use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class GetExternalIds method apply.
@Override
public List<AccountExternalIdInfo> apply(AccountResource resource) throws RestApiException, IOException, OrmException {
if (self.get() != resource.getUser() && !self.get().getCapabilities().canAccessDatabase()) {
throw new AuthException("not allowed to get external IDs");
}
Collection<ExternalId> ids = externalIds.byAccount(resource.getUser().getAccountId());
if (ids.isEmpty()) {
return ImmutableList.of();
}
List<AccountExternalIdInfo> result = Lists.newArrayListWithCapacity(ids.size());
for (ExternalId id : ids) {
AccountExternalIdInfo info = new AccountExternalIdInfo();
info.identity = id.key().get();
info.emailAddress = id.email();
info.trusted = toBoolean(authConfig.isIdentityTrustable(Collections.singleton(id)));
// actually used to establish this web session.
if (!id.isScheme(SCHEME_USERNAME)) {
ExternalId.Key last = resource.getUser().getLastLoginExternalIdKey();
info.canDelete = toBoolean(last == null || !last.get().equals(info.identity));
}
result.add(info);
}
return result;
}
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class GetOAuthToken method apply.
@Override
public OAuthTokenInfo apply(AccountResource rsrc) throws AuthException, ResourceNotFoundException {
if (self.get() != rsrc.getUser()) {
throw new AuthException("not allowed to get access token");
}
Account a = rsrc.getUser().getAccount();
OAuthToken accessToken = tokenCache.get(a.getId());
if (accessToken == null) {
throw new ResourceNotFoundException();
}
OAuthTokenInfo accessTokenInfo = new OAuthTokenInfo();
accessTokenInfo.username = a.getUserName();
accessTokenInfo.resourceHost = hostName;
accessTokenInfo.accessToken = accessToken.getToken();
accessTokenInfo.providerId = accessToken.getProviderId();
accessTokenInfo.expiresAt = Long.toString(accessToken.getExpiresAt());
accessTokenInfo.type = BEARER_TYPE;
return accessTokenInfo;
}
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class ReceiveCommits method parseRewind.
private void parseRewind(ReceiveCommand cmd) throws PermissionBackendException {
RevCommit newObject;
try {
newObject = rp.getRevWalk().parseCommit(cmd.getNewId());
} catch (IncorrectObjectTypeException notCommit) {
newObject = null;
} catch (IOException err) {
logError("Invalid object " + cmd.getNewId().name() + " for " + cmd.getRefName() + " forced update", err);
reject(cmd, "invalid object");
return;
}
logDebug("Rewinding {}", cmd);
RefControl ctl = projectControl.controlForRef(cmd.getRefName());
if (newObject != null) {
validateNewCommits(ctl, cmd);
if (cmd.getResult() != NOT_ATTEMPTED) {
return;
}
}
boolean ok;
try {
permissions.ref(cmd.getRefName()).check(RefPermission.FORCE_UPDATE);
ok = true;
} catch (AuthException err) {
ok = false;
}
if (ok) {
if (!validRefOperation(cmd)) {
return;
}
actualCommands.add(cmd);
} else {
cmd.setResult(REJECTED_NONFASTFORWARD, " need '" + PermissionRule.FORCE_PUSH + "' privilege.");
}
}
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class SetDefaultDashboard method apply.
@Override
public Response<DashboardInfo> apply(DashboardResource resource, Input input) throws AuthException, BadRequestException, ResourceConflictException, ResourceNotFoundException, IOException {
if (input == null) {
// Delete would set input to null.
input = new Input();
}
input.id = Strings.emptyToNull(input.id);
ProjectControl ctl = resource.getControl();
if (!ctl.isOwner()) {
throw new AuthException("not project owner");
}
DashboardResource target = null;
if (input.id != null) {
try {
target = dashboards.parse(new ProjectResource(ctl), IdString.fromUrl(input.id));
} catch (ResourceNotFoundException e) {
throw new BadRequestException("dashboard " + input.id + " not found");
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(e.getMessage());
}
}
try (MetaDataUpdate md = updateFactory.create(ctl.getProject().getNameKey())) {
ProjectConfig config = ProjectConfig.read(md);
Project project = config.getProject();
if (inherited) {
project.setDefaultDashboard(input.id);
} else {
project.setLocalDefaultDashboard(input.id);
}
String msg = MoreObjects.firstNonNull(Strings.emptyToNull(input.commitMessage), input.id == null ? "Removed default dashboard.\n" : String.format("Changed default dashboard to %s.\n", input.id));
if (!msg.endsWith("\n")) {
msg += "\n";
}
md.setAuthor(ctl.getUser().asIdentifiedUser());
md.setMessage(msg);
config.commit(md);
cache.evict(ctl.getProject());
if (target != null) {
DashboardInfo info = get.get().apply(target);
info.isDefault = true;
return Response.ok(info);
}
return Response.none();
} catch (RepositoryNotFoundException notFound) {
throw new ResourceNotFoundException(ctl.getProject().getName());
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(String.format("invalid project.config: %s", e.getMessage()));
}
}
use of com.google.gerrit.extensions.restapi.AuthException in project gerrit by GerritCodeReview.
the class SetParent method validateParentUpdate.
public void validateParentUpdate(final ProjectControl ctl, String newParent, boolean checkIfAdmin) throws AuthException, ResourceConflictException, UnprocessableEntityException, PermissionBackendException {
IdentifiedUser user = ctl.getUser().asIdentifiedUser();
if (checkIfAdmin) {
permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
}
if (ctl.getProject().getNameKey().equals(allProjects)) {
throw new ResourceConflictException("cannot set parent of " + allProjects.get());
}
newParent = Strings.emptyToNull(newParent);
if (newParent != null) {
ProjectState parent = cache.get(new Project.NameKey(newParent));
if (parent == null) {
throw new UnprocessableEntityException("parent project " + newParent + " not found");
}
if (Iterables.tryFind(parent.tree(), p -> {
return p.getProject().getNameKey().equals(ctl.getProject().getNameKey());
}).isPresent()) {
throw new ResourceConflictException("cycle exists between " + ctl.getProject().getName() + " and " + parent.getProject().getName());
}
}
}
Aggregations