use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class ProjectConfigTest method editConfig.
@Test
public void editConfig() throws Exception {
RevCommit rev = util.commit(//
util.tree(//
util.file("groups", util.blob(group(developers))), util.file("project.config", util.blob(//
"" + //
"[access \"refs/heads/*\"]\n" + //
" exclusiveGroupPermissions = read submit\n" + //
" submit = group Developers\n" + //
" upload = group Developers\n" + //
" read = group Developers\n" + //
"[accounts]\n" + //
" sameGroupVisibility = deny group Developers\n" + //
" sameGroupVisibility = block group Staff\n" + //
"[contributor-agreement \"Individual\"]\n" + //
" description = A simple description\n" + //
" accepted = group Developers\n" + //
" autoVerify = group Developers\n" + //
" agreementUrl = http://www.example.com/agree\n" + //
"[label \"CustomLabel\"]\n" + //
LABEL_SCORES_CONFIG))));
update(rev);
ProjectConfig cfg = read(rev);
AccessSection section = cfg.getAccessSection("refs/heads/*");
cfg.getAccountsSection().setSameGroupVisibility(Collections.singletonList(new PermissionRule(cfg.resolve(staff))));
Permission submit = section.getPermission(Permission.SUBMIT);
submit.add(new PermissionRule(cfg.resolve(staff)));
ContributorAgreement ca = cfg.getContributorAgreement("Individual");
ca.setAccepted(Collections.singletonList(new PermissionRule(cfg.resolve(staff))));
ca.setAutoVerify(null);
ca.setDescription("A new description");
rev = commit(cfg);
assertThat(text(rev, "project.config")).isEqualTo(//
"" + //
"[access \"refs/heads/*\"]\n" + //
" exclusiveGroupPermissions = read submit\n" + //
" submit = group Developers\n" + //
"\tsubmit = group Staff\n" + //
" upload = group Developers\n" + //
" read = group Developers\n" + //
"[accounts]\n" + //
" sameGroupVisibility = group Staff\n" + //
"[contributor-agreement \"Individual\"]\n" + //
" description = A new description\n" + //
" accepted = group Staff\n" + " agreementUrl = http://www.example.com/agree\n" + //
"[label \"CustomLabel\"]\n" + LABEL_SCORES_CONFIG + // label gets this function when it is created
"\tfunction = MaxWithBlock\n" + // label gets this value when it is created
"\tdefaultValue = 0\n");
}
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class ProjectConfigTest method editConfigMissingGroupTableEntry.
@Test
public void editConfigMissingGroupTableEntry() throws Exception {
RevCommit rev = util.commit(//
util.tree(//
util.file("groups", util.blob(group(developers))), util.file("project.config", util.blob(//
"" + //
"[access \"refs/heads/*\"]\n" + //
" exclusiveGroupPermissions = read submit\n" + //
" submit = group People Who Can Submit\n" + //
" upload = group Developers\n" + //
" read = group Developers\n"))));
update(rev);
ProjectConfig cfg = read(rev);
AccessSection section = cfg.getAccessSection("refs/heads/*");
Permission submit = section.getPermission(Permission.SUBMIT);
submit.add(new PermissionRule(cfg.resolve(staff)));
rev = commit(cfg);
assertThat(text(rev, "project.config")).isEqualTo(//
"" + //
"[access \"refs/heads/*\"]\n" + //
" exclusiveGroupPermissions = read submit\n" + //
" submit = group People Who Can Submit\n" + //
"\tsubmit = group Staff\n" + //
" upload = group Developers\n" + " read = group Developers\n");
}
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class ChangeOwnerIT method grantApproveToChangeOwner.
private void grantApproveToChangeOwner() throws Exception {
try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
md.setMessage(String.format("Grant approve to change owner"));
ProjectConfig config = ProjectConfig.read(md);
AccessSection s = config.getAccessSection("refs/heads/*", true);
Permission p = s.getPermission(LABEL + "Code-Review", true);
PermissionRule rule = new PermissionRule(config.resolve(systemGroupBackend.getGroup(SystemGroupBackend.CHANGE_OWNER)));
rule.setMin(-2);
rule.setMax(+2);
p.add(rule);
config.commit(md);
projectCache.evict(config.getProject());
}
}
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class AccessSectionEditor method onAddPermission.
void onAddPermission(String varName) {
int idx = permissions.getList().size();
Permission p = value.getPermission(varName, true);
permissions.getList().add(p);
PermissionEditor e = permissions.getEditors().get(idx);
e.beginAddRule();
rebuildPermissionSelector();
}
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class SetAccess method apply.
