Search in sources :

Example 11 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class ProjectConfigTest method editConfig.

@Test
public void editConfig() throws Exception {
    RevCommit rev = util.commit(//
    util.tree(//
    util.file("groups", util.blob(group(developers))), util.file("project.config", util.blob(//
    "" + //
    "[access \"refs/heads/*\"]\n" + //
    "  exclusiveGroupPermissions = read submit\n" + //
    "  submit = group Developers\n" + //
    "  upload = group Developers\n" + //
    "  read = group Developers\n" + //
    "[accounts]\n" + //
    "  sameGroupVisibility = deny group Developers\n" + //
    "  sameGroupVisibility = block group Staff\n" + //
    "[contributor-agreement \"Individual\"]\n" + //
    "  description = A simple description\n" + //
    "  accepted = group Developers\n" + //
    "  autoVerify = group Developers\n" + //
    "  agreementUrl = http://www.example.com/agree\n" + //
    "[label \"CustomLabel\"]\n" + //
    LABEL_SCORES_CONFIG))));
    update(rev);
    ProjectConfig cfg = read(rev);
    AccessSection section = cfg.getAccessSection("refs/heads/*");
    cfg.getAccountsSection().setSameGroupVisibility(Collections.singletonList(new PermissionRule(cfg.resolve(staff))));
    Permission submit = section.getPermission(Permission.SUBMIT);
    submit.add(new PermissionRule(cfg.resolve(staff)));
    ContributorAgreement ca = cfg.getContributorAgreement("Individual");
    ca.setAccepted(Collections.singletonList(new PermissionRule(cfg.resolve(staff))));
    ca.setAutoVerify(null);
    ca.setDescription("A new description");
    rev = commit(cfg);
    assertThat(text(rev, "project.config")).isEqualTo(//
    "" + //
    "[access \"refs/heads/*\"]\n" + //
    "  exclusiveGroupPermissions = read submit\n" + //
    "  submit = group Developers\n" + //
    "\tsubmit = group Staff\n" + //
    "  upload = group Developers\n" + //
    "  read = group Developers\n" + //
    "[accounts]\n" + //
    "  sameGroupVisibility = group Staff\n" + //
    "[contributor-agreement \"Individual\"]\n" + //
    "  description = A new description\n" + //
    "  accepted = group Staff\n" + "  agreementUrl = http://www.example.com/agree\n" + //
    "[label \"CustomLabel\"]\n" + LABEL_SCORES_CONFIG + // label gets this function when it is created
    "\tfunction = MaxWithBlock\n" + //  label gets this value when it is created
    "\tdefaultValue = 0\n");
}
Also used : PermissionRule(com.google.gerrit.common.data.PermissionRule) ContributorAgreement(com.google.gerrit.common.data.ContributorAgreement) Permission(com.google.gerrit.common.data.Permission) AccessSection(com.google.gerrit.common.data.AccessSection) RevCommit(org.eclipse.jgit.revwalk.RevCommit) Test(org.junit.Test)

Example 12 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class ProjectConfigTest method editConfigMissingGroupTableEntry.

@Test
public void editConfigMissingGroupTableEntry() throws Exception {
    RevCommit rev = util.commit(//
    util.tree(//
    util.file("groups", util.blob(group(developers))), util.file("project.config", util.blob(//
    "" + //
    "[access \"refs/heads/*\"]\n" + //
    "  exclusiveGroupPermissions = read submit\n" + //
    "  submit = group People Who Can Submit\n" + //
    "  upload = group Developers\n" + //
    "  read = group Developers\n"))));
    update(rev);
    ProjectConfig cfg = read(rev);
    AccessSection section = cfg.getAccessSection("refs/heads/*");
    Permission submit = section.getPermission(Permission.SUBMIT);
    submit.add(new PermissionRule(cfg.resolve(staff)));
    rev = commit(cfg);
    assertThat(text(rev, "project.config")).isEqualTo(//
    "" + //
    "[access \"refs/heads/*\"]\n" + //
    "  exclusiveGroupPermissions = read submit\n" + //
    "  submit = group People Who Can Submit\n" + //
    "\tsubmit = group Staff\n" + //
    "  upload = group Developers\n" + "  read = group Developers\n");
}
Also used : PermissionRule(com.google.gerrit.common.data.PermissionRule) Permission(com.google.gerrit.common.data.Permission) AccessSection(com.google.gerrit.common.data.AccessSection) RevCommit(org.eclipse.jgit.revwalk.RevCommit) Test(org.junit.Test)

