diff options
Diffstat (limited to 'gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java')
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java | 52 |
1 files changed, 35 insertions, 17 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java b/gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java index 4603141059..c58b723062 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java +++ b/gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java @@ -16,6 +16,7 @@ package com.google.gerrit.common; import com.google.gerrit.extensions.registration.DynamicItem; import com.google.gerrit.extensions.registration.DynamicSet; +import com.google.gerrit.extensions.restapi.AuthException; import com.google.gerrit.lifecycle.LifecycleModule; import com.google.gerrit.reviewdb.client.Branch; import com.google.gerrit.reviewdb.client.Change; @@ -28,9 +29,13 @@ import com.google.gerrit.server.events.Event; import com.google.gerrit.server.events.ProjectEvent; import com.google.gerrit.server.events.RefEvent; import com.google.gerrit.server.notedb.ChangeNotes; +import com.google.gerrit.server.permissions.ChangePermission; +import com.google.gerrit.server.permissions.PermissionBackend; +import com.google.gerrit.server.permissions.PermissionBackendException; +import com.google.gerrit.server.permissions.ProjectPermission; +import com.google.gerrit.server.permissions.RefPermission; import com.google.gerrit.server.project.NoSuchChangeException; import com.google.gerrit.server.project.ProjectCache; -import com.google.gerrit.server.project.ProjectControl; import com.google.gerrit.server.project.ProjectState; import com.google.gwtorm.server.OrmException; import com.google.inject.Inject; @@ -58,6 +63,7 @@ public class EventBroker implements EventDispatcher { /** Listeners to receive all changes as they happen. */ protected final DynamicSet<EventListener> unrestrictedListeners; + private final PermissionBackend permissionBackend; protected final ProjectCache projectCache; protected final ChangeNotes.Factory notesFactory; @@ -68,23 +74,27 @@ public class EventBroker implements EventDispatcher { public EventBroker( DynamicSet<UserScopedEventListener> listeners, DynamicSet<EventListener> unrestrictedListeners, + PermissionBackend permissionBackend, ProjectCache projectCache, ChangeNotes.Factory notesFactory, Provider<ReviewDb> dbProvider) { this.listeners = listeners; this.unrestrictedListeners = unrestrictedListeners; + this.permissionBackend = permissionBackend; this.projectCache = projectCache; this.notesFactory = notesFactory; this.dbProvider = dbProvider; } @Override - public void postEvent(Change change, ChangeEvent event) throws OrmException { + public void postEvent(Change change, ChangeEvent event) + throws OrmException, PermissionBackendException { fireEvent(change, event); } @Override - public void postEvent(Branch.NameKey branchName, RefEvent event) { + public void postEvent(Branch.NameKey branchName, RefEvent event) + throws PermissionBackendException { fireEvent(branchName, event); } @@ -94,7 +104,7 @@ public class EventBroker implements EventDispatcher { } @Override - public void postEvent(Event event) throws OrmException { + public void postEvent(Event event) throws OrmException, PermissionBackendException { fireEvent(event); } @@ -104,7 +114,8 @@ public class EventBroker implements EventDispatcher { } } - protected void fireEvent(Change change, ChangeEvent event) throws OrmException { + protected void fireEvent(Change change, ChangeEvent event) + throws OrmException, PermissionBackendException { for (UserScopedEventListener listener : listeners) { if (isVisibleTo(change, listener.getUser())) { listener.onEvent(event); @@ -122,7 +133,8 @@ public class EventBroker implements EventDispatcher { fireEventForUnrestrictedListeners(event); } - protected void fireEvent(Branch.NameKey branchName, RefEvent event) { + protected void fireEvent(Branch.NameKey branchName, RefEvent event) + throws PermissionBackendException { for (UserScopedEventListener listener : listeners) { if (isVisibleTo(branchName, listener.getUser())) { listener.onEvent(event); @@ -131,7 +143,7 @@ public class EventBroker implements EventDispatcher { fireEventForUnrestrictedListeners(event); } - protected void fireEvent(Event event) throws OrmException { + protected void fireEvent(Event event) throws OrmException, PermissionBackendException { for (UserScopedEventListener listener : listeners) { if (isVisibleTo(event, listener.getUser())) { listener.onEvent(event); @@ -141,14 +153,16 @@ public class EventBroker implements EventDispatcher { } protected boolean isVisibleTo(Project.NameKey project, CurrentUser user) { - ProjectState pe = projectCache.get(project); - if (pe == null) { + try { + permissionBackend.user(user).project(project).check(ProjectPermission.ACCESS); + return true; + } catch (AuthException | PermissionBackendException e) { return false; } - return pe.controlFor(user).isVisible(); } - protected boolean isVisibleTo(Change change, CurrentUser user) throws OrmException { + protected boolean isVisibleTo(Change change, CurrentUser user) + throws OrmException, PermissionBackendException { if (change == null) { return false; } @@ -156,21 +170,25 @@ public class EventBroker implements EventDispatcher { if (pe == null) { return false; } - ProjectControl pc = pe.controlFor(user); ReviewDb db = dbProvider.get(); - return pc.controlFor(db, change).isVisible(db); + return permissionBackend + .user(user) + .change(notesFactory.createChecked(db, change)) + .database(db) + .test(ChangePermission.READ); } - protected boolean isVisibleTo(Branch.NameKey branchName, CurrentUser user) { + protected boolean isVisibleTo(Branch.NameKey branchName, CurrentUser user) + throws PermissionBackendException { ProjectState pe = projectCache.get(branchName.getParentKey()); if (pe == null) { return false; } - ProjectControl pc = pe.controlFor(user); - return pc.controlForRef(branchName).isVisible(); + return permissionBackend.user(user).ref(branchName).test(RefPermission.READ); } - protected boolean isVisibleTo(Event event, CurrentUser user) throws OrmException { + protected boolean isVisibleTo(Event event, CurrentUser user) + throws OrmException, PermissionBackendException { if (event instanceof RefEvent) { RefEvent refEvent = (RefEvent) event; String ref = refEvent.getRefName(); |