diff --git a/docu/index.md b/docu/index.md
index a068d771..641d8767 100644
--- a/docu/index.md
+++ b/docu/index.md
@@ -5,7 +5,7 @@ with full SSO through Gerrit.
* License: [Apache Public License 2.0](http://www.apache.org/licenses/LICENSE-2.0)
* [Home page](https://github.com/tomaswolf/gerrit-gitblit-plugin)
-* Installed plugin version: 2.14.171.0-SNAPSHOT — Check for updates
+* Installed plugin version: 2.15.171.0-SNAPSHOT — Check for updates
For a list of contributors, see at [GitHub](https://github.com/tomaswolf/gerrit-gitblit-plugin/graphs/contributors).
@@ -111,6 +111,6 @@ Report bugs or make feature requests at the [GitHub issue tracker](https://githu
diff --git a/pom.xml b/pom.xml
index 314b8dfd..12a298ac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@ limitations under the License.
gitblit-plugin
GitBlit for Gerrit integrated as a plugin
Gerrit - GitBlit Plugin
- 2.14.171.0-SNAPSHOT
+ 2.15.171.0-SNAPSHOT
Apache License 2.0
@@ -29,7 +29,7 @@ limitations under the License.
plugin
- 2.14
+ 2.15
1.7.1
1.4.22
restart
diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritGitBlitUserManager.java b/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritGitBlitUserManager.java
index e47cc1a5..99fff8a1 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritGitBlitUserManager.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritGitBlitUserManager.java
@@ -35,7 +35,7 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.GetDiffPreferences;
-import com.google.gerrit.server.project.ProjectControl;
+import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
@@ -46,7 +46,7 @@ public class GerritGitBlitUserManager implements IUserManager {
private static final Logger log = LoggerFactory.getLogger(GerritGitBlitUserManager.class);
- private final ProjectControl.GenericFactory projectControl;
+ private final PermissionBackend permissions;
private final Provider userProvider;
@@ -55,9 +55,9 @@ public class GerritGitBlitUserManager implements IUserManager {
private final GetDiffPreferences getDiffPreferences;
@Inject
- public GerritGitBlitUserManager(final ProjectControl.GenericFactory projectControl, final GitBlitSettings settings,
+ public GerritGitBlitUserManager(final PermissionBackend permissions, final GitBlitSettings settings,
final DynamicItem gerritSession, final Provider anonymousUser, final GetDiffPreferences getDiffPreferences) {
- this.projectControl = projectControl;
+ this.permissions = permissions;
this.userProvider = new Provider() {
@Override
public CurrentUser get() {
@@ -88,22 +88,22 @@ public void setup(IRuntimeManager runtimeManager) {
@Override
public UserModel getUserModel(String username) {
if (username == null || GerritGitBlitUserModel.ANONYMOUS_USER.equals(username)) {
- return new GerritGitBlitUserModel(projectControl, anonymousUser, getDiffPreferences);
+ return new GerritGitBlitUserModel(permissions, anonymousUser, getDiffPreferences);
}
- return new GerritGitBlitUserModel(username, projectControl, userProvider, getDiffPreferences);
+ return new GerritGitBlitUserModel(username, permissions, userProvider, getDiffPreferences);
}
/**
* GitBlit assumes all users (or user accounts) have a username (account name or login name). Gerrit allows users (accounts) to not have a
* username, for instance if the account is created or logged in via Google OAuth. I such cases, we have to fake a username for GitBlit.
- *
+ *
* @return a GitBlit {@link UserModel} for an unnamed Gerrit account.
*/
public UserModel getUnnamedGerritUser() {
CurrentUser user = userProvider.get();
if (!user.isIdentifiedUser()) {
log.warn("\"Logged-in\" user according to session is anonymous.");
- return new GerritGitBlitUserModel(projectControl, anonymousUser, getDiffPreferences);
+ return new GerritGitBlitUserModel(permissions, anonymousUser, getDiffPreferences);
}
IdentifiedUser loggedInUser = (IdentifiedUser) user;
// We know that this user has no username. Synthesize one for GitBlit.
@@ -114,7 +114,7 @@ public UserModel getUnnamedGerritUser() {
fakeUserName = "external" + loggedInUser.getAccountId().toString();
}
}
- return new GerritGitBlitUserModel(fakeUserName, projectControl, userProvider, getDiffPreferences);
+ return new GerritGitBlitUserModel(fakeUserName, permissions, userProvider, getDiffPreferences);
}
@Override
@@ -229,7 +229,7 @@ public boolean isInternalAccount(String username) {
/**
* Tries to ensure that GitBlit's "anonymous" user obeys the branch visibility defined by Gerrit.
- *
+ *
* @return {@code true} if sucessful, {@code false} if unsuccessful
*/
private boolean fixAnonymousUser() {
@@ -255,7 +255,7 @@ private boolean fixAnonymousUser() {
modifiers.setAccessible(true);
int modifierFlags = anonymousField.getModifiers();
modifiers.set(anonymousField, modifierFlags & ~Modifier.FINAL); // Remove "final" from the "ANONYMOUS" field
- anonymousField.set(null, new GerritGitBlitUserModel(projectControl, anonymousUser, getDiffPreferences));
+ anonymousField.set(null, new GerritGitBlitUserModel(permissions, anonymousUser, getDiffPreferences));
modifiers.set(anonymousField, modifierFlags); // Make the field "final" again.
