Examples with IdentifiedUser com.google.gerrit.server.IdentifiedUser used on opensource projects

Example 56 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class AccountManager method create.

private AuthResult create(ReviewDb db, AuthRequest who) throws OrmException, AccountException, IOException, ConfigInvalidException {
    Account.Id newId = new Account.Id(db.nextAccountId());
    Account account = new Account(newId, TimeUtil.nowTs());
    ExternalId extId = ExternalId.createWithEmail(who.getExternalIdKey(), newId, who.getEmailAddress());
    account.setFullName(who.getDisplayName());
    account.setPreferredEmail(extId.email());
    boolean isFirstAccount = awaitsFirstAccountCheck.getAndSet(false) && db.accounts().anyAccounts().toList().isEmpty();
    try {
        AccountsUpdate accountsUpdate = accountsUpdateFactory.create();
        accountsUpdate.upsert(db, account);
        ExternalId existingExtId = externalIds.get(extId.key());
        if (existingExtId != null && !existingExtId.accountId().equals(extId.accountId())) {
            // external ID is assigned to another account, do not overwrite
            accountsUpdate.delete(db, account);
            throw new AccountException("Cannot assign external ID \"" + extId.key().get() + "\" to account " + newId + "; external ID already in use.");
        }
        externalIdsUpdateFactory.create().upsert(extId);
    } finally {
        // If adding the account failed, it may be that it actually was the
        // first account. So we reset the 'check for first account'-guard, as
        // otherwise the first account would not get administration permissions.
        awaitsFirstAccountCheck.set(isFirstAccount);
    }
    if (isFirstAccount) {
        // This is the first user account on our site. Assume this user
        // is going to be the site's administrator and just make them that
        // to bootstrap the authentication database.
        //
        Permission admin = projectCache.getAllProjects().getConfig().getAccessSection(AccessSection.GLOBAL_CAPABILITIES).getPermission(GlobalCapability.ADMINISTRATE_SERVER);
        AccountGroup.UUID uuid = admin.getRules().get(0).getGroup().getUUID();
        AccountGroup g = db.accountGroups().byUUID(uuid).iterator().next();
        AccountGroup.Id adminId = g.getId();
        AccountGroupMember m = new AccountGroupMember(new AccountGroupMember.Key(newId, adminId));
        auditService.dispatchAddAccountsToGroup(newId, Collections.singleton(m));
        db.accountGroupMembers().insert(Collections.singleton(m));
    }
    if (who.getUserName() != null) {
        // Only set if the name hasn't been used yet, but was given to us.
        //
        IdentifiedUser user = userFactory.create(newId);
        try {
            changeUserNameFactory.create(user, who.getUserName()).call();
        } catch (NameAlreadyUsedException e) {
            String message = "Cannot assign user name \"" + who.getUserName() + "\" to account " + newId + "; name already in use.";
            handleSettingUserNameFailure(db, account, extId, message, e, false);
        } catch (InvalidUserNameException e) {
            String message = "Cannot assign user name \"" + who.getUserName() + "\" to account " + newId + "; name does not conform.";
            handleSettingUserNameFailure(db, account, extId, message, e, false);
        } catch (OrmException e) {
            String message = "Cannot assign user name";
            handleSettingUserNameFailure(db, account, extId, message, e, true);
        }
    }
    byEmailCache.evict(account.getPreferredEmail());
    byIdCache.evict(account.getId());
    realm.onCreateAccount(who, account);
    return new AuthResult(newId, extId.key(), true);
}

Example 57 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class DeleteEmail method apply.

public Response<?> apply(IdentifiedUser user, String email) throws ResourceNotFoundException, ResourceConflictException, MethodNotAllowedException, OrmException, IOException, ConfigInvalidException {
    if (!realm.allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL)) {
        throw new MethodNotAllowedException("realm does not allow deleting emails");
    }
    Set<ExternalId> extIds = externalIds.byAccount(user.getAccountId()).stream().filter(e -> email.equals(e.email())).collect(toSet());
    if (extIds.isEmpty()) {
        throw new ResourceNotFoundException(email);
    }
    try {
        for (ExternalId extId : extIds) {
            AuthRequest authRequest = new AuthRequest(extId.key());
            authRequest.setEmailAddress(email);
            accountManager.unlink(user.getAccountId(), authRequest);
        }
    } catch (AccountException e) {
        throw new ResourceConflictException(e.getMessage());
    }
    return Response.none();
}

Example 58 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class GetGroups method apply.

@Override
public List<GroupInfo> apply(AccountResource resource) throws OrmException {
    IdentifiedUser user = resource.getUser();
    Account.Id userId = user.getAccountId();
    List<GroupInfo> groups = new ArrayList<>();
    for (AccountGroup.UUID uuid : user.getEffectiveGroups().getKnownGroups()) {
        GroupControl ctl;
        try {
            ctl = groupControlFactory.controlFor(uuid);
        } catch (NoSuchGroupException e) {
            continue;
        }
        if (ctl.isVisible() && ctl.canSeeMember(userId)) {
            groups.add(json.format(ctl.getGroup()));
        }
    }
    return groups;
}

Example 59 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class SetParent method validateParentUpdate.

public void validateParentUpdate(final ProjectControl ctl, String newParent, boolean checkIfAdmin) throws AuthException, ResourceConflictException, UnprocessableEntityException, PermissionBackendException {
    IdentifiedUser user = ctl.getUser().asIdentifiedUser();
    if (checkIfAdmin) {
        permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
    }
    if (ctl.getProject().getNameKey().equals(allProjects)) {
        throw new ResourceConflictException("cannot set parent of " + allProjects.get());
    }
    newParent = Strings.emptyToNull(newParent);
    if (newParent != null) {
        ProjectState parent = cache.get(new Project.NameKey(newParent));
        if (parent == null) {
            throw new UnprocessableEntityException("parent project " + newParent + " not found");
        }
        if (Iterables.tryFind(parent.tree(), p -> {
            return p.getProject().getNameKey().equals(ctl.getProject().getNameKey());
        }).isPresent()) {
            throw new ResourceConflictException("cycle exists between " + ctl.getProject().getName() + " and " + parent.getProject().getName());
        }
    }
}

Example 60 with IdentifiedUser

use of com.google.gerrit.server.IdentifiedUser in project gerrit by GerritCodeReview.

the class ChangeOperationsImpl method createChange.

private Change.Id createChange(TestChangeCreation changeCreation) throws Exception {
    Change.Id changeId = Change.id(seq.nextChangeId());
    Project.NameKey project = getTargetProject(changeCreation);
    try (Repository repository = repositoryManager.openRepository(project);
        ObjectInserter objectInserter = repository.newObjectInserter();
        RevWalk revWalk = new RevWalk(objectInserter.newReader())) {
        Instant now = TimeUtil.now();
        IdentifiedUser changeOwner = getChangeOwner(changeCreation);
        PersonIdent authorAndCommitter = changeOwner.newCommitterIdent(now, serverIdent.getTimeZone());
        ObjectId commitId = createCommit(repository, revWalk, objectInserter, changeCreation, authorAndCommitter);
        String refName = RefNames.fullName(changeCreation.branch());
        ChangeInserter inserter = getChangeInserter(changeId, refName, commitId);
        try (BatchUpdate batchUpdate = batchUpdateFactory.create(project, changeOwner, now)) {
            batchUpdate.setRepository(repository, revWalk, objectInserter);
            batchUpdate.insertChange(inserter);
            batchUpdate.execute();
        }
        return changeId;
    }
}