com.google.gerrit.server.permissions

Class PermissionBackend

java.lang.Object

com.google.gerrit.server.permissions.PermissionBackend

Direct Known Subclasses:

DefaultPermissionBackend

public abstract class PermissionBackend
extends java.lang.Object

Checks authorization to perform an action on a project, reference, or change.

check methods should be used during action handlers to verify the user is allowed to exercise the specified permission. For convenience in implementation check methods throw AuthException if the permission is denied.

test methods should be used when constructing replies to the client and the result object needs to include a true/false hint indicating the user's ability to exercise the permission. This is suitable for configuring UI button state, but should not be relied upon to guard handlers before making state changes.

PermissionBackend is a singleton for the server, acting as a factory for lightweight request instances. Implementation classes may cache supporting data inside of PermissionBackend.WithUser, PermissionBackend.ForProject, PermissionBackend.ForRef, and PermissionBackend.ForChange instances, in addition to storing within CurrentUser using a CurrentUser.PropertyKey. GlobalPermission caching for PermissionBackend.WithUser may best cached inside CurrentUser as PermissionBackend.WithUser instances are frequently created.

Example use:

   private final PermissionBackend permissions;
   private final Provider user;

    @Inject
   Foo(PermissionBackend permissions, Provider user) {
     this.permissions = permissions;
     this.user = user;
   }

   public void apply(...) {
     permissions.user(user).change(cd).check(ChangePermission.SUBMIT);
   }

   public UiAction.Description getDescription(ChangeResource rsrc) {
     return new UiAction.Description()
       .setLabel("Submit")
       .setVisible(rsrc.permissions().testCond(ChangePermission.SUBMIT));
 }
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	PermissionBackend.ForChange PermissionBackend scoped to a user, project, reference and change.
static class	PermissionBackend.ForProject PermissionBackend scoped to a user and project.
static class	PermissionBackend.ForRef PermissionBackend scoped to a user, project and reference.
static class	PermissionBackend.RefFilterOptions Options for filtering refs using PermissionBackend.ForProject.
static class	PermissionBackend.WithUser PermissionBackend scoped to a specific user.

Constructor Summary

Constructors

Constructor and Description
PermissionBackend()

Method Summary

Modifier and Type	Method and Description
abstract PermissionBackend.WithUser	absentUser(Account.Id id) Returns an instance scoped to the provided user.
void	bulkEvaluateTest(java.util.Set<PermissionBackendCondition> conds) Bulk evaluate a set of PermissionBackendCondition for view handling.
void	checkUsesDefaultCapabilities() Throw ResourceNotFoundException if this backend does not use the default global capabilities.
abstract PermissionBackend.WithUser	currentUser() Returns an instance scoped to the current user.
abstract PermissionBackend.WithUser	user(CurrentUser user) Returns an instance scoped to the specified user.
boolean	usesDefaultCapabilities() Check whether this PermissionBackend respects the same global capabilities as the DefaultPermissionBackend.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PermissionBackend

public PermissionBackend()

Method Detail

currentUser

public abstract PermissionBackend.WithUser currentUser()

Returns an instance scoped to the current user.

user

public abstract PermissionBackend.WithUser user(CurrentUser user)

Returns an instance scoped to the specified user. Should be used in cases where the user could either be the issuer of the current request or an impersonated user. PermissionBackends that do not support impersonation can fail with an IllegalStateException.

If an instance scoped to the current user is desired, use currentUser() instead.

absentUser

public abstract PermissionBackend.WithUser absentUser(Account.Id id)

Returns an instance scoped to the provided user. Should be used in cases where the caller wants to check the permissions of a user who is not the issuer of the current request and not the target of impersonation.

Usage should be very limited as this can expose a group-oracle.

usesDefaultCapabilities

public boolean usesDefaultCapabilities()

Check whether this PermissionBackend respects the same global capabilities as the DefaultPermissionBackend.

If true, then it makes sense for downstream callers to refer to built-in Gerrit capability names in user-facing error messages, for example.

Returns:

whether this is the default permission backend.

checkUsesDefaultCapabilities

public void checkUsesDefaultCapabilities()
                                  throws ResourceNotFoundException

Throw ResourceNotFoundException if this backend does not use the default global capabilities.

Throws:

ResourceNotFoundException

bulkEvaluateTest

public void bulkEvaluateTest(java.util.Set<PermissionBackendCondition> conds)

Bulk evaluate a set of PermissionBackendCondition for view handling.

Overridden implementations should call PermissionBackendCondition.set(boolean) to cache the result of testOrFalse in the condition for later evaluation. Caching the result will bypass the usual invocation of testOrFalse.

Parameters:

conds - conditions to consider.