Package com.google.gerrit.server.permissions

Class PermissionBackend

  • Direct Known Subclasses:
    DefaultPermissionBackend
    public abstract class PermissionBackend
extends Object
    Checks authorization to perform an action on a project, reference, or change.

    check methods should be used during action handlers to verify the user is allowed to exercise the specified permission. For convenience in implementation check methods throw AuthException if the permission is denied.

    test methods should be used when constructing replies to the client and the result object needs to include a true/false hint indicating the user's ability to exercise the permission. This is suitable for configuring UI button state, but should not be relied upon to guard handlers before making state changes.

    PermissionBackend is a singleton for the server, acting as a factory for lightweight request instances. Implementation classes may cache supporting data inside of PermissionBackend.WithUser, PermissionBackend.ForProject, PermissionBackend.ForRef, and PermissionBackend.ForChange instances, in addition to storing within CurrentUser using a PropertyMap.Key. GlobalPermission caching for PermissionBackend.WithUser may best cached inside CurrentUser as PermissionBackend.WithUser instances are frequently created.

    Example use: 

       private final PermissionBackend permissions;
   private final Provider user;

   @Inject
   Foo(PermissionBackend permissions, Provider user) {
     this.permissions = permissions;
     this.user = user;
   }

   public void apply(...) {
     permissions.user(user).change(cd).check(ChangePermission.SUBMIT);
   }

   public UiAction.Description getDescription(ChangeResource rsrc) {
     return new UiAction.Description()
       .setLabel("Submit")
       .setVisible(rsrc.permissions().testCond(ChangePermission.SUBMIT));
 }

    • Constructor Detail

      • PermissionBackend

        public PermissionBackend()

    • Method Detail

      • user

        public abstract PermissionBackend.WithUser user​(CurrentUser user)
        Returns an instance scoped to the specified user. Should be used in cases where the user could either be the issuer of the current request or an impersonated user. PermissionBackends that do not support impersonation can fail with an IllegalStateException.

        If an instance scoped to the current user is desired, use currentUser() instead.

      • absentUser

        public abstract PermissionBackend.WithUser absentUser​(Account.Id id)
        Returns an instance scoped to the provided user. Should be used in cases where the caller wants to check the permissions of a user who is not the issuer of the current request and not the target of impersonation.

        Usage should be very limited as this can expose a group-oracle.

      • usesDefaultCapabilities

        public boolean usesDefaultCapabilities()
        Check whether this PermissionBackend respects the same global capabilities as the DefaultPermissionBackend.

        If true, then it makes sense for downstream callers to refer to built-in Gerrit capability names in user-facing error messages, for example.

        Returns:
        whether this is the default permission backend.