Example 1 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class Schema_135 method migrateData.
@Override
protected void migrateData(ReviewDb db, UpdateUI ui) throws OrmException {
try (Repository git = repoManager.openRepository(allProjectsName);
MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, allProjectsName, git)) {
ProjectConfig config = ProjectConfig.read(md);
AccessSection meta = config.getAccessSection(RefNames.REFS_CONFIG, true);
Permission createRefsMetaConfigPermission = meta.getPermission(Permission.CREATE, true);
Set<GroupReference> groups = Stream.concat(config.getAccessSection(AccessSection.GLOBAL_CAPABILITIES, true).getPermission(GlobalCapability.ADMINISTRATE_SERVER, true).getRules().stream().map(PermissionRule::getGroup), Stream.of(systemGroupBackend.getGroup(PROJECT_OWNERS))).filter(g -> createRefsMetaConfigPermission.getRule(g) == null).collect(toSet());
for (GroupReference group : groups) {
createRefsMetaConfigPermission.add(new PermissionRule(config.resolve(group)));
}
md.getCommitBuilder().setAuthor(serverUser);
md.getCommitBuilder().setCommitter(serverUser);
md.setMessage(COMMIT_MSG);
config.commit(md);
} catch (ConfigInvalidException | IOException ex) {
throw new OrmException(ex);
}
}
Also used :
PermissionRule(com.google.gerrit.common.data.PermissionRule)
ReviewDb(com.google.gerrit.reviewdb.server.ReviewDb)
OrmException(com.google.gwtorm.server.OrmException)
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
GlobalCapability(com.google.gerrit.common.data.GlobalCapability)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Inject(com.google.inject.Inject)
AccessSection(com.google.gerrit.common.data.AccessSection)
SystemGroupBackend(com.google.gerrit.server.group.SystemGroupBackend)
PROJECT_OWNERS(com.google.gerrit.server.group.SystemGroupBackend.PROJECT_OWNERS)
Collectors.toSet(java.util.stream.Collectors.toSet)
Permission(com.google.gerrit.common.data.Permission)
Set(java.util.Set)
IOException(java.io.IOException)
PersonIdent(org.eclipse.jgit.lib.PersonIdent)
Provider(com.google.inject.Provider)
AllProjectsName(com.google.gerrit.server.config.AllProjectsName)
Stream(java.util.stream.Stream)
GitRepositoryManager(com.google.gerrit.server.git.GitRepositoryManager)
RefNames(com.google.gerrit.reviewdb.client.RefNames)
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
GroupReference(com.google.gerrit.common.data.GroupReference)
GerritPersonIdent(com.google.gerrit.server.GerritPersonIdent)
GitReferenceUpdated(com.google.gerrit.server.extensions.events.GitReferenceUpdated)
Repository(org.eclipse.jgit.lib.Repository)
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
IOException(java.io.IOException)
AccessSection(com.google.gerrit.common.data.AccessSection)
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
Repository(org.eclipse.jgit.lib.Repository)
OrmException(com.google.gwtorm.server.OrmException)
Permission(com.google.gerrit.common.data.Permission)
GroupReference(com.google.gerrit.common.data.GroupReference)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Example 2 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class ProjectConfig method saveAccessSections.
