Fix editable username when authType is LDAP or HTTP_LDAPv2.1.2-rc2

If gerrit.config has ldap.accountSshUserName = "" then we need
to permit the user to modify their username through the web UI.
Unfortunately this data is static as part of the GerritConfig
singleton in the server and the client UI, so we can't wait until
the first LDAP query to determine the value.  Instead do it up
front during the LdapRealm init.

Change-Id: I32c24abc01b3eb4e656a3573b4bf254664428cdb
Signed-off-by: Shawn O. Pearce <sop@google.com>

1 files changed, 10 insertions, 18 deletions

diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
index e09a01d28b..0e6305356a 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
@@ -80,6 +80,7 @@ class LdapRealm implements Realm {
   private final SchemaFactory<ReviewDb> schema;
   private final EmailExpander emailExpander;
   private final SelfPopulatingCache<String, Account.Id> usernameCache;
+  private final Set<Account.FieldName> readOnlyAccountFields;
 
   private final GroupCache groupCache;
   private final SelfPopulatingCache<String, Set<AccountGroup.Id>> membershipCache;
@@ -105,6 +106,14 @@ class LdapRealm implements Realm {
     this.username = optional(config, "username");
     this.password = optional(config, "password");
     this.sslVerify = config.getBoolean("ldap", "sslverify", true);
+    this.readOnlyAccountFields = new HashSet<Account.FieldName>();
+
+    if (optdef(config, "accountFullName", "DEFAULT") != null) {
+      readOnlyAccountFields.add(Account.FieldName.FULL_NAME);
+    }
+    if (optdef(config, "accountSshUserName", "DEFAULT") != null) {
+      readOnlyAccountFields.add(Account.FieldName.USER_NAME);
+    }
 
     membershipCache =
         new SelfPopulatingCache<String, Set<AccountGroup.Id>>(rawGroup) {
@@ -195,24 +204,7 @@ class LdapRealm implements Realm {
 
   @Override
   public boolean allowsEdit(final Account.FieldName field) {
-    switch (field) {
-      case FULL_NAME:
-        if (ldapSchema == null) {
-          return false; // Assume not until we've resolved the server type.
-        }
-        // only if not obtained from LDAP
-        return ldapSchema.accountFullName == null;
-
-      case USER_NAME:
-        if (ldapSchema == null) {
-          return false; // Assume not until we've resolved the server type.
-        }
-        // only if not obtained from LDAP
-        return ldapSchema.accountSshUserName == null;
-
-      default:
-        return true;
-    }
+    return !readOnlyAccountFields.contains(field);
   }
 
   private static String apply(ParamertizedString p, LdapQuery.Result m)