Example 26 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class RunAsFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String runas = req.getHeader(RUN_AS);
if (runas != null) {
if (!enabled) {
replyError(req, res, SC_FORBIDDEN, RUN_AS + " disabled by auth.enableRunAs = false", null);
return;
}
CurrentUser self = session.get().getUser();
try {
if (!self.isIdentifiedUser()) {
// because that would be crazy.
throw new AuthException("denied");
}
permissionBackend.user(self).check(GlobalPermission.RUN_AS);
} catch (AuthException e) {
replyError(req, res, SC_FORBIDDEN, "not permitted to use " + RUN_AS, null);
return;
} catch (PermissionBackendException e) {
log.warn("cannot check runAs", e);
replyError(req, res, SC_INTERNAL_SERVER_ERROR, RUN_AS + " unavailable", null);
return;
}
Account target;
try {
target = accountResolver.find(db.get(), runas);
} catch (OrmException e) {
log.warn("cannot resolve account for " + RUN_AS, e);
replyError(req, res, SC_INTERNAL_SERVER_ERROR, "cannot resolve " + RUN_AS, e);
return;
}
if (target == null) {
replyError(req, res, SC_FORBIDDEN, "no account matches " + RUN_AS, null);
return;
}
session.get().setUserAccountId(target.getId());
}
chain.doFilter(req, res);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Account(com.google.gerrit.reviewdb.client.Account)
CurrentUser(com.google.gerrit.server.CurrentUser)
OrmException(com.google.gwtorm.server.OrmException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
PermissionBackendException(com.google.gerrit.server.permissions.PermissionBackendException)
Example 27 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class ChangeResource method isUserOwner.
/** @return true if {@link #getUser()} is the change's owner. */
public boolean isUserOwner() {
CurrentUser user = getControl().getUser();
Account.Id owner = getChange().getOwner();
return user.isIdentifiedUser() && user.asIdentifiedUser().getAccountId().equals(owner);
}
Also used :
Account(com.google.gerrit.reviewdb.client.Account)
CurrentUser(com.google.gerrit.server.CurrentUser)
Example 28 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class Submit method problemsForSubmittingChangeset.
/**
* @param cd the change the user is currently looking at
* @param cs set of changes to be submitted at once
* @param user the user who is checking to submit
* @return a reason why any of the changes is not submittable or null
*/
private String problemsForSubmittingChangeset(ChangeData cd, ChangeSet cs, CurrentUser user) {
try {
if (cs.furtherHiddenChanges()) {
return BLOCKED_HIDDEN_SUBMIT_TOOLTIP;
}
for (ChangeData c : cs.changes()) {
Set<ChangePermission> can = permissionBackend.user(user).database(dbProvider).change(c).test(EnumSet.of(ChangePermission.READ, ChangePermission.SUBMIT));
if (!can.contains(ChangePermission.READ)) {
return BLOCKED_HIDDEN_SUBMIT_TOOLTIP;
}
if (!can.contains(ChangePermission.SUBMIT)) {
return BLOCKED_SUBMIT_TOOLTIP;
}
if (c.change().isWorkInProgress()) {
return BLOCKED_WORK_IN_PROGRESS;
}
MergeOp.checkSubmitRule(c);
}
Collection<ChangeData> unmergeable = unmergeableChanges(cs);
if (unmergeable == null) {
return CLICK_FAILURE_TOOLTIP;
} else if (!unmergeable.isEmpty()) {
for (ChangeData c : unmergeable) {
if (c.change().getKey().equals(cd.change().getKey())) {
return CHANGE_UNMERGEABLE;
}
}
return CHANGES_NOT_MERGEABLE + unmergeable.stream().map(c -> c.getId().toString()).collect(joining(", "));
}
} catch (ResourceConflictException e) {
return BLOCKED_SUBMIT_TOOLTIP;
} catch (PermissionBackendException | OrmException | IOException e) {
log.error("Error checking if change is submittable", e);
throw new OrmRuntimeException("Could not determine problems for the change", e);
}
return null;
}
Also used :
OrmException(com.google.gwtorm.server.OrmException)
ListMultimap(com.google.common.collect.ListMultimap)
