All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.google.gerrit.sshd.commands.CheckProjectAccessCommand Maven / Gradle / Ivy

There is a newer version: 3.10.1
Show newest version
// Copyright (C) 2022 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.gerrit.sshd.commands;

import static com.google.gerrit.sshd.CommandMetaData.Mode.MASTER_OR_SLAVE;

import com.google.gerrit.entities.Account;
import com.google.gerrit.entities.Project;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountResolver;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.gerrit.sshd.CommandMetaData;
import com.google.gerrit.sshd.SshCommand;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.IOException;
import java.util.Set;
import java.util.stream.Collectors;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.kohsuke.args4j.Option;

@CommandMetaData(
    name = "check-project-access",
    description = "Check project readability for specified user(s)",
    runsAt = MASTER_OR_SLAVE)
public class CheckProjectAccessCommand extends SshCommand {
  @Inject private AccountResolver accountResolver;
  @Inject private IdentifiedUser.GenericFactory userFactory;
  @Inject private PermissionBackend permissionBackend;
  @Inject private Provider userProvider;

  @Option(
      name = "--project",
      aliases = {"-p"},
      metaVar = "PROJECT",
      required = true,
      usage = "project name to check")
  private String projectName;

  @Option(
      name = "--user",
      aliases = {"-u"},
      metaVar = "USER",
      required = true,
      usage = "Account identifier used to find the user(s) for which to check access.")
  private String userName;

  @Override
  protected void run() throws Failure, ConfigInvalidException, IOException {
    PermissionBackend.WithUser userPermission = permissionBackend.user(userProvider.get());

    boolean isAdmin = userPermission.testOrFalse(GlobalPermission.ADMINISTRATE_SERVER);
    boolean canViewAccount = isAdmin || userPermission.testOrFalse(GlobalPermission.VIEW_ACCESS);

    if (!user.hasSameAccountId(userProvider.get()) && !canViewAccount) {
      throw die("This command requires 'view access' or 'administrate server' capabilities.");
    }

    try {
      for (IdentifiedUser user : getUserList(userName)) {
        stdout.println(
            String.format(
                "Username: '%s', Email: '%s', Full Name: '%s', Result: %b\n",
                user.getLoggableName(),
                user.getNameEmail()
                    .substring(
                        user.getNameEmail().indexOf("<") + 1, user.getNameEmail().indexOf(">")),
                user.getName(),
                permissionBackend
                    .user(user)
                    .project(Project.nameKey(projectName))
                    .test(ProjectPermission.READ)));
      }
    } catch (ConfigInvalidException
        | ResourceNotFoundException
        | IllegalArgumentException
        | PermissionBackendException e) {
      throw die(e);
    }
  }

  private Set getUserList(String userName)
      throws ConfigInvalidException, IOException, ResourceNotFoundException {
    return getIdList(userName).stream().map(userFactory::create).collect(Collectors.toSet());
  }

  private Set getIdList(String userName)
      throws ConfigInvalidException, IOException, ResourceNotFoundException {
    Set idList = accountResolver.resolve(userName).asIdSet();
    if (idList.isEmpty()) {
      throw new ResourceNotFoundException(
          "No accounts found for your query: \""
              + userName
              + "\""
              + " Tip: Try double-escaping spaces, for example: \"--user Last,\\\\ First\"");
    }
    return idList;
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy