// Copyright (C) 2009 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.project;
import com.google.gerrit.common.data.ApprovalType;
import com.google.gerrit.common.data.ApprovalTypes;
import com.google.gerrit.reviewdb.ApprovalCategory;
import com.google.gerrit.reviewdb.Change;
import com.google.gerrit.reviewdb.PatchSet;
import com.google.gerrit.reviewdb.PatchSetApproval;
import com.google.gerrit.reviewdb.Project;
import com.google.gerrit.reviewdb.ReviewDb;
import com.google.gerrit.server.ChangeUtil;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.workflow.CategoryFunction;
import com.google.gerrit.server.workflow.FunctionState;
import com.google.gwtorm.client.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.util.ArrayList;
import java.util.List;
/** Access control management for a user accessing a single change. */
public class ChangeControl {
public static class GenericFactory {
private final ProjectControl.GenericFactory projectControl;
@Inject
GenericFactory(ProjectControl.GenericFactory p) {
projectControl = p;
}
public ChangeControl controlFor(Change change, CurrentUser user)
throws NoSuchChangeException {
final Project.NameKey projectKey = change.getProject();
try {
return projectControl.controlFor(projectKey, user).controlFor(change);
} catch (NoSuchProjectException e) {
throw new NoSuchChangeException(change.getId(), e);
}
}
}
public static class Factory {
private final ProjectControl.Factory projectControl;
private final Provider<ReviewDb> db;
@Inject
Factory(final ProjectControl.Factory p, final Provider<ReviewDb> d) {
projectControl = p;
db = d;
}
public ChangeControl controlFor(final Change.Id id)
throws NoSuchChangeException {
final Change change;
try {
change = db.get().changes().get(id);
if (change == null) {
throw new NoSuchChangeException(id);
}
} catch (OrmException e) {
throw new NoSuchChangeException(id, e);
}
return controlFor(change);
}
public ChangeControl controlFor(final Change change)
throws NoSuchChangeException {
try {
final Project.NameKey projectKey = change.getProject();
return projectControl.validateFor(projectKey).controlFor(change);
} catch (NoSuchProjectException e) {
throw new NoSuchChangeException(change.getId(), e);
}
}
public ChangeControl validateFor(final Change.Id id)
throws NoSuchChangeException {
return validate(controlFor(id));
}
public ChangeControl validateFor(final Change change)
throws NoSuchChangeException {
return validate(controlFor(change));
}
private static ChangeControl validate(final ChangeControl c)
throws NoSuchChangeException {
if (!c.isVisible()) {
throw new NoSuchChangeException(c.getChange().getId());
}
return c;
}
}
private final RefControl refControl;
private final Change change;
ChangeControl(final RefControl r, final Change c) {
this.refControl = r;
this.change = c;
}
public ChangeControl forAnonymousUser() {
return new ChangeControl(getRefControl().forAnonymousUser(), getChange());
}
public ChangeControl forUser(final CurrentUser who) {
return new ChangeControl(getRefControl().forUser(who), getChange());
}
public RefControl getRefControl() {
return refControl;
}
public CurrentUser getCurrentUser() {
return getRefControl().getCurrentUser();
}
public ProjectControl getProjectControl() {
return getRefControl().getProjectControl();
}
public Project getProject() {
return getProjectControl().getProject();
}
public Change getChange() {
return change;
}
/** Can this user see this change? */
public boolean isVisible() {
return getRefControl().isVisible();
}
/** Can this user abandon this change? */
public boolean canAbandon() {
return isOwner() // owner (aka creator) of the change can abandon
|| getRefControl().isOwner() // branch owner can abandon
|| getProjectControl().isOwner() // project owner can abandon
|| getCurrentUser().isAdministrator() // site administers are god
;
}
/** Can this user restore this change? */
public boolean canRestore() {
return canAbandon(); // Anyone who can abandon the change can restore it back
}
public short normalize(ApprovalCategory.Id category, short score) {
return getRefControl().normalize(category, score);
}
/** Can this user add a patch set to this change? */
public boolean canAddPatchSet() {
return getRefControl().canUpload();
}
/** Is this user the owner of the change? */
public boolean isOwner() {
if (getCurrentUser() instanceof IdentifiedUser) {
final IdentifiedUser i = (IdentifiedUser) getCurrentUser();
return i.getAccountId().equals(change.getOwner());
}
return false;
}
/** @return true if the user is allowed to remove this reviewer. */
public boolean canRemoveReviewer(PatchSetApproval approval) {
if (getChange().getStatus().isOpen()) {
// A user can always remove themselves.
//
if (getCurrentUser() instanceof IdentifiedUser) {
final IdentifiedUser i = (IdentifiedUser) getCurrentUser();
if (i.getAccountId().equals(approval.getAccountId())) {
return true; // can remove self
}
}
// The change owner may remove any zero or positive score.
//
if (isOwner() && 0 <= approval.getValue()) {
return true;
}
// The branch owner, project owner, site admin can remove anyone.
//
if (getRefControl().isOwner() // branch owner
|| getProjectControl().isOwner() // project owner
|| getCurrentUser().isAdministrator()) {
return true;
}
}
return false;
}
/** @return {@link CanSubmitResult#OK}, or a result with an error message. */
public CanSubmitResult canSubmit(final PatchSet.Id patchSetId) {
if (change.getStatus().isClosed()) {
return new CanSubmitResult("Change " + change.getId() + " is closed");
}
if (!patchSetId.equals(change.currentPatchSetId())) {
return new CanSubmitResult("Patch set " + patchSetId + " is not current");
}
if (!getRefControl().canSubmit()) {
return new CanSubmitResult("User does not have permission to submit");
}
if (!(getCurrentUser() instanceof IdentifiedUser)) {
return new CanSubmitResult("User is not signed-in");
}
return CanSubmitResult.OK;
}
/** @return {@link CanSubmitResult#OK}, or a result with an error message. */
public CanSubmitResult canSubmit(final PatchSet.Id patchSetId, final ReviewDb db,
final ApprovalTypes approvalTypes,
FunctionState.Factory functionStateFactory)
throws OrmException {
CanSubmitResult result = canSubmit(patchSetId);
if (result != CanSubmitResult.OK) {
return result;
}
final List<PatchSetApproval> allApprovals =
new ArrayList<PatchSetApproval>(db.patchSetApprovals().byPatchSet(
patchSetId).toList());
final PatchSetApproval myAction =
ChangeUtil.createSubmitApproval(patchSetId,
(IdentifiedUser) getCurrentUser(), db);
final ApprovalType actionType =
approvalTypes.getApprovalType(myAction.getCategoryId());
if (actionType == null || !actionType.getCategory().isAction()) {
return new CanSubmitResult("Invalid action " + myAction.getCategoryId());
}
final FunctionState fs =
functionStateFactory.create(change, patchSetId, allApprovals);
for (ApprovalType c : approvalTypes.getApprovalTypes()) {
CategoryFunction.forCategory(c.getCategory()).run(c, fs);
}
if (!CategoryFunction.forCategory(actionType.getCategory()).isValid(
getCurrentUser(), actionType, fs)) {
return new CanSubmitResult(actionType.getCategory().getName()
+ " not permitted");
}
fs.normalize(actionType, myAction);
if (myAction.getValue() <= 0) {
return new CanSubmitResult(actionType.getCategory().getName()
+ " not permitted");
}
return CanSubmitResult.OK;
}
}