com.google.gerrit.server.permissions

Class PermissionBackend

java.lang.Object

com.google.gerrit.server.permissions.PermissionBackend

Direct Known Subclasses:

DefaultPermissionBackend

public abstract class PermissionBackend
extends java.lang.Object

Checks authorization to perform an action on a project, reference, or change.

check methods should be used during action handlers to verify the user is allowed to exercise the specified permission. For convenience in implementation check methods throw AuthException if the permission is denied.

test methods should be used when constructing replies to the client and the result object needs to include a true/false hint indicating the user's ability to exercise the permission. This is suitable for configuring UI button state, but should not be relied upon to guard handlers before making state changes.

PermissionBackend is a singleton for the server, acting as a factory for lightweight request instances. Implementation classes may cache supporting data inside of PermissionBackend.WithUser, PermissionBackend.ForProject, PermissionBackend.ForRef, and PermissionBackend.ForChange instances, in addition to storing within CurrentUser using a CurrentUser.PropertyKey. GlobalPermission caching for PermissionBackend.WithUser may best cached inside CurrentUser as PermissionBackend.WithUser instances are frequently created.

Example use:

   private final PermissionBackend permissions;
   private final Provider user;

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	PermissionBackend.AcceptsReviewDb<T> PermissionBackend with an optional per-request ReviewDb handle.
static class	PermissionBackend.ForChange PermissionBackend scoped to a user, project, reference and change.
static class	PermissionBackend.ForProject PermissionBackend scoped to a user and project.
static class	PermissionBackend.ForRef PermissionBackend scoped to a user, project and reference.
static class	PermissionBackend.WithUser PermissionBackend scoped to a specific user.

Constructor Summary

Constructors

Constructor and Description
PermissionBackend()

Method Summary

Modifier and Type	Method and Description
void	bulkEvaluateTest(java.util.Collection<PermissionBackendCondition> conds) Bulk evaluate a collection of PermissionBackendCondition for view handling.
abstract PermissionBackend.WithUser	user(CurrentUser user)
<U extends CurrentUser> PermissionBackend.WithUser	user(com.google.inject.Provider<U> user)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PermissionBackend

public PermissionBackend()

Method Detail

user

public abstract PermissionBackend.WithUser user(CurrentUser user)

Returns:

lightweight factory scoped to answer for the specified user.

user

public <U extends CurrentUser> PermissionBackend.WithUser user(com.google.inject.Provider<U> user)

Returns:

lightweight factory scoped to answer for the specified user.

bulkEvaluateTest

public void bulkEvaluateTest(java.util.Collection<PermissionBackendCondition> conds)

Bulk evaluate a collection of PermissionBackendCondition for view handling.

Overridden implementations should call PermissionBackendCondition.set(boolean) to cache the result of testOrFalse in the condition for later evaluation. Caching the result will bypass the usual invocation of testOrFalse.

conds may contain duplicate entries (such as same user, resource, permission triplet). When duplicates exist, implementations should set a result into all instances to ensure testOrFalse does not get invoked during evaluation of the containing condition.

Parameters:

conds - conditions to consider.