summaryrefslogtreecommitdiffstats
path: root/gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java
diff options
context:
space:
mode:
Diffstat (limited to 'gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java')
-rw-r--r--gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java52
1 files changed, 35 insertions, 17 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java b/gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java
index 4603141059..c58b723062 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/common/EventBroker.java
@@ -16,6 +16,7 @@ package com.google.gerrit.common;
import com.google.gerrit.extensions.registration.DynamicItem;
import com.google.gerrit.extensions.registration.DynamicSet;
+import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.lifecycle.LifecycleModule;
import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Change;
@@ -28,9 +29,13 @@ import com.google.gerrit.server.events.Event;
import com.google.gerrit.server.events.ProjectEvent;
import com.google.gerrit.server.events.RefEvent;
import com.google.gerrit.server.notedb.ChangeNotes;
+import com.google.gerrit.server.permissions.ChangePermission;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.permissions.ProjectPermission;
+import com.google.gerrit.server.permissions.RefPermission;
import com.google.gerrit.server.project.NoSuchChangeException;
import com.google.gerrit.server.project.ProjectCache;
-import com.google.gerrit.server.project.ProjectControl;
import com.google.gerrit.server.project.ProjectState;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
@@ -58,6 +63,7 @@ public class EventBroker implements EventDispatcher {
/** Listeners to receive all changes as they happen. */
protected final DynamicSet<EventListener> unrestrictedListeners;
+ private final PermissionBackend permissionBackend;
protected final ProjectCache projectCache;
protected final ChangeNotes.Factory notesFactory;
@@ -68,23 +74,27 @@ public class EventBroker implements EventDispatcher {
public EventBroker(
DynamicSet<UserScopedEventListener> listeners,
DynamicSet<EventListener> unrestrictedListeners,
+ PermissionBackend permissionBackend,
ProjectCache projectCache,
ChangeNotes.Factory notesFactory,
Provider<ReviewDb> dbProvider) {
this.listeners = listeners;
this.unrestrictedListeners = unrestrictedListeners;
+ this.permissionBackend = permissionBackend;
this.projectCache = projectCache;
this.notesFactory = notesFactory;
this.dbProvider = dbProvider;
}
@Override
- public void postEvent(Change change, ChangeEvent event) throws OrmException {
+ public void postEvent(Change change, ChangeEvent event)
+ throws OrmException, PermissionBackendException {
fireEvent(change, event);
}
@Override
- public void postEvent(Branch.NameKey branchName, RefEvent event) {
+ public void postEvent(Branch.NameKey branchName, RefEvent event)
+ throws PermissionBackendException {
fireEvent(branchName, event);
}
@@ -94,7 +104,7 @@ public class EventBroker implements EventDispatcher {
}
@Override
- public void postEvent(Event event) throws OrmException {
+ public void postEvent(Event event) throws OrmException, PermissionBackendException {
fireEvent(event);
}
@@ -104,7 +114,8 @@ public class EventBroker implements EventDispatcher {
}
}
- protected void fireEvent(Change change, ChangeEvent event) throws OrmException {
+ protected void fireEvent(Change change, ChangeEvent event)
+ throws OrmException, PermissionBackendException {
for (UserScopedEventListener listener : listeners) {
if (isVisibleTo(change, listener.getUser())) {
listener.onEvent(event);
@@ -122,7 +133,8 @@ public class EventBroker implements EventDispatcher {
fireEventForUnrestrictedListeners(event);
}
- protected void fireEvent(Branch.NameKey branchName, RefEvent event) {
+ protected void fireEvent(Branch.NameKey branchName, RefEvent event)
+ throws PermissionBackendException {
for (UserScopedEventListener listener : listeners) {
if (isVisibleTo(branchName, listener.getUser())) {
listener.onEvent(event);
@@ -131,7 +143,7 @@ public class EventBroker implements EventDispatcher {
fireEventForUnrestrictedListeners(event);
}
- protected void fireEvent(Event event) throws OrmException {
+ protected void fireEvent(Event event) throws OrmException, PermissionBackendException {
for (UserScopedEventListener listener : listeners) {
if (isVisibleTo(event, listener.getUser())) {
listener.onEvent(event);
@@ -141,14 +153,16 @@ public class EventBroker implements EventDispatcher {
}
protected boolean isVisibleTo(Project.NameKey project, CurrentUser user) {
- ProjectState pe = projectCache.get(project);
- if (pe == null) {
+ try {
+ permissionBackend.user(user).project(project).check(ProjectPermission.ACCESS);
+ return true;
+ } catch (AuthException | PermissionBackendException e) {
return false;
}
- return pe.controlFor(user).isVisible();
}
- protected boolean isVisibleTo(Change change, CurrentUser user) throws OrmException {
+ protected boolean isVisibleTo(Change change, CurrentUser user)
+ throws OrmException, PermissionBackendException {
if (change == null) {
return false;
}
@@ -156,21 +170,25 @@ public class EventBroker implements EventDispatcher {
if (pe == null) {
return false;
}
- ProjectControl pc = pe.controlFor(user);
ReviewDb db = dbProvider.get();
- return pc.controlFor(db, change).isVisible(db);
+ return permissionBackend
+ .user(user)
+ .change(notesFactory.createChecked(db, change))
+ .database(db)
+ .test(ChangePermission.READ);
}
- protected boolean isVisibleTo(Branch.NameKey branchName, CurrentUser user) {
+ protected boolean isVisibleTo(Branch.NameKey branchName, CurrentUser user)
+ throws PermissionBackendException {
ProjectState pe = projectCache.get(branchName.getParentKey());
if (pe == null) {
return false;
}
- ProjectControl pc = pe.controlFor(user);
- return pc.controlForRef(branchName).isVisible();
+ return permissionBackend.user(user).ref(branchName).test(RefPermission.READ);
}
- protected boolean isVisibleTo(Event event, CurrentUser user) throws OrmException {
+ protected boolean isVisibleTo(Event event, CurrentUser user)
+ throws OrmException, PermissionBackendException {
if (event instanceof RefEvent) {
RefEvent refEvent = (RefEvent) event;
String ref = refEvent.getRefName();
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 20:30:43 +0000