RepositoryNotFoundException(org.eclipse.jgit.errors.RepositoryNotFoundException)
Inject(com.google.inject.Inject)
LoggerFactory(org.slf4j.LoggerFactory)
PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend)
ChangeSet(com.google.gerrit.server.git.ChangeSet)
RevWalk(org.eclipse.jgit.revwalk.RevWalk)
Config(org.eclipse.jgit.lib.Config)
Output(com.google.gerrit.server.change.Submit.Output)
BatchUpdate(com.google.gerrit.server.update.BatchUpdate)
FluentIterable(com.google.common.collect.FluentIterable)
SubmitInput(com.google.gerrit.extensions.api.changes.SubmitInput)
MergeSuperSet(com.google.gerrit.server.git.MergeSuperSet)
Map(java.util.Map)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
NoSuchChangeException(com.google.gerrit.server.project.NoSuchChangeException)
RetryHelper(com.google.gerrit.server.update.RetryHelper)
RetryingRestModifyView(com.google.gerrit.server.update.RetryingRestModifyView)
UiAction(com.google.gerrit.extensions.webui.UiAction)
EnumSet(java.util.EnumSet)
GerritServerConfig(com.google.gerrit.server.config.GerritServerConfig)
ImmutableMap(com.google.common.collect.ImmutableMap)
ChangeMessage(com.google.gerrit.reviewdb.client.ChangeMessage)
Collection(java.util.Collection)
Set(java.util.Set)
Collectors.joining(java.util.stream.Collectors.joining)
Sets(com.google.common.collect.Sets)
MergeOp(com.google.gerrit.server.git.MergeOp)
ChangeData(com.google.gerrit.server.query.change.ChangeData)
List(java.util.List)
AccountsCollection(com.google.gerrit.server.account.AccountsCollection)
InternalChangeQuery(com.google.gerrit.server.query.change.InternalChangeQuery)
OrmRuntimeException(com.google.gwtorm.server.OrmRuntimeException)
Branch(com.google.gerrit.reviewdb.client.Branch)
ChangeMessagesUtil(com.google.gerrit.server.ChangeMessagesUtil)
Singleton(com.google.inject.Singleton)
ReviewDb(com.google.gerrit.reviewdb.server.ReviewDb)
PermissionBackendException(com.google.gerrit.server.permissions.PermissionBackendException)
RevCommit(org.eclipse.jgit.revwalk.RevCommit)
Change(com.google.gerrit.reviewdb.client.Change)
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
ChangePermission(com.google.gerrit.server.permissions.ChangePermission)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Strings(com.google.common.base.Strings)
ChangeInfo(com.google.gerrit.extensions.common.ChangeInfo)
RestApiException(com.google.gerrit.extensions.restapi.RestApiException)
ChangeUtil(com.google.gerrit.server.ChangeUtil)
Project(com.google.gerrit.reviewdb.client.Project)
CurrentUser(com.google.gerrit.server.CurrentUser)
Logger(org.slf4j.Logger)
MoreObjects(com.google.common.base.MoreObjects)
ParameterizedString(com.google.gerrit.common.data.ParameterizedString)
ChangeNotes(com.google.gerrit.server.notedb.ChangeNotes)
IOException(java.io.IOException)
ObjectId(org.eclipse.jgit.lib.ObjectId)
Provider(com.google.inject.Provider)
GitRepositoryManager(com.google.gerrit.server.git.GitRepositoryManager)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
ProjectUtil(com.google.gerrit.server.ProjectUtil)
PatchSet(com.google.gerrit.reviewdb.client.PatchSet)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
PatchSetUtil(com.google.gerrit.server.PatchSetUtil)
RevId(com.google.gerrit.reviewdb.client.RevId)
Repository(org.eclipse.jgit.lib.Repository)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
OrmRuntimeException(com.google.gwtorm.server.OrmRuntimeException)
OrmException(com.google.gwtorm.server.OrmException)
PermissionBackendException(com.google.gerrit.server.permissions.PermissionBackendException)
IOException(java.io.IOException)
ChangeData(com.google.gerrit.server.query.change.ChangeData)
ChangePermission(com.google.gerrit.server.permissions.ChangePermission)
Example 29 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class ConfirmEmail method apply.