modifiers.setAccessible(false); // Re-enable Java-language accessibility checks
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritGitBlitUserModel.java b/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritGitBlitUserModel.java
index 66d7171e..6eb79cbf 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritGitBlitUserModel.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/gitblit/auth/GerritGitBlitUserModel.java
@@ -30,9 +30,12 @@
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.account.GetDiffPreferences;
-import com.google.gerrit.server.project.NoSuchProjectException;
-import com.google.gerrit.server.project.ProjectControl;
-import com.google.gerrit.server.project.RefControl;
+import com.google.gerrit.server.permissions.PermissionBackend;
+import com.google.gerrit.server.permissions.PermissionBackend.ForProject;
+import com.google.gerrit.server.permissions.PermissionBackend.ForRef;
+import com.google.gerrit.server.permissions.PermissionBackendException;
+import com.google.gerrit.server.permissions.ProjectPermission;
+import com.google.gerrit.server.permissions.RefPermission;
import com.google.inject.Provider;
/**
@@ -44,26 +47,26 @@ public class GerritGitBlitUserModel extends UserModel {
private static final long serialVersionUID = 1L;
- private transient final ProjectControl.GenericFactory projectControlFactory;
private transient final Provider userProvider;
private transient final GetDiffPreferences getDiffPreferences;
+ private transient final PermissionBackend permissions;
- public GerritGitBlitUserModel(final ProjectControl.GenericFactory projectControlFactory, final Provider userProvider,
+ public GerritGitBlitUserModel(final PermissionBackend permissions, final Provider userProvider,
final GetDiffPreferences getDiffPreferences) {
super(ANONYMOUS_USER);
this.isAuthenticated = false;
- this.projectControlFactory = projectControlFactory;
+ this.permissions = permissions;
this.userProvider = userProvider;
this.displayName = this.username;
this.getDiffPreferences = getDiffPreferences;
}
- public GerritGitBlitUserModel(String username, final ProjectControl.GenericFactory projectControlFactory,
+ public GerritGitBlitUserModel(String username, final PermissionBackend permissions,
final Provider userProvider, final GetDiffPreferences getDiffPreferences) {
super(username);
this.username = username;
this.isAuthenticated = true;
- this.projectControlFactory = projectControlFactory;
+ this.permissions = permissions;
this.userProvider = userProvider;
this.getDiffPreferences = getDiffPreferences;
CurrentUser user = userProvider.get();
@@ -78,46 +81,34 @@ public GerritGitBlitUserModel(String username, final ProjectControl.GenericFacto
@Override
protected boolean canAccess(final RepositoryModel repository, final AccessRestrictionType ifRestriction, final AccessPermission requirePermission) {
- try {
- ProjectControl control = projectControlFactory.controlFor(new NameKey(StringUtils.stripDotGit(repository.name)), userProvider.get());
- if (control == null) {
- return false;
- }
- switch (ifRestriction) {
- case VIEW:
- return control.isVisible();
- case CLONE:
- return control.canRunUploadPack();
- case PUSH:
- return control.canRunReceivePack();
- default:
- return true;
- }
- } catch (NoSuchProjectException | IOException e) {
+ ForProject projectPermissions = permissions.user(userProvider).project(new NameKey(StringUtils.stripDotGit(repository.name)));
+ if (projectPermissions == null) {
return false;
}
+ switch (ifRestriction) {
+ case VIEW:
+ return projectPermissions.testOrFalse(ProjectPermission.ACCESS);
+ case CLONE:
+ return projectPermissions.testOrFalse(ProjectPermission.RUN_UPLOAD_PACK);
+ case PUSH:
+ return projectPermissions.testOrFalse(ProjectPermission.RUN_RECEIVE_PACK);
+ default:
+ return true;
+ }
}
@Override
public boolean hasRepositoryPermission(String name) {
- try {
- ProjectControl control = projectControlFactory.controlFor(new NameKey(StringUtils.stripDotGit(name)), userProvider.get());
- return control != null && control.isVisible();
- } catch (NoSuchProjectException | IOException e) {
- return false;
- }
+ ForProject projectPermissions = permissions.user(userProvider).project(new NameKey(StringUtils.stripDotGit(name)));
+ return projectPermissions != null && projectPermissions.testOrFalse(ProjectPermission.ACCESS);
}
@Override
public boolean canView(RepositoryModel repository, String ref) {
- try {
- ProjectControl control = projectControlFactory.controlFor(new NameKey(StringUtils.stripDotGit(repository.name)), userProvider.get());
- if (control != null && control.isVisible()) {
- RefControl branchCtrl = control.controlForRef(ref);
- return branchCtrl != null && branchCtrl.isVisible();
- }
- } catch (NoSuchProjectException | IOException e) {
- // Silently ignore and return false below.
+ ForProject projectPermissions = permissions.user(userProvider).project(new NameKey(StringUtils.stripDotGit(repository.name)));
+ if (projectPermissions != null) {
+ ForRef refPermissions = projectPermissions.ref(ref);
+ return refPermissions != null && refPermissions.testOrFalse(RefPermission.READ);
}
return false;
}
@@ -125,7 +116,7 @@ public boolean canView(RepositoryModel repository, String ref) {
/**
* Retrieves the Gerrit preference setting for the number of diff context lines. A value < 0 indicates a "full file" context. If the current user
* is not logged in, returns the Gitblit (and JGit) default of 3, otherwise the setting as configured by the user in his Gerrit settings.
- *
+ *
* @return the number of context lines to display in a diff, or < 0 if the whole file shall be shown.
*/
public int diffContext() {
@@ -137,7 +128,7 @@ public int diffContext() {
if (diffPrefs != null) {
return diffPrefs.context;
}
- } catch (AuthException | ConfigInvalidException | IOException e) {
+ } catch (AuthException | ConfigInvalidException | PermissionBackendException | IOException e) {
// Ignore and return default below.
}
}