com.google.gerrit.server.restapi.account.PutPreferred Maven / Gradle / Ivy
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.restapi.account;
import static java.util.stream.Collectors.toList;
import static java.util.stream.Collectors.toSet;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.extensions.common.Input;
import com.google.gerrit.extensions.restapi.ResourceConflictException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.Response;
import com.google.gerrit.extensions.restapi.RestApiException;
import com.google.gerrit.extensions.restapi.RestModifyView;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.ServerInitiated;
import com.google.gerrit.server.account.AccountResource;
import com.google.gerrit.server.account.AccountState;
import com.google.gerrit.server.account.AccountsUpdate;
import com.google.gerrit.server.account.externalids.ExternalId;
import com.google.gerrit.server.account.externalids.ExternalIdFactory;
import com.google.gerrit.server.account.externalids.ExternalIds;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import org.eclipse.jgit.errors.ConfigInvalidException;
/**
* REST endpoint to set an email address as preferred email address for an account.
*
* This REST endpoint handles {@code PUT
* /accounts//emails//preferred} requests.
*
* Users can only set an email address as preferred that is assigned to their account as external
* ID.
*/
@Singleton
public class PutPreferred implements RestModifyView {
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
private final Provider self;
private final PermissionBackend permissionBackend;
private final Provider accountsUpdateProvider;
private final ExternalIds externalIds;
private final ExternalIdFactory externalIdFactory;
@Inject
PutPreferred(
Provider self,
PermissionBackend permissionBackend,
@ServerInitiated Provider accountsUpdateProvider,
ExternalIds externalIds,
ExternalIdFactory externalIdFactory) {
this.self = self;
this.permissionBackend = permissionBackend;
this.accountsUpdateProvider = accountsUpdateProvider;
this.externalIds = externalIds;
this.externalIdFactory = externalIdFactory;
}
@Override
public Response apply(AccountResource.Email rsrc, Input input)
throws RestApiException, IOException, PermissionBackendException, ConfigInvalidException {
if (!self.get().hasSameAccountId(rsrc.getUser())) {
permissionBackend.currentUser().check(GlobalPermission.MODIFY_ACCOUNT);
}
return apply(rsrc.getUser(), rsrc.getEmail());
}
public Response apply(IdentifiedUser user, String preferredEmail)
throws RestApiException, IOException, ConfigInvalidException {
AtomicReference> exception = new AtomicReference<>(Optional.empty());
AtomicBoolean alreadyPreferred = new AtomicBoolean(false);
Optional updatedAccount =
accountsUpdateProvider
.get()
.update(
"Set Preferred Email via API",
user.getAccountId(),
(a, u) -> {
if (preferredEmail.equals(a.account().preferredEmail())) {
alreadyPreferred.set(true);
} else {
// check if the user has a matching email
String matchingEmail = null;
for (String email :
a.externalIds().stream()
.map(ExternalId::email)
.filter(Objects::nonNull)
.collect(toSet())) {
if (email.equals(preferredEmail)) {
// we have an email that matches exactly, prefer this one
matchingEmail = email;
break;
} else if (matchingEmail == null && email.equalsIgnoreCase(preferredEmail)) {
// we found an email that matches but has a different case
matchingEmail = email;
}
}
if (matchingEmail == null) {
// user doesn't have an external ID for this email
if (user.hasEmailAddress(preferredEmail)) {
// but Realm says the user is allowed to use this email
Set existingExtIdsWithThisEmail =
externalIds.byEmail(preferredEmail);
if (!existingExtIdsWithThisEmail.isEmpty()) {
// but the email is already assigned to another account
logger.atWarning().log(
"Cannot set preferred email %s for account %s because it is owned"
+ " by the following account(s): %s",
preferredEmail,
user.getAccountId(),
existingExtIdsWithThisEmail.stream()
.map(ExternalId::accountId)
.collect(toList()));
exception.set(
Optional.of(
new ResourceConflictException(
"email in use by another account")));
return;
}
// claim the email now
u.addExternalId(
externalIdFactory.createEmail(a.account().id(), preferredEmail));
matchingEmail = preferredEmail;
} else {
// Realm says that the email doesn't belong to the user. This can only
// happen as
// a race condition because EmailsCollection would have thrown
// ResourceNotFoundException already before invoking this REST endpoint.
exception.set(Optional.of(new ResourceNotFoundException(preferredEmail)));
return;
}
}
u.setPreferredEmail(matchingEmail);
}
});
if (!updatedAccount.isPresent()) {
throw new ResourceNotFoundException("account not found");
}
if (exception.get().isPresent()) {
throw exception.get().get();
}
return alreadyPreferred.get() ? Response.ok() : Response.created();
}
}