diff options
author | Shawn O. Pearce <sop@google.com> | 2011-06-16 18:49:26 -0700 |
---|---|---|
committer | Shawn O. Pearce <sop@google.com> | 2011-06-16 18:49:26 -0700 |
commit | 9dbd055b52e9641774aa7098c97de537a15fcf7e (patch) | |
tree | 3d94c4a4f67b6696cbe6a772c7bef33b43bedd61 | |
parent | 98ce43f10706112bddc56f1e1e1023f840ead7fc (diff) | |
download | gerrit-9dbd055b52e9641774aa7098c97de537a15fcf7e.tar.gz |
Cleanup check for 'Create Group' capability
This should be done only once, inside of the common
PerformCreateGroup object and not by both the HTTP
and SSH interface glue.
Change-Id: I6f774fe318412a7220206b99d7279d5b061355ad
3 files changed, 24 insertions, 32 deletions
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/CreateGroup.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/CreateGroup.java index fcfb5683..6639ac56 100644 --- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/CreateGroup.java +++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/CreateGroup.java @@ -47,12 +47,6 @@ class CreateGroup extends Handler<AccountGroup.Id> { @Override public AccountGroup.Id call() throws OrmException, NameAlreadyUsedException, PermissionDeniedException { - if (!user.getCapabilities().canCreateGroup()) { - throw new PermissionDeniedException(String.format( - "%s does not have \"Create Group\" capability.", - user.getUserName())); - } - final PerformCreateGroup performCreateGroup = performCreateGroupFactory.create(); final Account.Id me = user.getAccountId(); return performCreateGroup.createGroup(groupName, null, false, null, Collections.singleton(me), null); diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PerformCreateGroup.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PerformCreateGroup.java index a017588a..0a6b8001 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PerformCreateGroup.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PerformCreateGroup.java @@ -15,6 +15,7 @@ package com.google.gerrit.server.account; import com.google.gerrit.common.errors.NameAlreadyUsedException; +import com.google.gerrit.common.errors.PermissionDeniedException; import com.google.gerrit.reviewdb.Account; import com.google.gerrit.reviewdb.AccountGroup; import com.google.gerrit.reviewdb.AccountGroupInclude; @@ -79,13 +80,20 @@ public class PerformCreateGroup { * error * @throws NameAlreadyUsedException is thrown in case a group with the given * name already exists + * @throws PermissionDeniedException user cannot create a group. */ public AccountGroup.Id createGroup(final String groupName, final String groupDescription, final boolean visibleToAll, final AccountGroup.Id ownerGroupId, final Collection<? extends Account.Id> initialMembers, final Collection<? extends AccountGroup.Id> initialGroups) - throws OrmException, NameAlreadyUsedException { + throws OrmException, NameAlreadyUsedException, PermissionDeniedException { + if (!currentUser.getCapabilities().canCreateGroup()) { + throw new PermissionDeniedException(String.format( + "%s does not have \"Create Group\" capability.", + currentUser.getUserName())); + } + final AccountGroup.Id groupId = new AccountGroup.Id(db.nextAccountGroupId()); final AccountGroup.NameKey nameKey = new AccountGroup.NameKey(groupName); diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateGroupCommand.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateGroupCommand.java index 76eca2a2..05e6e59a 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateGroupCommand.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/CreateGroupCommand.java @@ -15,12 +15,11 @@ package com.google.gerrit.sshd.commands; import com.google.gerrit.common.errors.NameAlreadyUsedException; +import com.google.gerrit.common.errors.PermissionDeniedException; import com.google.gerrit.reviewdb.Account; import com.google.gerrit.reviewdb.AccountGroup; -import com.google.gerrit.server.IdentifiedUser; import com.google.gerrit.server.account.PerformCreateGroup; import com.google.gerrit.sshd.BaseCommand; -import com.google.gwtorm.client.OrmException; import com.google.inject.Inject; import org.apache.sshd.server.Environment; @@ -63,9 +62,6 @@ final class CreateGroupCommand extends BaseCommand { } @Inject - private IdentifiedUser currentUser; - - @Inject private PerformCreateGroup.Factory performCreateGroupFactory; @Override @@ -73,27 +69,21 @@ final class CreateGroupCommand extends BaseCommand { startThread(new CommandRunnable() { @Override public void run() throws Exception { - if (!currentUser.getCapabilities().canCreateGroup()) { - String msg = String.format( - "fatal: %s does not have \"Create Group\" capability.", - currentUser.getUserName()); - throw new UnloggedFailure(BaseCommand.STATUS_NOT_ADMIN, msg); - } - parseCommandLine(); - createGroup(); + try { + performCreateGroupFactory.create().createGroup(groupName, + groupDescription, + visibleToAll, + ownerGroupId, + initialMembers, + initialGroups); + } catch (PermissionDeniedException e) { + throw die(e); + + } catch (NameAlreadyUsedException e) { + throw die(e); + } } }); } - - private void createGroup() throws OrmException, UnloggedFailure { - final PerformCreateGroup performCreateGroup = - performCreateGroupFactory.create(); - try { - performCreateGroup.createGroup(groupName, groupDescription, visibleToAll, - ownerGroupId, initialMembers, initialGroups); - } catch (NameAlreadyUsedException e) { - throw die(e); - } - } -}
\ No newline at end of file +} |