Package com.google.gerrit.server.query.change

Class GroupBackedUser

java.lang.Object

com.google.gerrit.server.CurrentUser

com.google.gerrit.server.query.change.GroupBackedUser

public final class GroupBackedUser
extends CurrentUser

Representation of a user that does not have a Gerrit account.

This user representation is intended to be used to check permissions for groups:

There are occasions where we need to check if a resource - such as a change - is accessible by a group. Our entire PermissionBackend works solely with CurrentUser. This class can be used to check permissions on a synthetic user with the given group memberships. Any real Gerrit user with the same group memberships would receive the same permission check results.

Field Summary

Fields inherited from class com.google.gerrit.server.CurrentUser

LAST_LOGIN_EXTERNAL_ID_PROPERTY_KEY

Constructor Summary

Constructors

Constructor	Description
GroupBackedUser(Set<AccountGroup.UUID> groups)	Creates a new instance

Method Summary

Modifier and Type	Method	Description
Object	getCacheKey()	Returns a unique identifier for this user that is intended to be used as a cache key.
GroupMembership	getEffectiveGroups()	Get the set of groups the user is currently a member of.
String	getLoggableName()	Returns unique name of the user for logging, never null

Methods inherited from class com.google.gerrit.server.CurrentUser

asIdentifiedUser, get, getAccessPath, getAccountId, getEmailAddresses, getExternalIdKeys, getLastLoginExternalIdKey, getRealUser, getUserName, hasSameAccountId, isIdentifiedUser, isImpersonating, isInternalUser, setAccessPath, updateRealAccountId

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

GroupBackedUser

public GroupBackedUser(Set<AccountGroup.UUID> groups)

Creates a new instance

Parameters:

groups - this set has to include all parent groups the user is contained in through subgroup membership. Given a set of groups that contains the user directly, callers can use GroupIncludeCache.parentGroupsOf(AccountGroup.UUID) to resolve parent groups.

Method Details

getEffectiveGroups

public GroupMembership getEffectiveGroups()

Description copied from class: CurrentUser

Get the set of groups the user is currently a member of.

The returned set may be a subset of the user's actual groups; if the user's account is currently deemed to be untrusted then the effective group set is only the anonymous and registered user groups. To enable additional groups (and gain their granted permissions) the user must update their account to use only trusted authentication providers.

Specified by:

getEffectiveGroups in class CurrentUser

Returns:

active groups for this user.

getLoggableName

public String getLoggableName()

Description copied from class: CurrentUser

Returns unique name of the user for logging, never null

Overrides:

getLoggableName in class CurrentUser

getCacheKey

public Object getCacheKey()

Description copied from class: CurrentUser

Returns a unique identifier for this user that is intended to be used as a cache key. Returned object should to implement equals() and hashCode() for effective caching.

Specified by:

getCacheKey in class CurrentUser