use of com.google.gerrit.server.account.GroupControl in project gerrit by GerritCodeReview.
the class GetGroups method apply.
@Override
public Response<List<GroupInfo>> apply(AccountResource resource) throws PermissionBackendException {
IdentifiedUser user = resource.getUser();
Account.Id userId = user.getAccountId();
Set<AccountGroup.UUID> knownGroups = user.getEffectiveGroups().getKnownGroups();
List<GroupInfo> visibleGroups = new ArrayList<>();
for (AccountGroup.UUID uuid : knownGroups) {
GroupControl ctl;
try {
ctl = groupControlFactory.controlFor(uuid);
} catch (NoSuchGroupException e) {
logger.atFine().log("skipping non-existing group %s", uuid);
continue;
}
if (!ctl.isVisible()) {
logger.atFine().log("skipping non-visible group %s", uuid);
continue;
}
if (!ctl.canSeeMember(userId)) {
logger.atFine().log("skipping group %s because member %d cannot be seen", uuid, userId.get());
continue;
}
visibleGroups.add(json.format(ctl.getGroup()));
}
return Response.ok(visibleGroups);
}
use of com.google.gerrit.server.account.GroupControl in project gerrit by GerritCodeReview.
the class DeleteIncludedGroups method apply.
@Override
public Response<?> apply(GroupResource resource, Input input) throws AuthException, MethodNotAllowedException, UnprocessableEntityException, OrmException {
AccountGroup internalGroup = resource.toAccountGroup();
if (internalGroup == null) {
throw new MethodNotAllowedException();
}
input = Input.init(input);
final GroupControl control = resource.getControl();
final Map<AccountGroup.UUID, AccountGroupById> includedGroups = getIncludedGroups(internalGroup.getId());
final List<AccountGroupById> toRemove = new ArrayList<>();
for (final String includedGroup : input.groups) {
GroupDescription.Basic d = groupsCollection.parse(includedGroup);
if (!control.canRemoveGroup()) {
throw new AuthException(String.format("Cannot delete group: %s", d.getName()));
}
AccountGroupById g = includedGroups.remove(d.getGroupUUID());
if (g != null) {
toRemove.add(g);
}
}
if (!toRemove.isEmpty()) {
writeAudits(toRemove);
db.get().accountGroupById().delete(toRemove);
for (final AccountGroupById g : toRemove) {
groupIncludeCache.evictParentGroupsOf(g.getIncludeUUID());
}
groupIncludeCache.evictSubgroupsOf(internalGroup.getGroupUUID());
}
return Response.none();
}
use of com.google.gerrit.server.account.GroupControl in project gerrit by GerritCodeReview.
the class AddIncludedGroups method apply.
@Override
public List<GroupInfo> apply(GroupResource resource, Input input) throws MethodNotAllowedException, AuthException, UnprocessableEntityException, OrmException {
AccountGroup group = resource.toAccountGroup();
if (group == null) {
throw new MethodNotAllowedException();
}
input = Input.init(input);
GroupControl control = resource.getControl();
Map<AccountGroup.UUID, AccountGroupById> newIncludedGroups = new HashMap<>();
List<GroupInfo> result = new ArrayList<>();
Account.Id me = control.getUser().getAccountId();
for (String includedGroup : input.groups) {
GroupDescription.Basic d = groupsCollection.parse(includedGroup);
if (!control.canAddGroup()) {
throw new AuthException(String.format("Cannot add group: %s", d.getName()));
}
if (!newIncludedGroups.containsKey(d.getGroupUUID())) {
AccountGroupById.Key agiKey = new AccountGroupById.Key(group.getId(), d.getGroupUUID());
AccountGroupById agi = db.get().accountGroupById().get(agiKey);
if (agi == null) {
agi = new AccountGroupById(agiKey);
newIncludedGroups.put(d.getGroupUUID(), agi);
}
}
result.add(json.format(d));
}
if (!newIncludedGroups.isEmpty()) {
auditService.dispatchAddGroupsToGroup(me, newIncludedGroups.values());
db.get().accountGroupById().insert(newIncludedGroups.values());
for (AccountGroupById agi : newIncludedGroups.values()) {
groupIncludeCache.evictParentGroupsOf(agi.getIncludeUUID());
}
groupIncludeCache.evictSubgroupsOf(group.getGroupUUID());
}
return result;
}
use of com.google.gerrit.server.account.GroupControl in project gerrit by GerritCodeReview.
the class AddMembers method apply.
@Override
public List<AccountInfo> apply(GroupResource resource, Input input) throws AuthException, MethodNotAllowedException, UnprocessableEntityException, OrmException, IOException {
AccountGroup internalGroup = resource.toAccountGroup();
if (internalGroup == null) {
throw new MethodNotAllowedException();
}
input = Input.init(input);
GroupControl control = resource.getControl();
Set<Account.Id> newMemberIds = new HashSet<>();
for (String nameOrEmailOrId : input.members) {
Account a = findAccount(nameOrEmailOrId);
if (!a.isActive()) {
throw new UnprocessableEntityException(String.format("Account Inactive: %s", nameOrEmailOrId));
}
if (!control.canAddMember()) {
throw new AuthException("Cannot add member: " + a.getFullName());
}
newMemberIds.add(a.getId());
}
addMembers(internalGroup.getId(), newMemberIds);
return toAccountInfoList(newMemberIds);
}
use of com.google.gerrit.server.account.GroupControl in project gerrit by GerritCodeReview.
the class AddMembers method apply.
@Override
public Response<List<AccountInfo>> apply(GroupResource resource, Input input) throws AuthException, NotInternalGroupException, UnprocessableEntityException, IOException, ConfigInvalidException, ResourceNotFoundException, PermissionBackendException {
GroupDescription.Internal internalGroup = resource.asInternalGroup().orElseThrow(NotInternalGroupException::new);
input = Input.init(input);
GroupControl control = resource.getControl();
if (!control.canAddMember()) {
throw new AuthException("Cannot add members to group " + internalGroup.getName());
}
Set<Account.Id> newMemberIds = new LinkedHashSet<>();
for (String nameOrEmailOrId : input.members) {
Account a = findAccount(nameOrEmailOrId);
if (!a.isActive()) {
throw new UnprocessableEntityException(String.format("Account Inactive: %s", nameOrEmailOrId));
}
newMemberIds.add(a.id());
}
AccountGroup.UUID groupUuid = internalGroup.getGroupUUID();
try {
addMembers(groupUuid, newMemberIds);
} catch (NoSuchGroupException e) {
throw new ResourceNotFoundException(String.format("Group %s not found", groupUuid), e);
}
return Response.ok(toAccountInfoList(newMemberIds));
}
Aggregations