private void saveAccessSections(Config rc, Set<AccountGroup.UUID> keepGroups) {
AccessSection capability = accessSections.get(AccessSection.GLOBAL_CAPABILITIES);
if (capability != null) {
Set<String> have = new HashSet<>();
for (Permission permission : sort(capability.getPermissions())) {
have.add(permission.getName().toLowerCase());
boolean needRange = GlobalCapability.hasRange(permission.getName());
List<String> rules = new ArrayList<>();
for (PermissionRule rule : sort(permission.getRules())) {
GroupReference group = resolve(rule.getGroup());
if (group.getUUID() != null) {
keepGroups.add(group.getUUID());
}
rules.add(rule.asString(needRange));
}
rc.setStringList(CAPABILITY, null, permission.getName(), rules);
}
for (String varName : rc.getNames(CAPABILITY)) {
if (!have.contains(varName.toLowerCase())) {
rc.unset(CAPABILITY, null, varName);
}
}
} else {
rc.unsetSection(CAPABILITY, null);
}
for (AccessSection as : sort(accessSections.values())) {
String refName = as.getName();
if (AccessSection.GLOBAL_CAPABILITIES.equals(refName)) {
continue;
}
StringBuilder doNotInherit = new StringBuilder();
for (Permission perm : sort(as.getPermissions())) {
if (perm.getExclusiveGroup()) {
if (0 < doNotInherit.length()) {
doNotInherit.append(' ');
}
doNotInherit.append(perm.getName());
}
}
if (0 < doNotInherit.length()) {
rc.setString(ACCESS, refName, KEY_GROUP_PERMISSIONS, doNotInherit.toString());
} else {
rc.unset(ACCESS, refName, KEY_GROUP_PERMISSIONS);
}
Set<String> have = new HashSet<>();
for (Permission permission : sort(as.getPermissions())) {
have.add(permission.getName().toLowerCase());
boolean needRange = Permission.hasRange(permission.getName());
List<String> rules = new ArrayList<>();
for (PermissionRule rule : sort(permission.getRules())) {
GroupReference group = resolve(rule.getGroup());
if (group.getUUID() != null) {
keepGroups.add(group.getUUID());
}
rules.add(rule.asString(needRange));
}
rc.setStringList(ACCESS, refName, permission.getName(), rules);
}
for (String varName : rc.getNames(ACCESS, refName)) {
if (isPermission(convertLegacyPermission(varName)) && !have.contains(varName.toLowerCase())) {
rc.unset(ACCESS, refName, varName);
}
}
}
for (String name : rc.getSubsections(ACCESS)) {
if (RefConfigSection.isValid(name) && !accessSections.containsKey(name)) {
rc.unsetSection(ACCESS, name);
}
}
}
Also used :
PermissionRule(com.google.gerrit.common.data.PermissionRule)
Permission(com.google.gerrit.common.data.Permission)
Permission.isPermission(com.google.gerrit.common.data.Permission.isPermission)
ArrayList(java.util.ArrayList)
GroupReference(com.google.gerrit.common.data.GroupReference)
AccessSection(com.google.gerrit.common.data.AccessSection)
HashSet(java.util.HashSet)
Example 3 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class ProjectConfig method loadPermissionRules.
private List<PermissionRule> loadPermissionRules(Config rc, String section, String subsection, String varName, Map<String, GroupReference> groupsByName, boolean useRange) {
Permission perm = new Permission(varName);
loadPermissionRules(rc, section, subsection, varName, groupsByName, perm, useRange);
return perm.getRules();
}
Also used :
Permission(com.google.gerrit.common.data.Permission)
Permission.isPermission(com.google.gerrit.common.data.Permission.isPermission)
Example 4 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class GetAccess method apply.
@Override
public ProjectAccessInfo apply(ProjectResource rsrc) throws ResourceNotFoundException, ResourceConflictException, IOException {
// Load the current configuration from the repository, ensuring it's the most
// recent version available. If it differs from what was in the project
// state, force a cache flush now.
//
Project.NameKey projectName = rsrc.getNameKey();
ProjectAccessInfo info = new ProjectAccessInfo();
ProjectConfig config;
ProjectControl pc = createProjectControl(projectName);
RefControl metaConfigControl = pc.controlForRef(RefNames.REFS_CONFIG);
try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
config = ProjectConfig.read(md);
if (config.updateGroupNames(groupBackend)) {
md.setMessage("Update group names\n");
config.commit(md);
projectCache.evict(config.getProject());
pc = createProjectControl(projectName);
} else if (config.getRevision() != null && !config.getRevision().equals(pc.getProjectState().getConfig().getRevision())) {
projectCache.evict(config.getProject());
pc = createProjectControl(projectName);
}
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(e.getMessage());
} catch (RepositoryNotFoundException e) {
throw new ResourceNotFoundException(rsrc.getName());
}
info.local = new HashMap<>();
info.ownerOf = new HashSet<>();
Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
for (AccessSection section : config.getAccessSections()) {
String name = section.getName();
if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
if (pc.isOwner()) {
info.local.put(name, createAccessSection(section));
info.ownerOf.add(name);
} else if (metaConfigControl.isVisible()) {
info.local.put(section.getName(), createAccessSection(section));
}
} else if (RefConfigSection.isValid(name)) {
RefControl rc = pc.controlForRef(name);
if (rc.isOwner()) {
info.local.put(name, createAccessSection(section));
info.ownerOf.add(name);
} else if (metaConfigControl.isVisible()) {
info.local.put(name, createAccessSection(section));
} else if (rc.isVisible()) {
// Filter the section to only add rules describing groups that
// are visible to the current-user. This includes any group the
// user is a member of, as well as groups they own or that
// are visible to all users.
