diff options
Diffstat (limited to 'gerrit-server/src/main/java/com/google/gerrit/server/ApprovalsUtil.java')
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/ApprovalsUtil.java | 69 |
1 files changed, 44 insertions, 25 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/ApprovalsUtil.java b/gerrit-server/src/main/java/com/google/gerrit/server/ApprovalsUtil.java index 57615c4511..82fa3f6673 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/ApprovalsUtil.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/ApprovalsUtil.java @@ -28,10 +28,9 @@ import com.google.common.collect.Lists; import com.google.common.collect.Ordering; import com.google.common.collect.Sets; import com.google.common.primitives.Shorts; +import com.google.gerrit.common.Nullable; import com.google.gerrit.common.data.LabelType; import com.google.gerrit.common.data.LabelTypes; -import com.google.gerrit.common.data.Permission; -import com.google.gerrit.common.data.PermissionRange; import com.google.gerrit.extensions.restapi.AuthException; import com.google.gerrit.extensions.restapi.BadRequestException; import com.google.gerrit.extensions.restapi.RestApiException; @@ -46,7 +45,10 @@ import com.google.gerrit.server.notedb.ChangeNotes; import com.google.gerrit.server.notedb.ChangeUpdate; import com.google.gerrit.server.notedb.NotesMigration; import com.google.gerrit.server.notedb.ReviewerStateInternal; -import com.google.gerrit.server.project.ChangeControl; +import com.google.gerrit.server.permissions.ChangePermission; +import com.google.gerrit.server.permissions.LabelPermission; +import com.google.gerrit.server.permissions.PermissionBackend; +import com.google.gerrit.server.permissions.PermissionBackendException; import com.google.gerrit.server.util.LabelVote; import com.google.gwtorm.server.OrmException; import com.google.inject.Inject; @@ -60,6 +62,8 @@ import java.util.List; import java.util.Map; import java.util.Objects; import java.util.Set; +import org.eclipse.jgit.lib.Config; +import org.eclipse.jgit.revwalk.RevWalk; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -97,26 +101,26 @@ public class ApprovalsUtil { } private static Iterable<PatchSetApproval> filterApprovals( - Iterable<PatchSetApproval> psas, final Account.Id accountId) { + Iterable<PatchSetApproval> psas, Account.Id accountId) { return Iterables.filter(psas, a -> Objects.equals(a.getAccountId(), accountId)); } private final NotesMigration migration; private final IdentifiedUser.GenericFactory userFactory; - private final ChangeControl.GenericFactory changeControlFactory; private final ApprovalCopier copier; + private final PermissionBackend permissionBackend; @VisibleForTesting @Inject public ApprovalsUtil( NotesMigration migration, IdentifiedUser.GenericFactory userFactory, - ChangeControl.GenericFactory changeControlFactory, - ApprovalCopier copier) { + ApprovalCopier copier, + PermissionBackend permissionBackend) { this.migration = migration; this.userFactory = userFactory; - this.changeControlFactory = changeControlFactory; this.copier = copier; + this.permissionBackend = permissionBackend; } /** @@ -259,8 +263,8 @@ public class ApprovalsUtil { private boolean canSee(ReviewDb db, ChangeNotes notes, Account.Id accountId) { try { IdentifiedUser user = userFactory.create(accountId); - return changeControlFactory.controlFor(notes, user).isVisible(db); - } catch (OrmException e) { + return permissionBackend.user(user).change(notes).database(db).test(ChangePermission.READ); + } catch (PermissionBackendException e) { log.warn( "Failed to check if account {} can see change {}", accountId.get(), @@ -302,7 +306,7 @@ public class ApprovalsUtil { * @param update change update. * @param labelTypes label types for the containing project. * @param ps patch set being approved. - * @param changeCtl change control for user adding approvals. + * @param user user adding approvals. * @param approvals approvals to add. * @throws RestApiException * @throws OrmException @@ -312,24 +316,24 @@ public class ApprovalsUtil { ChangeUpdate update, LabelTypes labelTypes, PatchSet ps, - ChangeControl changeCtl, + CurrentUser user, Map<String, Short> approvals) - throws RestApiException, OrmException { - Account.Id accountId = changeCtl.getUser().getAccountId(); + throws RestApiException, OrmException, PermissionBackendException { + Account.Id accountId = user.getAccountId(); checkArgument( accountId.equals(ps.getUploader()), "expected user %s to match patch set uploader %s", accountId, ps.getUploader()); if (approvals.isEmpty()) { - return Collections.emptyList(); + return ImmutableList.of(); } - checkApprovals(approvals, changeCtl); + checkApprovals(approvals, permissionBackend.user(user).database(db).change(update.getNotes())); List<PatchSetApproval> cells = new ArrayList<>(approvals.size()); Date ts = update.getWhen(); for (Map.Entry<String, Short> vote : approvals.entrySet()) { LabelType lt = labelTypes.byLabel(vote.getKey()); - cells.add(newApproval(ps.getId(), changeCtl.getUser(), lt.getLabelId(), vote.getValue(), ts)); + cells.add(newApproval(ps.getId(), user, lt.getLabelId(), vote.getValue(), ts)); } for (PatchSetApproval psa : cells) { update.putApproval(psa.getLabel(), psa.getValue()); @@ -350,13 +354,15 @@ public class ApprovalsUtil { } } - private static void checkApprovals(Map<String, Short> approvals, ChangeControl changeCtl) - throws AuthException { + private static void checkApprovals( + Map<String, Short> approvals, PermissionBackend.ForChange forChange) + throws AuthException, PermissionBackendException { for (Map.Entry<String, Short> vote : approvals.entrySet()) { String name = vote.getKey(); Short value = vote.getValue(); - PermissionRange range = changeCtl.getRange(Permission.forLabel(name)); - if (range == null || !range.contains(value)) { + try { + forChange.check(new LabelPermission.WithValue(name, value)); + } catch (AuthException e) { throw new AuthException( String.format("applying label \"%s\": %d is restricted", name, value)); } @@ -376,20 +382,33 @@ public class ApprovalsUtil { return notes.load().getApprovals(); } - public Iterable<PatchSetApproval> byPatchSet(ReviewDb db, ChangeControl ctl, PatchSet.Id psId) + public Iterable<PatchSetApproval> byPatchSet( + ReviewDb db, + ChangeNotes notes, + CurrentUser user, + PatchSet.Id psId, + @Nullable RevWalk rw, + @Nullable Config repoConfig) throws OrmException { if (!migration.readChanges()) { return sortApprovals(db.patchSetApprovals().byPatchSet(psId)); } - return copier.getForPatchSet(db, ctl, psId); + return copier.getForPatchSet(db, notes, user, psId, rw, repoConfig); } public Iterable<PatchSetApproval> byPatchSetUser( - ReviewDb db, ChangeControl ctl, PatchSet.Id psId, Account.Id accountId) throws OrmException { + ReviewDb db, + ChangeNotes notes, + CurrentUser user, + PatchSet.Id psId, + Account.Id accountId, + @Nullable RevWalk rw, + @Nullable Config repoConfig) + throws OrmException { if (!migration.readChanges()) { return sortApprovals(db.patchSetApprovals().byPatchSetUser(psId, accountId)); } - return filterApprovals(byPatchSet(db, ctl, psId), accountId); + return filterApprovals(byPatchSet(db, notes, user, psId, rw, repoConfig), accountId); } public PatchSetApproval getSubmitter(ReviewDb db, ChangeNotes notes, PatchSet.Id c) { |