Examples with AccessSection com.google.gerrit.common.data.AccessSection used on opensource projects

Example 11 with AccessSection

use of com.google.gerrit.common.data.AccessSection in project gerrit by GerritCodeReview.

the class ProjectControl method canPerformOnAnyRef.

private boolean canPerformOnAnyRef(String permissionName) {
    for (SectionMatcher matcher : access()) {
        AccessSection section = matcher.section;
        Permission permission = section.getPermission(permissionName);
        if (permission == null) {
            continue;
        }
        for (PermissionRule rule : permission.getRules()) {
            if (rule.isBlock() || rule.isDeny() || !match(rule)) {
                continue;
            }
            //
            if (controlForRef(section.getName()).canPerform(permissionName)) {
                return true;
            }
            break;
        }
    }
    return false;
}

Example 12 with AccessSection

use of com.google.gerrit.common.data.AccessSection in project gerrit by GerritCodeReview.

the class ProjectAccessHandler method call.

@Override
public final T call() throws NoSuchProjectException, IOException, ConfigInvalidException, InvalidNameException, NoSuchGroupException, OrmException, UpdateParentFailedException, PermissionDeniedException, PermissionBackendException {
    final ProjectControl projectControl = projectControlFactory.controlFor(projectName);
    Capable r = projectControl.canPushToAtLeastOneRef();
    if (r != Capable.OK) {
        throw new PermissionDeniedException(r.getMessage());
    }
    try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
        ProjectConfig config = ProjectConfig.read(md, base);
        Set<String> toDelete = scanSectionNames(config);
        for (AccessSection section : mergeSections(sectionList)) {
            String name = section.getName();
            if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
                if (checkIfOwner && !projectControl.isOwner()) {
                    continue;
                }
                replace(config, toDelete, section);
            } else if (AccessSection.isValid(name)) {
                if (checkIfOwner && !projectControl.controlForRef(name).isOwner()) {
                    continue;
                }
                RefPattern.validate(name);
                replace(config, toDelete, section);
            }
        }
        for (String name : toDelete) {
            if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
                if (!checkIfOwner || projectControl.isOwner()) {
                    config.remove(config.getAccessSection(name));
                }
            } else if (!checkIfOwner || projectControl.controlForRef(name).isOwner()) {
                config.remove(config.getAccessSection(name));
            }
        }
        boolean parentProjectUpdate = false;
        if (!config.getProject().getNameKey().equals(allProjects) && !config.getProject().getParent(allProjects).equals(parentProjectName)) {
            parentProjectUpdate = true;
            try {
                setParent.get().validateParentUpdate(projectControl, MoreObjects.firstNonNull(parentProjectName, allProjects).get(), checkIfOwner);
            } catch (AuthException e) {
                throw new UpdateParentFailedException("You are not allowed to change the parent project since you are " + "not an administrator. You may save the modifications for review " + "so that an administrator can approve them.", e);
            } catch (ResourceConflictException | UnprocessableEntityException e) {
                throw new UpdateParentFailedException(e.getMessage(), e);
            }
            config.getProject().setParentName(parentProjectName);
        }
        if (message != null && !message.isEmpty()) {
            if (!message.endsWith("\n")) {
                message += "\n";
            }
            md.setMessage(message);
        } else {
            md.setMessage("Modify access rules\n");
        }
        return updateProjectConfig(projectControl, config, md, parentProjectUpdate);
    } catch (RepositoryNotFoundException notFound) {
        throw new NoSuchProjectException(projectName);
    }
}

Example 13 with AccessSection

use of com.google.gerrit.common.data.AccessSection in project gerrit by GerritCodeReview.

the class LabelNormalizerTest method configureProject.

private void configureProject() throws Exception {
    ProjectConfig pc = loadAllProjects();
    for (AccessSection sec : pc.getAccessSections()) {
        for (String label : pc.getLabelSections().keySet()) {
            sec.removePermission(forLabel(label));
        }
    }
    LabelType lt = category("Verified", value(1, "Verified"), value(0, "No score"), value(-1, "Fails"));
    pc.getLabelSections().put(lt.getName(), lt);
    save(pc);
}

Example 14 with AccessSection

use of com.google.gerrit.common.data.AccessSection in project gerrit by GerritCodeReview.

the class ProjectConfigTest method readConfig.

