Cleanup check for 'Create Group' capability

This should be done only once, inside of the common
PerformCreateGroup object and not by both the HTTP
and SSH interface glue.

Change-Id: I6f774fe318412a7220206b99d7279d5b061355ad

3 files changed, 24 insertions, 32 deletions

diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/CreateGroup.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/CreateGroup.java
index fcfb5683..6639ac56 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/CreateGroup.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/CreateGroup.java
@@ -47,12 +47,6 @@ class CreateGroup extends Handler<AccountGroup.Id> {
   @Override
   public AccountGroup.Id call() throws OrmException, NameAlreadyUsedException,
       PermissionDeniedException {
-    if (!user.getCapabilities().canCreateGroup()) {
-      throw new PermissionDeniedException(String.format(
-        "%s does not have \"Create Group\" capability.",
-        user.getUserName()));
-    }
-
     final PerformCreateGroup performCreateGroup = performCreateGroupFactory.create();
     final Account.Id me = user.getAccountId();
     return performCreateGroup.createGroup(groupName, null, false, null, Collections.singleton(me), null);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PerformCreateGroup.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PerformCreateGroup.java
index a017588a..0a6b8001 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PerformCreateGroup.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PerformCreateGroup.java
@@ -15,6 +15,7 @@
 package com.google.gerrit.server.account;
 
 import com.google.gerrit.common.errors.NameAlreadyUsedException;
+import com.google.gerrit.common.errors.PermissionDeniedException;
 import com.google.gerrit.reviewdb.Account;
 import com.google.gerrit.reviewdb.AccountGroup;
 import com.google.gerrit.reviewdb.AccountGroupInclude;
@@ -79,13 +80,20 @@ public class PerformCreateGroup {
    *         error
    * @throws NameAlreadyUsedException is thrown in case a group with the given
    *         name already exists
+   * @throws PermissionDeniedException user cannot create a group.
    */
   public AccountGroup.Id createGroup(final String groupName,
       final String groupDescription, final boolean visibleToAll,
       final AccountGroup.Id ownerGroupId,
       final Collection<? extends Account.Id> initialMembers,
       final Collection<? extends AccountGroup.Id> initialGroups)
-      throws OrmException, NameAlreadyUsedException {
+      throws OrmException, NameAlreadyUsedException, PermissionDeniedException {
+    if (!currentUser.getCapabilities().canCreateGroup()) {
+      throw new PermissionDeniedException(String.format(
+        "%s does not have \"Create Group\" capability.",
+        currentUser.getUserName()));
+    }
+
     final AccountGroup.Id groupId =
         new AccountGroup.Id(db.nextAccountGroupId());
     final AccountGroup.NameKey nameKey = new AccountGroup.NameKey(groupName);
diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateGroupCommand.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateGroupCommand.java
index 76eca2a2..05e6e59a 100644
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateGroupCommand.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateGroupCommand.java
@@ -15,12 +15,11 @@
 package com.google.gerrit.sshd.commands;
 
 import com.google.gerrit.common.errors.NameAlreadyUsedException;
+import com.google.gerrit.common.errors.PermissionDeniedException;
 import com.google.gerrit.reviewdb.Account;
 import com.google.gerrit.reviewdb.AccountGroup;
-import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.PerformCreateGroup;
 import com.google.gerrit.sshd.BaseCommand;
-import com.google.gwtorm.client.OrmException;
 import com.google.inject.Inject;
 
 import org.apache.sshd.server.Environment;
@@ -63,9 +62,6 @@ final class CreateGroupCommand extends BaseCommand {
   }
 
   @Inject
-  private IdentifiedUser currentUser;
-
-  @Inject
   private PerformCreateGroup.Factory performCreateGroupFactory;
 
   @Override
@@ -73,27 +69,21 @@ final class CreateGroupCommand extends BaseCommand {
     startThread(new CommandRunnable() {
       @Override
       public void run() throws Exception {
-        if (!currentUser.getCapabilities().canCreateGroup()) {
-          String msg = String.format(
-            "fatal: %s does not have \"Create Group\" capability.",
-            currentUser.getUserName());
-          throw new UnloggedFailure(BaseCommand.STATUS_NOT_ADMIN, msg);
-        }
-
         parseCommandLine();
-        createGroup();
+        try {
+          performCreateGroupFactory.create().createGroup(groupName,
+              groupDescription,
+              visibleToAll,
+              ownerGroupId,
+              initialMembers,
+              initialGroups);
+        } catch (PermissionDeniedException e) {
+          throw die(e);
+
+        } catch (NameAlreadyUsedException e) {
+          throw die(e);
+        }
       }
     });
   }
-
-  private void createGroup() throws OrmException, UnloggedFailure {
-    final PerformCreateGroup performCreateGroup =
-        performCreateGroupFactory.create();
-    try {
-      performCreateGroup.createGroup(groupName, groupDescription, visibleToAll,
-          ownerGroupId, initialMembers, initialGroups);
-    } catch (NameAlreadyUsedException e) {
-      throw die(e);
-    }
-  }
-}
\ No newline at end of file
+}