@Override
public ProjectAccessInfo apply(ProjectResource rsrc, ProjectAccessInput input) throws ResourceNotFoundException, ResourceConflictException, IOException, AuthException, BadRequestException, UnprocessableEntityException, PermissionBackendException {
List<AccessSection> removals = getAccessSections(input.remove);
List<AccessSection> additions = getAccessSections(input.add);
MetaDataUpdate.User metaDataUpdateUser = metaDataUpdateFactory.get();
ProjectControl projectControl = rsrc.getControl();
ProjectConfig config;
Project.NameKey newParentProjectName = input.parent == null ? null : new Project.NameKey(input.parent);
try (MetaDataUpdate md = metaDataUpdateUser.create(rsrc.getNameKey())) {
config = ProjectConfig.read(md);
// Perform removal checks
for (AccessSection section : removals) {
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
if (isGlobalCapabilities) {
checkGlobalCapabilityPermissions(config.getName());
} else if (!projectControl.controlForRef(section.getName()).isOwner()) {
throw new AuthException("You are not allowed to edit permissionsfor ref: " + section.getName());
}
}
// Perform addition checks
for (AccessSection section : additions) {
String name = section.getName();
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(name);
if (isGlobalCapabilities) {
checkGlobalCapabilityPermissions(config.getName());
} else {
if (!AccessSection.isValid(name)) {
throw new BadRequestException("invalid section name");
}
if (!projectControl.controlForRef(name).isOwner()) {
throw new AuthException("You are not allowed to edit permissionsfor ref: " + name);
}
RefPattern.validate(name);
}
// Check all permissions for soundness
for (Permission p : section.getPermissions()) {
if (isGlobalCapabilities && !GlobalCapability.isCapability(p.getName())) {
throw new BadRequestException("Cannot add non-global capability " + p.getName() + " to global capabilities");
}
}
}
// Apply removals
for (AccessSection section : removals) {
if (section.getPermissions().isEmpty()) {
// Remove entire section
config.remove(config.getAccessSection(section.getName()));
}
// Remove specific permissions
for (Permission p : section.getPermissions()) {
if (p.getRules().isEmpty()) {
config.remove(config.getAccessSection(section.getName()), p);
} else {
for (PermissionRule r : p.getRules()) {
config.remove(config.getAccessSection(section.getName()), p, r);
}
}
}
}
// Apply additions
for (AccessSection section : additions) {
AccessSection currentAccessSection = config.getAccessSection(section.getName());
if (currentAccessSection == null) {
// Add AccessSection
config.replace(section);
} else {
for (Permission p : section.getPermissions()) {
Permission currentPermission = currentAccessSection.getPermission(p.getName());
if (currentPermission == null) {
// Add Permission
currentAccessSection.addPermission(p);
} else {
for (PermissionRule r : p.getRules()) {
// AddPermissionRule
currentPermission.add(r);
}
}
}
}
}
if (newParentProjectName != null && !config.getProject().getNameKey().equals(allProjects) && !config.getProject().getParent(allProjects).equals(newParentProjectName)) {
try {
setParent.get().validateParentUpdate(projectControl, MoreObjects.firstNonNull(newParentProjectName, allProjects).get(), true);
} catch (UnprocessableEntityException e) {
throw new ResourceConflictException(e.getMessage(), e);
}
config.getProject().setParentName(newParentProjectName);
}
if (!Strings.isNullOrEmpty(input.message)) {
if (!input.message.endsWith("\n")) {
input.message += "\n";
}
md.setMessage(input.message);
} else {
md.setMessage("Modify access rules\n");
}
config.commit(md);
projectCache.evict(config.getProject());
} catch (InvalidNameException e) {
throw new BadRequestException(e.toString());
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(rsrc.getName());
}
return getAccess.apply(rsrc.getNameKey());
}
Aggregations