diff options
Diffstat (limited to 'gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java')
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java new file mode 100644 index 0000000000..38e50132e9 --- /dev/null +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/Capabilities.java @@ -0,0 +1,71 @@ +// Copyright (C) 2012 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.server.account; + +import com.google.gerrit.common.data.GlobalCapability; +import com.google.gerrit.extensions.registration.DynamicMap; +import com.google.gerrit.extensions.restapi.AuthException; +import com.google.gerrit.extensions.restapi.ChildCollection; +import com.google.gerrit.extensions.restapi.IdString; +import com.google.gerrit.extensions.restapi.ResourceNotFoundException; +import com.google.gerrit.extensions.restapi.RestView; +import com.google.gerrit.server.CurrentUser; +import com.google.gerrit.server.account.AccountResource.Capability; +import com.google.inject.Inject; +import com.google.inject.Provider; + +class Capabilities implements + ChildCollection<AccountResource, AccountResource.Capability> { + private final Provider<CurrentUser> self; + private final DynamicMap<RestView<AccountResource.Capability>> views; + private final Provider<GetCapabilities> get; + + @Inject + Capabilities( + Provider<CurrentUser> self, + DynamicMap<RestView<AccountResource.Capability>> views, + Provider<GetCapabilities> get) { + this.self = self; + this.views = views; + this.get = get; + } + + @Override + public GetCapabilities list() throws ResourceNotFoundException { + return get.get(); + } + + @Override + public Capability parse(AccountResource parent, IdString id) + throws ResourceNotFoundException, AuthException { + if (self.get() != parent.getUser() + && !self.get().getCapabilities().canAdministrateServer()) { + throw new AuthException("restricted to administrator"); + } + + String name = id.get(); + CapabilityControl cap = parent.getUser().getCapabilities(); + if (cap.canPerform(name) + || (cap.canAdministrateServer() && GlobalCapability.isCapability(name))) { + return new AccountResource.Capability(parent.getUser(), name); + } + throw new ResourceNotFoundException(id); + } + + @Override + public DynamicMap<RestView<Capability>> views() { + return views; + } +} |