Example 51 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class PRED_current_user_2 method createUser.
public Term createUser(Prolog engine, Term key) {
if (!(key instanceof StructureTerm) || key.arity() != 1 || !((StructureTerm) key).functor().equals(user)) {
throw new IllegalTypeException(this, 1, "user(int)", key);
}
Term idTerm = key.arg(0);
CurrentUser user;
if (idTerm instanceof IntegerTerm) {
Map<Account.Id, IdentifiedUser> cache = StoredValues.USERS.get(engine);
Account.Id accountId = new Account.Id(((IntegerTerm) idTerm).intValue());
user = cache.get(accountId);
if (user == null) {
IdentifiedUser.GenericFactory userFactory = userFactory(engine);
IdentifiedUser who = userFactory.create(accountId);
cache.put(accountId, who);
user = who;
}
} else if (idTerm.equals(anonymous)) {
user = StoredValues.ANONYMOUS_USER.get(engine);
} else {
throw new IllegalTypeException(this, 1, "user(int)", key);
}
return new JavaObjectTerm(user);
}
Also used :
Account(com.google.gerrit.reviewdb.client.Account)
IntegerTerm(com.googlecode.prolog_cafe.lang.IntegerTerm)
IllegalTypeException(com.googlecode.prolog_cafe.exceptions.IllegalTypeException)
CurrentUser(com.google.gerrit.server.CurrentUser)
StructureTerm(com.googlecode.prolog_cafe.lang.StructureTerm)
JavaObjectTerm(com.googlecode.prolog_cafe.lang.JavaObjectTerm)
Term(com.googlecode.prolog_cafe.lang.Term)
IntegerTerm(com.googlecode.prolog_cafe.lang.IntegerTerm)
StructureTerm(com.googlecode.prolog_cafe.lang.StructureTerm)
JavaObjectTerm(com.googlecode.prolog_cafe.lang.JavaObjectTerm)
SymbolTerm(com.googlecode.prolog_cafe.lang.SymbolTerm)
VariableTerm(com.googlecode.prolog_cafe.lang.VariableTerm)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
Example 52 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class AccountsCollection method parseIdOnBehalfOf.
private IdentifiedUser parseIdOnBehalfOf(@Nullable CurrentUser caller, String id) throws AuthException, OrmException {
if (id.equals("self")) {
CurrentUser user = self.get();
if (user.isIdentifiedUser()) {
return user.asIdentifiedUser();
} else if (user instanceof AnonymousUser) {
throw new AuthException("Authentication required");
} else {
return null;
}
}
Account match = resolver.find(db.get(), id);
if (match == null) {
return null;
}
CurrentUser realUser = caller != null ? caller.getRealUser() : null;
return userFactory.runAs(null, match.getId(), realUser);
}
Also used :
Account(com.google.gerrit.reviewdb.client.Account)
CurrentUser(com.google.gerrit.server.CurrentUser)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
AnonymousUser(com.google.gerrit.server.AnonymousUser)
Example 53 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class ChangeQueryBuilder method watchedby.
@Operator
public Predicate<ChangeData> watchedby(String who) throws QueryParseException, OrmException {
Set<Account.Id> m = parseAccount(who);
List<IsWatchedByPredicate> p = Lists.newArrayListWithCapacity(m.size());
Account.Id callerId;
try {
CurrentUser caller = args.self.get();
callerId = caller.isIdentifiedUser() ? caller.getAccountId() : null;
} catch (ProvisionException e) {
callerId = null;
}
for (Account.Id id : m) {
// Each child IsWatchedByPredicate includes a visibility filter for the
// corresponding user, to ensure that predicate subtree only returns
// changes visible to that user. The exception is if one of the users is
// the caller of this method, in which case visibility is already being
// checked at the top level.
p.add(new IsWatchedByPredicate(args.asUser(id), !id.equals(callerId)));
}
return Predicate.or(p);
}
Also used :
Account(com.google.gerrit.reviewdb.client.Account)
ProvisionException(com.google.inject.ProvisionException)
CurrentUser(com.google.gerrit.server.CurrentUser)
Example 54 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class LdapGroupBackend method get.
