Line data    Source code

       1             : // Copyright (C) 2009 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.server.query.change;
      16             : 
      17             : import com.google.gerrit.entities.AccountGroup;
      18             : import com.google.gerrit.server.CurrentUser;
      19             : import com.google.gerrit.server.account.GroupMembership;
      20             : import com.google.gerrit.server.account.ListGroupMembership;
      21             : import java.util.Set;
      22             : 
      23             : /**
      24             :  * Representation of a user that does not have a Gerrit account.
      25             :  *
      26             :  * <p>This user representation is intended to be used to check permissions for groups:
      27             :  *
      28             :  * <p>There are occasions where we need to check if a resource - such as a change - is accessible by
      29             :  * a group. Our entire {@link com.google.gerrit.server.permissions.PermissionBackend} works solely
      30             :  * with {@link CurrentUser}. This class can be used to check permissions on a synthetic user with
      31             :  * the given group memberships. Any real Gerrit user with the same group memberships would receive
      32             :  * the same permission check results.
      33             :  */
      34             : public final class GroupBackedUser extends CurrentUser {
      35             :   private final GroupMembership groups;
      36             : 
      37             :   /**
      38             :    * Creates a new instance
      39             :    *
      40             :    * @param groups this set has to include all parent groups the user is contained in through
      41             :    *     subgroup membership. Given a set of groups that contains the user directly, callers can use
      42             :    *     {@link
      43             :    *     com.google.gerrit.server.account.GroupIncludeCache#parentGroupsOf(AccountGroup.UUID)} to
      44             :    *     resolve parent groups.
      45             :    */
      46           5 :   public GroupBackedUser(Set<AccountGroup.UUID> groups) {
      47           5 :     this.groups = new ListGroupMembership(groups);
      48           5 :   }
      49             : 
      50             :   @Override
      51             :   public GroupMembership getEffectiveGroups() {
      52           5 :     return groups;
      53             :   }
      54             : 
      55             :   @Override
      56             :   public String getLoggableName() {
      57           5 :     return "GroupBackedUser with memberships: " + groups.getKnownGroups();
      58             :   }
      59             : 
      60             :   @Override
      61             :   public Object getCacheKey() {
      62           5 :     return groups.getKnownGroups();
      63             :   }
      64             : }