1 files changed, 18 insertions, 10 deletions

diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateBranch.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateBranch.java
index 422607b9e1..0a648d9a71 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateBranch.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateBranch.java
@@ -22,10 +22,12 @@ import com.google.gerrit.extensions.restapi.ResourceConflictException;
 import com.google.gerrit.extensions.restapi.RestModifyView;
 import com.google.gerrit.reviewdb.client.Branch;
 import com.google.gerrit.reviewdb.client.RefNames;
-import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
 import com.google.gerrit.server.git.GitRepositoryManager;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.permissions.RefPermission;
 import com.google.gerrit.server.util.MagicBranch;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
@@ -50,31 +52,35 @@ public class CreateBranch implements RestModifyView<ProjectResource, BranchInput
   }
 
   private final Provider<IdentifiedUser> identifiedUser;
+  private final PermissionBackend permissionBackend;
   private final GitRepositoryManager repoManager;
-  private final Provider<ReviewDb> db;
   private final GitReferenceUpdated referenceUpdated;
   private final RefValidationHelper refCreationValidator;
+  private final CreateRefControl createRefControl;
   private String ref;
 
   @Inject
   CreateBranch(
       Provider<IdentifiedUser> identifiedUser,
+      PermissionBackend permissionBackend,
       GitRepositoryManager repoManager,
-      Provider<ReviewDb> db,
       GitReferenceUpdated referenceUpdated,
       RefValidationHelper.Factory refHelperFactory,
+      CreateRefControl createRefControl,
       @Assisted String ref) {
     this.identifiedUser = identifiedUser;
+    this.permissionBackend = permissionBackend;
     this.repoManager = repoManager;
-    this.db = db;
     this.referenceUpdated = referenceUpdated;
     this.refCreationValidator = refHelperFactory.create(ReceiveCommand.Type.CREATE);
+    this.createRefControl = createRefControl;
     this.ref = ref;
   }
 
   @Override
   public BranchInfo apply(ProjectResource rsrc, BranchInput input)
-      throws BadRequestException, AuthException, ResourceConflictException, IOException {
+      throws BadRequestException, AuthException, ResourceConflictException, IOException,
+          PermissionBackendException, NoSuchProjectException {
     if (input == null) {
       input = new BranchInput();
     }
@@ -99,7 +105,6 @@ public class CreateBranch implements RestModifyView<ProjectResource, BranchInput
     }
 
     final Branch.NameKey name = new Branch.NameKey(rsrc.getNameKey(), ref);
-    final RefControl refControl = rsrc.getControl().controlForRef(name);
     try (Repository repo = repoManager.openRepository(rsrc.getNameKey())) {
       ObjectId revid = RefUtil.parseBaseRevision(repo, rsrc.getNameKey(), input.revision);
       RevWalk rw = RefUtil.verifyConnected(repo, revid);
@@ -116,9 +121,7 @@ public class CreateBranch implements RestModifyView<ProjectResource, BranchInput
         }
       }
 
-      if (!refControl.canCreate(db.get(), repo, object)) {
-        throw new AuthException("Cannot create \"" + ref + "\"");
-      }
+      createRefControl.checkCreateRef(identifiedUser, repo, name, object);
 
       try {
         final RefUpdate u = repo.updateRef(ref);
@@ -161,6 +164,8 @@ public class CreateBranch implements RestModifyView<ProjectResource, BranchInput
           case REJECTED:
           case REJECTED_CURRENT_BRANCH:
           case RENAMED:
+          case REJECTED_MISSING_OBJECT:
+          case REJECTED_OTHER_REASON:
           default:
             {
               throw new IOException(result.name());
@@ -170,7 +175,10 @@ public class CreateBranch implements RestModifyView<ProjectResource, BranchInput
         BranchInfo info = new BranchInfo();
         info.ref = ref;
         info.revision = revid.getName();
-        info.canDelete = refControl.canDelete() ? true : null;
+        info.canDelete =
+            permissionBackend.user(identifiedUser).ref(name).testOrFalse(RefPermission.DELETE)
+                ? true
+                : null;
         return info;
       } catch (IOException err) {
         log.error("Cannot create branch \"" + name + "\"", err);