@Override
public Response<?> apply(ConfigResource rsrc, Input input) throws AuthException, UnprocessableEntityException, AccountException, OrmException, IOException, ConfigInvalidException {
CurrentUser user = self.get();
if (!user.isIdentifiedUser()) {
throw new AuthException("Authentication required");
}
if (input == null) {
input = new Input();
}
if (input.token == null) {
throw new UnprocessableEntityException("missing token");
}
try {
EmailTokenVerifier.ParsedToken token = emailTokenVerifier.decode(input.token);
Account.Id accId = user.getAccountId();
if (accId.equals(token.getAccountId())) {
accountManager.link(accId, token.toAuthRequest());
return Response.none();
}
throw new UnprocessableEntityException("invalid token");
} catch (EmailTokenVerifier.InvalidTokenException e) {
throw new UnprocessableEntityException("invalid token");
} catch (AccountException e) {
throw new UnprocessableEntityException(e.getMessage());
}
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
Account(com.google.gerrit.reviewdb.client.Account)
DefaultInput(com.google.gerrit.extensions.restapi.DefaultInput)
Input(com.google.gerrit.server.config.ConfirmEmail.Input)
EmailTokenVerifier(com.google.gerrit.server.mail.EmailTokenVerifier)
CurrentUser(com.google.gerrit.server.CurrentUser)
AccountException(com.google.gerrit.server.account.AccountException)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
Example 30 with CurrentUser
use of com.google.gerrit.server.CurrentUser in project gerrit by GerritCodeReview.
the class ListTasks method apply.
@Override
public List<TaskInfo> apply(ConfigResource resource) throws AuthException, PermissionBackendException {
CurrentUser user = self.get();
if (!user.isIdentifiedUser()) {
throw new AuthException("Authentication required");
}
List<TaskInfo> allTasks = getTasks();
try {
permissionBackend.user(user).check(GlobalPermission.VIEW_QUEUE);
return allTasks;
} catch (AuthException e) {
// Fall through to filter tasks.
}
Map<String, Boolean> visibilityCache = new HashMap<>();
List<TaskInfo> visibleTasks = new ArrayList<>();
for (TaskInfo task : allTasks) {
if (task.projectName != null) {
Boolean visible = visibilityCache.get(task.projectName);
if (visible == null) {
try {
permissionBackend.user(user).project(new Project.NameKey(task.projectName)).check(ProjectPermission.ACCESS);
visible = true;
} catch (AuthException e) {
visible = false;
}
visibilityCache.put(task.projectName, visible);
}
if (visible) {
visibleTasks.add(task);
}
}
}
return visibleTasks;
}
Also used :
CurrentUser(com.google.gerrit.server.CurrentUser)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
Aggregations
CurrentUser (com.google.gerrit.server.CurrentUser)44
Account (com.google.gerrit.reviewdb.client.Account)14
AuthException (com.google.gerrit.extensions.restapi.AuthException)11
Provider (com.google.inject.Provider)8
IdentifiedUser (com.google.gerrit.server.IdentifiedUser)7
Change (com.google.gerrit.reviewdb.client.Change)6
PatchSet (com.google.gerrit.reviewdb.client.PatchSet)6
Project (com.google.gerrit.reviewdb.client.Project)6
RequestContext (com.google.gerrit.server.util.RequestContext)6
ThreadLocalRequestContext (com.google.gerrit.server.util.ThreadLocalRequestContext)6
InMemoryModule (com.google.gerrit.testutil.InMemoryModule)6
OrmException (com.google.gwtorm.server.OrmException)6
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)5
ReviewDb (com.google.gerrit.reviewdb.server.ReviewDb)5
PermissionBackendException (com.google.gerrit.server.permissions.PermissionBackendException)5
HashMap (java.util.HashMap)5
LabelType (com.google.gerrit.common.data.LabelType)4
LifecycleManager (com.google.gerrit.lifecycle.LifecycleManager)4
PermissionBackend (com.google.gerrit.server.permissions.PermissionBackend)4
ChangeControl (com.google.gerrit.server.project.ChangeControl)4
