diff options
Diffstat (limited to 'gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java')
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java | 54 |
1 files changed, 24 insertions, 30 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java index 0174ff1b00..deb859a3cb 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java @@ -14,7 +14,7 @@ package com.google.gerrit.server.account; -import static com.google.gerrit.server.account.ExternalId.SCHEME_USERNAME; +import static com.google.gerrit.server.account.externalids.ExternalId.SCHEME_USERNAME; import com.google.common.base.Strings; import com.google.gerrit.extensions.restapi.AuthException; @@ -22,10 +22,15 @@ import com.google.gerrit.extensions.restapi.ResourceConflictException; import com.google.gerrit.extensions.restapi.ResourceNotFoundException; import com.google.gerrit.extensions.restapi.Response; import com.google.gerrit.extensions.restapi.RestModifyView; -import com.google.gerrit.reviewdb.server.ReviewDb; import com.google.gerrit.server.CurrentUser; import com.google.gerrit.server.IdentifiedUser; import com.google.gerrit.server.account.PutHttpPassword.Input; +import com.google.gerrit.server.account.externalids.ExternalId; +import com.google.gerrit.server.account.externalids.ExternalIds; +import com.google.gerrit.server.account.externalids.ExternalIdsUpdate; +import com.google.gerrit.server.permissions.GlobalPermission; +import com.google.gerrit.server.permissions.PermissionBackend; +import com.google.gerrit.server.permissions.PermissionBackendException; import com.google.gwtorm.server.OrmException; import com.google.inject.Inject; import com.google.inject.Provider; @@ -53,23 +58,30 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> { } private final Provider<CurrentUser> self; - private final Provider<ReviewDb> dbProvider; + private final PermissionBackend permissionBackend; + private final ExternalIds externalIds; private final ExternalIdsUpdate.User externalIdsUpdate; @Inject PutHttpPassword( Provider<CurrentUser> self, - Provider<ReviewDb> dbProvider, + PermissionBackend permissionBackend, + ExternalIds externalIds, ExternalIdsUpdate.User externalIdsUpdate) { this.self = self; - this.dbProvider = dbProvider; + this.permissionBackend = permissionBackend; + this.externalIds = externalIds; this.externalIdsUpdate = externalIdsUpdate; } @Override public Response<String> apply(AccountResource rsrc, Input input) throws AuthException, ResourceNotFoundException, ResourceConflictException, OrmException, - IOException, ConfigInvalidException { + IOException, ConfigInvalidException, PermissionBackendException { + if (!self.get().hasSameAccountId(rsrc.getUser())) { + permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER); + } + if (input == null) { input = new Input(); } @@ -77,49 +89,31 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> { String newPassword; if (input.generate) { - if (!self.get().hasSameAccountId(rsrc.getUser()) - && !self.get().getCapabilities().canAdministrateServer()) { - throw new AuthException("not allowed to generate HTTP password"); - } newPassword = generate(); - } else if (input.httpPassword == null) { - if (!self.get().hasSameAccountId(rsrc.getUser()) - && !self.get().getCapabilities().canAdministrateServer()) { - throw new AuthException("not allowed to clear HTTP password"); - } newPassword = null; } else { - if (!self.get().getCapabilities().canAdministrateServer()) { - throw new AuthException( - "not allowed to set HTTP password directly, " - + "requires the Administrate Server permission"); - } + // Only administrators can explicitly set the password. + permissionBackend.user(self).check(GlobalPermission.ADMINISTRATE_SERVER); newPassword = input.httpPassword; } return apply(rsrc.getUser(), newPassword); } public Response<String> apply(IdentifiedUser user, String newPassword) - throws ResourceNotFoundException, ResourceConflictException, OrmException, IOException { + throws ResourceNotFoundException, ResourceConflictException, OrmException, IOException, + ConfigInvalidException { if (user.getUserName() == null) { throw new ResourceConflictException("username must be set"); } - ExternalId extId = - ExternalId.from( - dbProvider - .get() - .accountExternalIds() - .get( - ExternalId.Key.create(SCHEME_USERNAME, user.getUserName()) - .asAccountExternalIdKey())); + ExternalId extId = externalIds.get(ExternalId.Key.create(SCHEME_USERNAME, user.getUserName())); if (extId == null) { throw new ResourceNotFoundException(); } ExternalId newExtId = ExternalId.createWithPassword(extId.key(), extId.accountId(), extId.email(), newPassword); - externalIdsUpdate.create().upsert(dbProvider.get(), newExtId); + externalIdsUpdate.create().upsert(newExtId); return Strings.isNullOrEmpty(newPassword) ? Response.<String>none() : Response.ok(newPassword); } |