Merge "Verify access to source ref during add branch operation" into stable-2.6

author: Saša Živkov <zivkov@gmail.com> 2013-10-01 12:02:30 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2013-10-01 12:02:31 +0000
commit: 0a07a9a670cb9c5c1108347acf97def8af70dafd (patch)
tree: 340f038498116899123997b9f7069204ec81f917
parent: 1d0673b5f4e46fa147941a4d5b6845a8e08ae8c5 (diff)
parent: 3488eece9f1a197aedfe41d0b3275065c4981c82 (diff)
2 files changed, 44 insertions, 2 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
index 56d4be3b7d..937f84362c 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
@@ -28,16 +28,26 @@ import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Branch;
 import com.google.gerrit.reviewdb.client.Change;
 import com.google.gerrit.reviewdb.client.Project;
+import com.google.gerrit.reviewdb.client.Project.NameKey;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.InternalUser;
 import com.google.gerrit.server.config.CanonicalWebUrl;
 import com.google.gerrit.server.config.GitReceivePackGroups;
 import com.google.gerrit.server.config.GitUploadPackGroups;
+import com.google.gerrit.server.git.GitRepositoryManager;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.assistedinject.Assisted;
 
+import org.eclipse.jgit.lib.Ref;
+import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.revwalk.RevCommit;
+import org.eclipse.jgit.revwalk.RevWalk;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -45,6 +55,7 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.Map.Entry;
 
 import javax.annotation.Nullable;
 
@@ -53,6 +64,8 @@ public class ProjectControl {
   public static final int VISIBLE = 1 << 0;
   public static final int OWNER = 1 << 1;
 
+  private static final Logger log = LoggerFactory.getLogger(ProjectControl.class);
+
   public static class GenericFactory {
     private final ProjectCache projectCache;
 
@@ -117,6 +130,7 @@ public class ProjectControl {
   private final String canonicalWebUrl;
   private final CurrentUser user;
   private final ProjectState state;
+  private final GitRepositoryManager repoManager;
   private final PermissionCollection.Factory permissionFilter;
   private final Collection<ContributorAgreement> contributorAgreements;
 
@@ -130,8 +144,10 @@ public class ProjectControl {
   ProjectControl(@GitUploadPackGroups Set<AccountGroup.UUID> uploadGroups,
       @GitReceivePackGroups Set<AccountGroup.UUID> receiveGroups,
       final ProjectCache pc, final PermissionCollection.Factory permissionFilter,
+      final GitRepositoryManager repoManager,
       @CanonicalWebUrl @Nullable final String canonicalWebUrl,
       @Assisted CurrentUser who, @Assisted ProjectState ps) {
+    this.repoManager = repoManager;
     this.uploadGroups = uploadGroups;
     this.receiveGroups = receiveGroups;
     this.permissionFilter = permissionFilter;
@@ -445,4 +461,29 @@ public class ProjectControl {
     }
     return false;
   }
+
+  public boolean canReadCommit(RevWalk rw, RevCommit commit) {
+    NameKey projName = state.getProject().getNameKey();
+    try {
+      Repository repo = repoManager.openRepository(projName);
+      try {
+        for (Entry<String, Ref> entry : repo.getAllRefs().entrySet()) {
+          RevCommit tip = rw.parseCommit(entry.getValue().getObjectId());
+          if (rw.isMergedInto(commit, tip)
+              && controlForRef(entry.getKey()).canPerform(Permission.READ)) {
+            return true;
+          }
+        }
+      } finally {
+        repo.close();
+      }
+    } catch (IOException e) {
+      String msg =
+          String.format(
+              "Cannot verify permissions to commit object %s in repository %s",
+              commit.name(), projName.get());
+      log.error(msg, e);
+    }
+    return controlForRef("refs/*").canPerform(Permission.READ);
+  }
 }
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
index 59b7670f65..7c465cd6a8 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
@@ -247,8 +247,9 @@ public class RefControl {
     }
 
     if (object instanceof RevCommit) {
-      return owner || canPerform(Permission.CREATE);
-
+      return owner
+          || (canPerform(Permission.CREATE) && projectControl.canReadCommit(rw,
+              (RevCommit) object));
     } else if (object instanceof RevTag) {
       final RevTag tag = (RevTag) object;
       try {
author	Saša Živkov <zivkov@gmail.com>	2013-10-01 12:02:30 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2013-10-01 12:02:31 +0000
commit	0a07a9a670cb9c5c1108347acf97def8af70dafd (patch)
tree	340f038498116899123997b9f7069204ec81f917
parent	1d0673b5f4e46fa147941a4d5b6845a8e08ae8c5 (diff)
parent	3488eece9f1a197aedfe41d0b3275065c4981c82 (diff)