Examples with PermissionRule com.google.gerrit.common.data.PermissionRule used on opensource projects

Example 1 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class ChangeOwnerIT method grantApproveToChangeOwner.

private void grantApproveToChangeOwner() throws Exception {
    try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
        md.setMessage(String.format("Grant approve to change owner"));
        ProjectConfig config = ProjectConfig.read(md);
        AccessSection s = config.getAccessSection("refs/heads/*", true);
        Permission p = s.getPermission(LABEL + "Code-Review", true);
        PermissionRule rule = new PermissionRule(config.resolve(systemGroupBackend.getGroup(SystemGroupBackend.CHANGE_OWNER)));
        rule.setMin(-2);
        rule.setMax(+2);
        p.add(rule);
        config.commit(md);
        projectCache.evict(config.getProject());
    }
}

Example 2 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class CapabilityControl method toRange.

private static PermissionRange toRange(String permissionName, List<PermissionRule> ruleList) {
    int min = 0;
    int max = 0;
    if (ruleList.isEmpty()) {
        PermissionRange.WithDefaults defaultRange = GlobalCapability.getRange(permissionName);
        if (defaultRange != null) {
            min = defaultRange.getDefaultMin();
            max = defaultRange.getDefaultMax();
        }
    } else {
        for (PermissionRule rule : ruleList) {
            min = Math.min(min, rule.getMin());
            max = Math.max(max, rule.getMax());
        }
    }
    return new PermissionRange(permissionName, min, max);
}

Example 3 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class CapabilityControl method getQueueType.

/** @return which priority queue the user's tasks should be submitted to. */
public QueueProvider.QueueType getQueueType() {
    // If a non-generic group (that is not Anonymous Users or Registered Users)
    // grants us INTERACTIVE permission, use the INTERACTIVE queue even if
    // BATCH was otherwise granted. This allows site administrators to grant
    // INTERACTIVE to Registered Users, and BATCH to 'CI Servers' and have
    // the 'CI Servers' actually use the BATCH queue while everyone else gets
    // to use the INTERACTIVE queue without additional grants.
    //
    GroupMembership groups = user.getEffectiveGroups();
    boolean batch = false;
    for (PermissionRule r : capabilities.priority) {
        if (match(groups, r)) {
            switch(r.getAction()) {
                case INTERACTIVE:
                    if (!SystemGroupBackend.isAnonymousOrRegistered(r.getGroup())) {
                        return QueueProvider.QueueType.INTERACTIVE;
                    }
                    break;
                case BATCH:
                    batch = true;
                    break;
                case ALLOW:
                case BLOCK:
                case DENY:
                    break;
            }
        }
    }
    if (batch) {
        // If any of our groups matched to the BATCH queue, use it.
        return QueueProvider.QueueType.BATCH;
    }
    return QueueProvider.QueueType.INTERACTIVE;
}

Example 4 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class CapabilityControl method access.

/** Rules for the given permission, or the empty list. */
private List<PermissionRule> access(String permissionName) {
    List<PermissionRule> rules = effective.get(permissionName);
    if (rules != null) {
        return rules;
    }
    rules = capabilities.getPermission(permissionName);
    GroupMembership groups = user.getEffectiveGroups();
    List<PermissionRule> mine = new ArrayList<>(rules.size());
    for (PermissionRule rule : rules) {
        if (match(groups, rule)) {
            mine.add(rule);
        }
    }
    if (mine.isEmpty()) {
        mine = Collections.emptyList();
    }
    effective.put(permissionName, mine);
    return mine;
}

Example 5 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class RefControl method isForceBlocked.

/** True if for this permission force is blocked for the user. Works only for non labels. */
private boolean isForceBlocked(String permissionName) {
    List<PermissionRule> access = access(permissionName);
    List<PermissionRule> overridden = relevant.getOverridden(permissionName);
    Set<ProjectRef> allows = new HashSet<>();
    Set<ProjectRef> blocks = new HashSet<>();
    for (PermissionRule rule : access) {
        if (rule.isBlock()) {
            blocks.add(relevant.getRuleProps(rule));
        } else if (rule.getForce()) {
            allows.add(relevant.getRuleProps(rule));
        }
    }
    for (PermissionRule rule : overridden) {
        if (rule.getForce()) {
            blocks.remove(relevant.getRuleProps(rule));
        }
    }
    blocks.removeAll(allows);
    return !blocks.isEmpty();
}