.parent == null ? null : new Project.NameKey(input.parent);
try (MetaDataUpdate md = metaDataUpdateUser.create(rsrc.getNameKey())) {
config = ProjectConfig.read(md);
// Perform removal checks
for (AccessSection section : removals) {
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
if (isGlobalCapabilities) {
checkGlobalCapabilityPermissions(config.getName());
} else if (!projectControl.controlForRef(section.getName()).isOwner()) {
throw new AuthException("You are not allowed to edit permissionsfor ref: " + section.getName());
}
}
// Perform addition checks
for (AccessSection section : additions) {
String name = section.getName();
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(name);
if (isGlobalCapabilities) {
checkGlobalCapabilityPermissions(config.getName());
} else {
if (!AccessSection.isValid(name)) {
throw new BadRequestException("invalid section name");
}
if (!projectControl.controlForRef(name).isOwner()) {
throw new AuthException("You are not allowed to edit permissionsfor ref: " + name);
}
RefPattern.validate(name);
}
// Check all permissions for soundness
for (Permission p : section.getPermissions()) {
if (isGlobalCapabilities && !GlobalCapability.isCapability(p.getName())) {
throw new BadRequestException("Cannot add non-global capability " + p.getName() + " to global capabilities");
}
}
}
// Apply removals
for (AccessSection section : removals) {
if (section.getPermissions().isEmpty()) {
// Remove entire section
config.remove(config.getAccessSection(section.getName()));
}
// Remove specific permissions
for (Permission p : section.getPermissions()) {
if (p.getRules().isEmpty()) {
config.remove(config.getAccessSection(section.getName()), p);
} else {
for (PermissionRule r : p.getRules()) {
config.remove(config.getAccessSection(section.getName()), p, r);
}
}
}
}
// Apply additions
for (AccessSection section : additions) {
AccessSection currentAccessSection = config.getAccessSection(section.getName());
if (currentAccessSection == null) {
// Add AccessSection
config.replace(section);
} else {
for (Permission p : section.getPermissions()) {
Permission currentPermission = currentAccessSection.getPermission(p.getName());
if (currentPermission == null) {
// Add Permission
currentAccessSection.addPermission(p);
} else {
for (PermissionRule r : p.getRules()) {
// AddPermissionRule
currentPermission.add(r);
}
}
}
}
}
if (newParentProjectName != null && !config.getProject().getNameKey().equals(allProjects) && !config.getProject().getParent(allProjects).equals(newParentProjectName)) {
try {
setParent.get().validateParentUpdate(projectControl, MoreObjects.firstNonNull(newParentProjectName, allProjects).get(), true);
} catch (UnprocessableEntityException e) {
throw new ResourceConflictException(e.getMessage(), e);
}
config.getProject().setParentName(newParentProjectName);
}
if (!Strings.isNullOrEmpty(input.message)) {
if (!input.message.endsWith("\n")) {
input.message += "\n";
}
md.setMessage(input.message);
} else {
md.setMessage("Modify access rules\n");
}
config.commit(md);
projectCache.evict(config.getProject());
} catch (InvalidNameException e) {
throw new BadRequestException(e.toString());
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(rsrc.getName());
}
return getAccess.apply(rsrc.getNameKey());
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
AccessSection(com.google.gerrit.common.data.AccessSection)
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
Project(com.google.gerrit.reviewdb.client.Project)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
InvalidNameException(com.google.gerrit.common.errors.InvalidNameException)
GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission)
Permission(com.google.gerrit.common.data.Permission)
BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Aggregations
AuthException (com.google.gerrit.extensions.restapi.AuthException)68
ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)22
BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)20
UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)16
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)15
MethodNotAllowedException (com.google.gerrit.extensions.restapi.MethodNotAllowedException)14
Change (com.google.gerrit.reviewdb.client.Change)13
IOException (java.io.IOException)12
Account (com.google.gerrit.reviewdb.client.Account)11
Project (com.google.gerrit.reviewdb.client.Project)11
CurrentUser (com.google.gerrit.server.CurrentUser)11
IdentifiedUser (com.google.gerrit.server.IdentifiedUser)11
PermissionBackendException (com.google.gerrit.server.permissions.PermissionBackendException)11
ArrayList (java.util.ArrayList)11
AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)10
BatchUpdate (com.google.gerrit.server.update.BatchUpdate)8
ChangeControl (com.google.gerrit.server.project.ChangeControl)7
PermissionBackend (com.google.gerrit.server.permissions.PermissionBackend)6
OrmException (com.google.gwtorm.server.OrmException)6
RepositoryNotFoundException (org.eclipse.jgit.errors.RepositoryNotFoundException)6