@Test
public void readConfig() throws Exception {
    RevCommit rev = util.commit(//
    util.tree(//
    util.file("groups", util.blob(group(developers))), util.file("project.config", util.blob(//
    "" + //
    "[access \"refs/heads/*\"]\n" + //
    "  exclusiveGroupPermissions = read submit create\n" + //
    "  submit = group Developers\n" + //
    "  push = group Developers\n" + //
    "  read = group Developers\n" + //
    "[accounts]\n" + //
    "  sameGroupVisibility = deny group Developers\n" + //
    "  sameGroupVisibility = block group Staff\n" + //
    "[contributor-agreement \"Individual\"]\n" + //
    "  description = A simple description\n" + //
    "  accepted = group Developers\n" + //
    "  accepted = group Staff\n" + //
    "  autoVerify = group Developers\n" + //
    "  agreementUrl = http://www.example.com/agree\n"))));
    ProjectConfig cfg = read(rev);
    assertThat(cfg.getAccountsSection().getSameGroupVisibility()).hasSize(2);
    ContributorAgreement ca = cfg.getContributorAgreement("Individual");
    assertThat(ca.getName()).isEqualTo("Individual");
    assertThat(ca.getDescription()).isEqualTo("A simple description");
    assertThat(ca.getAgreementUrl()).isEqualTo("http://www.example.com/agree");
    assertThat(ca.getAccepted()).hasSize(2);
    assertThat(ca.getAccepted().get(0).getGroup()).isEqualTo(developers);
    assertThat(ca.getAccepted().get(1).getGroup().getName()).isEqualTo("Staff");
    assertThat(ca.getAutoVerify().getName()).isEqualTo("Developers");
    AccessSection section = cfg.getAccessSection("refs/heads/*");
    assertThat(section).isNotNull();
    assertThat(cfg.getAccessSection("refs/*")).isNull();
    Permission create = section.getPermission(Permission.CREATE);
    Permission submit = section.getPermission(Permission.SUBMIT);
    Permission read = section.getPermission(Permission.READ);
    Permission push = section.getPermission(Permission.PUSH);
    assertThat(create.getExclusiveGroup()).isTrue();
    assertThat(submit.getExclusiveGroup()).isTrue();
    assertThat(read.getExclusiveGroup()).isTrue();
    assertThat(push.getExclusiveGroup()).isFalse();
}

Example 15 with AccessSection

use of com.google.gerrit.common.data.AccessSection in project gerrit by GerritCodeReview.

the class ProjectConfigTest method editConfig.

@Test
public void editConfig() throws Exception {
    RevCommit rev = util.commit(//
    util.tree(//
    util.file("groups", util.blob(group(developers))), util.file("project.config", util.blob(//
    "" + //
    "[access \"refs/heads/*\"]\n" + //
    "  exclusiveGroupPermissions = read submit\n" + //
    "  submit = group Developers\n" + //
    "  upload = group Developers\n" + //
    "  read = group Developers\n" + //
    "[accounts]\n" + //
    "  sameGroupVisibility = deny group Developers\n" + //
    "  sameGroupVisibility = block group Staff\n" + //
    "[contributor-agreement \"Individual\"]\n" + //
    "  description = A simple description\n" + //
    "  accepted = group Developers\n" + //
    "  autoVerify = group Developers\n" + //
    "  agreementUrl = http://www.example.com/agree\n" + //
    "[label \"CustomLabel\"]\n" + //
    LABEL_SCORES_CONFIG))));
    update(rev);
    ProjectConfig cfg = read(rev);
    AccessSection section = cfg.getAccessSection("refs/heads/*");
    cfg.getAccountsSection().setSameGroupVisibility(Collections.singletonList(new PermissionRule(cfg.resolve(staff))));
    Permission submit = section.getPermission(Permission.SUBMIT);
    submit.add(new PermissionRule(cfg.resolve(staff)));
    ContributorAgreement ca = cfg.getContributorAgreement("Individual");
    ca.setAccepted(Collections.singletonList(new PermissionRule(cfg.resolve(staff))));
    ca.setAutoVerify(null);
    ca.setDescription("A new description");
    rev = commit(cfg);
    assertThat(text(rev, "project.config")).isEqualTo(//
    "" + //
    "[access \"refs/heads/*\"]\n" + //
    "  exclusiveGroupPermissions = read submit\n" + //
    "  submit = group Developers\n" + //
    "\tsubmit = group Staff\n" + //
    "  upload = group Developers\n" + //
    "  read = group Developers\n" + //
    "[accounts]\n" + //
    "  sameGroupVisibility = group Staff\n" + //
    "[contributor-agreement \"Individual\"]\n" + //
    "  description = A new description\n" + //
    "  accepted = group Staff\n" + "  agreementUrl = http://www.example.com/agree\n" + //
    "[label \"CustomLabel\"]\n" + LABEL_SCORES_CONFIG + // label gets this function when it is created
    "\tfunction = MaxWithBlock\n" + //  label gets this value when it is created
    "\tdefaultValue = 0\n");
}