From b3a295c833679f5898142fdfc06678c51ae83177 Mon Sep 17 00:00:00 2001
From: Sasa Zivkov <sasa.zivkov@sap.com>
Date: Thu, 14 Mar 2013 14:11:51 +0100
Subject: Fix gsql site program

After abd6d4e1 the gsql site program was broken as injection of
IdentifiedUser into QueryShell created from the site program failed.
There is no IdentifiedUser when running gsql as a site program.

Move the check for the accessDatabase capability to the AdminQueryShell.

Change-Id: I7882bcb54f082085665c39beab5f5bb22f89f6e0
Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
---
 .../gerrit/sshd/commands/AdminQueryShell.java      | 43 ++++++++++++++++++----
 .../google/gerrit/sshd/commands/QueryShell.java    | 34 +----------------
 2 files changed, 38 insertions(+), 39 deletions(-)

(limited to 'gerrit-sshd/src')

diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/AdminQueryShell.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/AdminQueryShell.java
index ecf370db06..f00379b179 100644
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/AdminQueryShell.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/AdminQueryShell.java
@@ -15,7 +15,9 @@
 package com.google.gerrit.sshd.commands;
 
 import com.google.gerrit.common.data.GlobalCapability;
+import com.google.gerrit.common.errors.PermissionDeniedException;
 import com.google.gerrit.extensions.annotations.RequiresCapability;
+import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.sshd.AdminHighPriorityCommand;
 import com.google.gerrit.sshd.CommandMetaData;
 import com.google.gerrit.sshd.SshCommand;
@@ -31,6 +33,9 @@ final class AdminQueryShell extends SshCommand {
   @Inject
   private QueryShell.Factory factory;
 
+  @Inject
+  private IdentifiedUser currentUser;
+
   @Option(name = "--format", usage = "Set output format")
   private QueryShell.OutputFormat format = QueryShell.OutputFormat.PRETTY;
 
@@ -38,13 +43,37 @@ final class AdminQueryShell extends SshCommand {
   private String query;
 
   @Override
-  protected void run() {
-    final QueryShell shell = factory.create(in, out);
-    shell.setOutputFormat(format);
-    if (query != null) {
-      shell.execute(query);
-    } else {
-      shell.run();
+  protected void run() throws Failure {
+    try {
+      checkPermission();
+
+      final QueryShell shell = factory.create(in, out);
+      shell.setOutputFormat(format);
+      if (query != null) {
+        shell.execute(query);
+      } else {
+        shell.run();
+      }
+    } catch (PermissionDeniedException err) {
+      throw new UnloggedFailure("fatal: " + err.getMessage());
+    }
+  }
+
+  /**
+   * Assert that the current user is permitted to perform raw queries.
+   * <p>
+   * As the @RequireCapability guards at various entry points of internal
+   * commands implicitly add administrators (which we want to avoid), we also
+   * check permissions within QueryShell and grant access only to those who
+   * canPerformRawQuery, regardless of whether they are administrators or not.
+   *
+   * @throws PermissionDeniedException
+   */
+  private void checkPermission() throws PermissionDeniedException {
+    if (!currentUser.getCapabilities().canAccessDatabase()) {
+      throw new PermissionDeniedException(String.format(
+          "%s does not have \"Perform Raw Query\" capability.",
+          currentUser.getUserName()));
     }
   }
 }
diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/QueryShell.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/QueryShell.java
index 5226962b4f..1630d115d6 100644
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/QueryShell.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/QueryShell.java
@@ -15,9 +15,7 @@
 package com.google.gerrit.sshd.commands;
 
 import com.google.gerrit.common.Version;
-import com.google.gerrit.common.errors.PermissionDeniedException;
 import com.google.gerrit.reviewdb.server.ReviewDb;
-import com.google.gerrit.server.IdentifiedUser;
 import com.google.gson.JsonObject;
 import com.google.gwtorm.jdbc.JdbcSchema;
 import com.google.gwtorm.server.OrmException;
@@ -57,7 +55,6 @@ public class QueryShell {
   private final BufferedReader in;
   private final PrintWriter out;
   private final SchemaFactory<ReviewDb> dbFactory;
-  private final IdentifiedUser currentUser;
   private OutputFormat outputFormat = OutputFormat.PRETTY;
 
   private ReviewDb db;
@@ -66,14 +63,11 @@ public class QueryShell {
 
   @Inject
   QueryShell(final SchemaFactory<ReviewDb> dbFactory,
-      final IdentifiedUser currentUser,
-
-  @Assisted final InputStream in, @Assisted final OutputStream out)
-      throws UnsupportedEncodingException {
+      @Assisted final InputStream in, @Assisted final OutputStream out)
+          throws UnsupportedEncodingException {
     this.dbFactory = dbFactory;
     this.in = new BufferedReader(new InputStreamReader(in, "UTF-8"));
     this.out = new PrintWriter(new OutputStreamWriter(out, "UTF-8"));
-    this.currentUser = currentUser;
   }
 
   public void setOutputFormat(OutputFormat fmt) {
@@ -82,7 +76,6 @@ public class QueryShell {
 
   public void run() {
     try {
-      checkPermission();
       db = dbFactory.open();
       try {
         connection = ((JdbcSchema) db).getConnection();
@@ -105,8 +98,6 @@ public class QueryShell {
 
     } catch (SQLException err) {
       out.println("fatal: Cannot open connection: " + err.getMessage());
-    } catch (PermissionDeniedException err) {
-      out.println("fatal: " + err.getMessage());
     } finally {
       out.flush();
     }
@@ -114,7 +105,6 @@ public class QueryShell {
 
   public void execute(String query) {
     try {
-      checkPermission();
       db = dbFactory.open();
       try {
         connection = ((JdbcSchema) db).getConnection();
@@ -136,31 +126,11 @@ public class QueryShell {
 
     } catch (SQLException err) {
       out.println("fatal: Cannot open connection: " + err.getMessage());
-    } catch (PermissionDeniedException err) {
-      out.println("fatal: " + err.getMessage());
     } finally {
       out.flush();
     }
   }
 
-  /**
-   * Assert that the current user is permitted to perform raw queries.
-   * <p>
-   * As the @RequireCapability guards at various entry points of internal
-   * commands implicitly add administrators (which we want to avoid), we also
-   * check permissions within QueryShell and grant access only to those who
-   * canPerformRawQuery, regardless of whether they are administrators or not.
-   *
-   * @throws PermissionDeniedException
-   */
-  private void checkPermission() throws PermissionDeniedException {
-    if (!currentUser.getCapabilities().canAccessDatabase()) {
-      throw new PermissionDeniedException(String.format(
-          "%s does not have \"Perform Raw Query\" capability.",
-          currentUser.getUserName()));
-    }
-  }
-
   private void readEvalPrintLoop() {
     final StringBuilder buffer = new StringBuilder();
     boolean executed = false;
-- 
cgit v1.2.3