in src/main/java/com/googlesource/gerrit/plugins/adminconsole/ShowRepoAccountAccessCommand.java [86:180]
public void run() throws UnloggedFailure, Failure, Exception {
AccountState account;
String sectionNameFormatter = " %-25s\n";
String ruleNameFormatter = " %-15s\n ";
String permissionNameFormatter = " %5s %9s %s\n";
Boolean userHasPermissionsInSection = false;
Boolean userHasPermissionsInProject = false;
if (projectName.isEmpty()) {
throw new UnloggedFailure(1, "Please specify a project to show access for");
}
if (name.isEmpty()) {
throw new UnloggedFailure(
1,
"You need to tell me who to find: LastName,\\\\ Firstname, email@address.com, account id or an user name. "
+ "Be sure to double-escape spaces, for example: \"show-repo-account-access All-Projects --user Last,\\\\ First\"");
}
Set<Account.Id> idList = accountResolver.resolve(name).asIdSet();
if (idList.isEmpty()) {
throw new UnloggedFailure(
1,
"No accounts found for your query: \""
+ name
+ "\""
+ " Tip: Try double-escaping spaces, for example: \"--user Last,\\\\ First\"");
}
Project.NameKey nameKey = Project.nameKey(projectName);
try {
MetaDataUpdate md = metaDataUpdateFactory.create(nameKey);
ProjectConfig config;
config = projectConfigFactory.read(md);
permissionGroupWidth = wide ? Integer.MAX_VALUE : columns - 9 - 5 - 9;
for (Account.Id id : idList) {
userHasPermissionsInProject = false;
account = accountResolver.resolve(id.toString()).asUnique();
stdout.println("Full name: " + account.account().fullName());
// Need to know what groups the user is in. This is not a great
// solution, but it does work.
List<GroupInfo> groupInfos =
accountGetGroups.get().apply(new AccountResource(userFactory.create(id))).value();
HashSet<String> groupHash = new HashSet<>();
for (GroupInfo groupInfo : groupInfos) {
groupHash.add(groupInfo.name);
}
for (AccessSection accessSection : config.getAccessSections()) {
StringBuilder sb = new StringBuilder();
sb.append((String.format(sectionNameFormatter, accessSection.getName().toString())));
// This is a solution to prevent displaying a section heading unless
// the user has permissions for it
// not the best solution, but I haven't been able to find
// "Is user a member of this group" based on the information I have
// in a more efficient manner yet.
userHasPermissionsInSection = false;
for (Permission permission : accessSection.getPermissions()) {
for (PermissionRule rule : permission.getRules()) {
if (groupHash.contains(rule.getGroup().getName())) {
sb.append(String.format(ruleNameFormatter, permission.getName()));
sb.append(
String.format(
permissionNameFormatter,
(rule.getMin() != rule.getMax())
? "" + rule.getMin() + " " + rule.getMax()
: rule.getAction(),
(permission.getExclusiveGroup() ? "EXCLUSIVE" : ""),
format(rule.getGroup().getName())));
userHasPermissionsInSection = true;
}
}
}
if (userHasPermissionsInSection) {
stdout.print(sb.toString());
userHasPermissionsInProject = true;
}
}
if (!userHasPermissionsInProject) {
stdout.println(" No access found for this user on this repository");
}
}
} catch (RepositoryNotFoundException e) {
throw new UnloggedFailure(1, "Repository not found");
}
}