@Override
public GroupDescription.Basic get(AccountGroup.UUID uuid) {
if (!handles(uuid)) {
return null;
}
String groupDn = uuid.get().substring(LDAP_UUID.length());
CurrentUser user = userProvider.get();
if (!user.isIdentifiedUser() || !membershipsOf(user.asIdentifiedUser()).contains(uuid)) {
try {
if (!existsCache.get(groupDn)) {
return null;
}
} catch (ExecutionException e) {
logger.atWarning().withCause(e).log("Cannot lookup group %s in LDAP", groupDn);
return null;
}
}
final String name = LDAP_NAME + cnFor(groupDn);
return new GroupDescription.Basic() {
@Override
public AccountGroup.UUID getGroupUUID() {
return uuid;
}
@Override
public String getName() {
return name;
}
@Override
@Nullable
public String getEmailAddress() {
return null;
}
@Override
@Nullable
public String getUrl() {
return null;
}
};
}
Also used :
CurrentUser(com.google.gerrit.server.CurrentUser)
AccountGroup(com.google.gerrit.entities.AccountGroup)
ParameterizedString(com.google.gerrit.common.data.ParameterizedString)
ExecutionException(java.util.concurrent.ExecutionException)
Example 55 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class RunAsFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String runas = req.getHeader(RUN_AS);
if (runas != null) {
if (!enabled) {
replyError(req, res, SC_FORBIDDEN, RUN_AS + " disabled by auth.enableRunAs = false", null);
return;
}
CurrentUser self = session.get().getUser();
try {
if (!self.isIdentifiedUser()) {
// because that would be crazy.
throw new AuthException("denied");
}
permissionBackend.user(self).check(GlobalPermission.RUN_AS);
} catch (AuthException e) {
replyError(req, res, SC_FORBIDDEN, "not permitted to use " + RUN_AS, null);
return;
} catch (PermissionBackendException e) {
logger.atWarning().withCause(e).log("cannot check runAs");
replyError(req, res, SC_INTERNAL_SERVER_ERROR, RUN_AS + " unavailable", null);
return;
}
Account.Id target;
try {
target = accountResolver.resolve(runas).asUnique().account().id();
} catch (UnprocessableEntityException e) {
replyError(req, res, SC_FORBIDDEN, "no account matches " + RUN_AS, null);
return;
} catch (IOException | ConfigInvalidException | RuntimeException e) {
logger.atWarning().withCause(e).log("cannot resolve account for %s", RUN_AS);
replyError(req, res, SC_INTERNAL_SERVER_ERROR, "cannot resolve " + RUN_AS, e);
return;
}
session.get().setUserAccountId(target);
}
chain.doFilter(req, res);
}
Also used :
Account(com.google.gerrit.entities.Account)
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
CurrentUser(com.google.gerrit.server.CurrentUser)
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
PermissionBackendException(com.google.gerrit.server.permissions.PermissionBackendException)
IOException(java.io.IOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Aggregations
CurrentUser (com.google.gerrit.server.CurrentUser)73
AuthException (com.google.gerrit.extensions.restapi.AuthException)21
Account (com.google.gerrit.reviewdb.client.Account)11
Account (com.google.gerrit.entities.Account)10
PermissionBackend (com.google.gerrit.server.permissions.PermissionBackend)10
PermissionBackendException (com.google.gerrit.server.permissions.PermissionBackendException)10
ChangeData (com.google.gerrit.server.query.change.ChangeData)10
Change (com.google.gerrit.entities.Change)9
UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)9
IdentifiedUser (com.google.gerrit.server.IdentifiedUser)9
IOException (java.io.IOException)9
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)8
ChangeNotes (com.google.gerrit.server.notedb.ChangeNotes)8
BatchUpdate (com.google.gerrit.server.update.BatchUpdate)8
Provider (com.google.inject.Provider)8
HashMap (java.util.HashMap)8
ArrayList (java.util.ArrayList)6
Map (java.util.Map)6
Test (org.junit.Test)6
PatchSet (com.google.gerrit.entities.PatchSet)5
