LCOV - code coverage report
Current view: top level - server/project - RemoveReviewerControl.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 30 30 100.0 %
Date: 2022-11-19 15:00:39 Functions: 6 6 100.0 % 

          Line data    Source code
       1             : // Copyright (C) 2017 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.server.project;
      16             : 
      17             : import com.google.gerrit.entities.Account;
      18             : import com.google.gerrit.entities.Change;
      19             : import com.google.gerrit.entities.PatchSetApproval;
      20             : import com.google.gerrit.extensions.restapi.AuthException;
      21             : import com.google.gerrit.server.CurrentUser;
      22             : import com.google.gerrit.server.notedb.ChangeNotes;
      23             : import com.google.gerrit.server.permissions.ChangePermission;
      24             : import com.google.gerrit.server.permissions.GlobalPermission;
      25             : import com.google.gerrit.server.permissions.PermissionBackend;
      26             : import com.google.gerrit.server.permissions.PermissionBackendException;
      27             : import com.google.gerrit.server.permissions.RefPermission;
      28             : import com.google.gerrit.server.query.change.ChangeData;
      29             : import com.google.inject.Inject;
      30             : import com.google.inject.Singleton;
      31             : 
      32             : @Singleton
      33             : public class RemoveReviewerControl {
      34             :   private final PermissionBackend permissionBackend;
      35             : 
      36             :   @Inject
      37         146 :   RemoveReviewerControl(PermissionBackend permissionBackend) {
      38         146 :     this.permissionBackend = permissionBackend;
      39         146 :   }
      40             : 
      41             :   /**
      42             :    * Checks if removing the given reviewer and patch set approval is OK.
      43             :    *
      44             :    * @throws AuthException if this user is not allowed to remove this approval.
      45             :    * @throws PermissionBackendException on failure of permission checks.
      46             :    */
      47             :   public void checkRemoveReviewer(
      48             :       ChangeNotes notes, CurrentUser currentUser, PatchSetApproval approval)
      49             :       throws PermissionBackendException, AuthException {
      50           9 :     checkRemoveReviewer(notes, currentUser, approval.accountId(), approval.value());
      51           9 :   }
      52             : 
      53             :   /**
      54             :    * Checks if removing the given reviewer is OK. Does not check if removing any approvals the
      55             :    * reviewer might have given is OK.
      56             :    *
      57             :    * @throws AuthException if this user is not allowed to remove this approval.
      58             :    * @throws PermissionBackendException on failure of permission checks.
      59             :    */
      60             :   public void checkRemoveReviewer(ChangeNotes notes, CurrentUser currentUser, Account.Id reviewer)
      61             :       throws PermissionBackendException, AuthException {
      62          16 :     checkRemoveReviewer(notes, currentUser, reviewer, 0);
      63          16 :   }
      64             : 
      65             :   /** Returns true if the user is allowed to remove this reviewer. */
      66             :   public boolean testRemoveReviewer(
      67             :       ChangeData cd, CurrentUser currentUser, Account.Id reviewer, int value)
      68             :       throws PermissionBackendException {
      69          72 :     if (canRemoveReviewerWithoutPermissionCheck(
      70          72 :         permissionBackend, cd.change(), currentUser, reviewer, value)) {
      71          72 :       return true;
      72             :     }
      73          49 :     return permissionBackend.user(currentUser).change(cd).test(ChangePermission.REMOVE_REVIEWER);
      74             :   }
      75             : 
      76             :   private void checkRemoveReviewer(
      77             :       ChangeNotes notes, CurrentUser currentUser, Account.Id reviewer, int val)
      78             :       throws PermissionBackendException, AuthException {
      79          19 :     if (canRemoveReviewerWithoutPermissionCheck(
      80          19 :         permissionBackend, notes.getChange(), currentUser, reviewer, val)) {
      81          19 :       return;
      82             :     }
      83             : 
      84           1 :     permissionBackend.user(currentUser).change(notes).check(ChangePermission.REMOVE_REVIEWER);
      85           1 :   }
      86             : 
      87             :   private static boolean canRemoveReviewerWithoutPermissionCheck(
      88             :       PermissionBackend permissionBackend,
      89             :       Change change,
      90             :       CurrentUser currentUser,
      91             :       Account.Id reviewer,
      92             :       int value)
      93             :       throws PermissionBackendException {
      94          72 :     if (change.isMerged() && value != 0) {
      95          46 :       return false;
      96             :     }
      97             : 
      98          72 :     if (currentUser.isIdentifiedUser()) {
      99          72 :       Account.Id aId = currentUser.getAccountId();
     100          72 :       if (aId.equals(reviewer)) {
     101          70 :         return true; // A user can always remove themselves.
     102          43 :       } else if (aId.equals(change.getOwner()) && 0 <= value) {
     103          42 :         return true; // The change owner may remove any zero or positive score.
     104             :       }
     105             :     }
     106             : 
     107             :     // Users with the remove reviewer permission, the branch owner, project
     108             :     // owner and site admin can remove anyone
     109          22 :     PermissionBackend.WithUser withUser = permissionBackend.user(currentUser);
     110          22 :     PermissionBackend.ForProject forProject = withUser.project(change.getProject());
     111          22 :     if (forProject.ref(change.getDest().branch()).test(RefPermission.WRITE_CONFIG)
     112          22 :         || withUser.test(GlobalPermission.ADMINISTRATE_SERVER)) {
     113          11 :       return true;
     114             :     }
     115          22 :     return false;
     116             :   }
     117             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750