AccessSection dst = null;
for (Permission srcPerm : section.getPermissions()) {
Permission dstPerm = null;
for (PermissionRule srcRule : srcPerm.getRules()) {
AccountGroup.UUID group = srcRule.getGroup().getUUID();
if (group == null) {
continue;
}
Boolean canSeeGroup = visibleGroups.get(group);
if (canSeeGroup == null) {
try {
canSeeGroup = groupControlFactory.controlFor(group).isVisible();
} catch (NoSuchGroupException e) {
canSeeGroup = Boolean.FALSE;
}
visibleGroups.put(group, canSeeGroup);
}
if (canSeeGroup) {
if (dstPerm == null) {
if (dst == null) {
dst = new AccessSection(name);
info.local.put(name, createAccessSection(dst));
}
dstPerm = dst.getPermission(srcPerm.getName(), true);
}
dstPerm.add(srcRule);
}
}
}
}
}
}
if (info.ownerOf.isEmpty() && pc.isOwnerAnyRef()) {
// Special case: If the section list is empty, this project has no current
// access control information. Rely on what ProjectControl determines
// is ownership, which probably means falling back to site administrators.
info.ownerOf.add(AccessSection.ALL);
}
if (config.getRevision() != null) {
info.revision = config.getRevision().name();
}
ProjectState parent = Iterables.getFirst(pc.getProjectState().parents(), null);
if (parent != null) {
info.inheritsFrom = projectJson.format(parent.getProject());
}
if (pc.getProject().getNameKey().equals(allProjectsName)) {
if (pc.isOwner()) {
info.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
}
}
info.isOwner = toBoolean(pc.isOwner());
info.canUpload = toBoolean(pc.isOwner() || (metaConfigControl.isVisible() && metaConfigControl.canUpload()));
info.canAdd = toBoolean(pc.canAddRefs());
info.configVisible = pc.isOwner() || metaConfigControl.isVisible();
return info;
}
Also used :
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
HashMap(java.util.HashMap)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
RepositoryNotFoundException(org.eclipse.jgit.errors.RepositoryNotFoundException)
AccessSection(com.google.gerrit.common.data.AccessSection)
NoSuchGroupException(com.google.gerrit.common.errors.NoSuchGroupException)
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
Project(com.google.gerrit.reviewdb.client.Project)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
Permission(com.google.gerrit.common.data.Permission)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Example 5 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class GetAccess method createAccessSection.
private AccessSectionInfo createAccessSection(AccessSection section) {
AccessSectionInfo accessSectionInfo = new AccessSectionInfo();
accessSectionInfo.permissions = new HashMap<>();
for (Permission p : section.getPermissions()) {
PermissionInfo pInfo = new PermissionInfo(p.getLabel(), p.getExclusiveGroup() ? true : null);
pInfo.rules = new HashMap<>();
for (PermissionRule r : p.getRules()) {
PermissionRuleInfo info = new PermissionRuleInfo(ACTION_TYPE.get(r.getAction()), r.getForce());
if (r.hasRange()) {
info.max = r.getMax();
info.min = r.getMin();
}
AccountGroup.UUID group = r.getGroup().getUUID();
if (group != null) {
pInfo.rules.put(group.get(), info);
}
}
accessSectionInfo.permissions.put(p.getName(), pInfo);
}
return accessSectionInfo;
}
Also used :
PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo)
AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
Permission(com.google.gerrit.common.data.Permission)
PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo)
AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo)
Aggregations
Permission (com.google.gerrit.common.data.Permission)29
AccessSection (com.google.gerrit.common.data.AccessSection)19
PermissionRule (com.google.gerrit.common.data.PermissionRule)18
ProjectConfig (com.google.gerrit.server.git.ProjectConfig)10
MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)9
GroupReference (com.google.gerrit.common.data.GroupReference)6
Permission.isPermission (com.google.gerrit.common.data.Permission.isPermission)4
ProjectPermission (com.google.gerrit.server.permissions.ProjectPermission)4
ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)4
AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)3
Project (com.google.gerrit.reviewdb.client.Project)3
OrmException (com.google.gwtorm.server.OrmException)3
HashSet (java.util.HashSet)3
RevCommit (org.eclipse.jgit.revwalk.RevCommit)3
Test (org.junit.Test)3
ContributorAgreement (com.google.gerrit.common.data.ContributorAgreement)2
GroupDescription (com.google.gerrit.common.data.GroupDescription)2
LabelType (com.google.gerrit.common.data.LabelType)2
NoSuchGroupException (com.google.gerrit.common.errors.NoSuchGroupException)2
AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)2