Example 13 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class ChangeOwnerIT method grantApproveToChangeOwner.

private void grantApproveToChangeOwner() throws Exception {
    try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
        md.setMessage(String.format("Grant approve to change owner"));
        ProjectConfig config = ProjectConfig.read(md);
        AccessSection s = config.getAccessSection("refs/heads/*", true);
        Permission p = s.getPermission(LABEL + "Code-Review", true);
        PermissionRule rule = new PermissionRule(config.resolve(systemGroupBackend.getGroup(SystemGroupBackend.CHANGE_OWNER)));
        rule.setMin(-2);
        rule.setMax(+2);
        p.add(rule);
        config.commit(md);
        projectCache.evict(config.getProject());
    }
}
Also used : ProjectConfig(com.google.gerrit.server.git.ProjectConfig) PermissionRule(com.google.gerrit.common.data.PermissionRule) Permission(com.google.gerrit.common.data.Permission) AccessSection(com.google.gerrit.common.data.AccessSection) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)

Example 14 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class AccessSectionEditor method onAddPermission.

void onAddPermission(String varName) {
    int idx = permissions.getList().size();
    Permission p = value.getPermission(varName, true);
    permissions.getList().add(p);
    PermissionEditor e = permissions.getEditors().get(idx);
    e.beginAddRule();
    rebuildPermissionSelector();
}
Also used : Permission(com.google.gerrit.common.data.Permission)

Example 15 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class SetAccess method apply.

@Override
public ProjectAccessInfo apply(ProjectResource rsrc, ProjectAccessInput input) throws ResourceNotFoundException, ResourceConflictException, IOException, AuthException, BadRequestException, UnprocessableEntityException, PermissionBackendException {
    List<AccessSection> removals = getAccessSections(input.remove);
    List<AccessSection> additions = getAccessSections(input.add);
    MetaDataUpdate.User metaDataUpdateUser = metaDataUpdateFactory.get();
    ProjectControl projectControl = rsrc.getControl();
    ProjectConfig config;
    Project.NameKey newParentProjectName = input.parent == null ? null : new Project.NameKey(input.parent);
    try (MetaDataUpdate md = metaDataUpdateUser.create(rsrc.getNameKey())) {
        config = ProjectConfig.read(md);
        // Perform removal checks
        for (AccessSection section : removals) {
            boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
            if (isGlobalCapabilities) {
                checkGlobalCapabilityPermissions(config.getName());
            } else if (!projectControl.controlForRef(section.getName()).isOwner()) {
                throw new AuthException("You are not allowed to edit permissionsfor ref: " + section.getName());
            }
        }
        // Perform addition checks
        for (AccessSection section : additions) {
            String name = section.getName();
            boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(name);
            if (isGlobalCapabilities) {
                checkGlobalCapabilityPermissions(config.getName());
            } else {
                if (!AccessSection.isValid(name)) {
                    throw new BadRequestException("invalid section name");
                }
                if (!projectControl.controlForRef(name).isOwner()) {
                    throw new AuthException("You are not allowed to edit permissionsfor ref: " + name);
                }
                RefPattern.validate(name);
            }
            // Check all permissions for soundness
            for (Permission p : section.getPermissions()) {
                if (isGlobalCapabilities && !GlobalCapability.isCapability(p.getName())) {
                    throw new BadRequestException("Cannot add non-global capability " + p.getName() + " to global capabilities");
                }
            }
        }
        // Apply removals
        for (AccessSection section : removals) {
            if (section.getPermissions().isEmpty()) {
                // Remove entire section
                config.remove(config.getAccessSection(section.getName()));
            }
            // Remove specific permissions
            for (Permission p : section.getPermissions()) {
                if (p.getRules().isEmpty()) {
                    config.remove(config.getAccessSection(section.getName()), p);
                } else {
                    for (PermissionRule r : p.getRules()) {
                        config.remove(config.getAccessSection(section.getName()), p, r);
                    }
                }
            }
        }
        // Apply additions
        for (AccessSection section : additions) {
            AccessSection currentAccessSection = config.getAccessSection(section.getName());
            if (currentAccessSection == null) {
                // Add AccessSection
                config.replace(section);
            } else {
                for (Permission p : section.getPermissions()) {
                    Permission currentPermission = currentAccessSection.getPermission(p.getName());
                    if (currentPermission == null) {
                        // Add Permission
                        currentAccessSection.addPermission(p);
                    } else {
                        for (PermissionRule r : p.getRules()) {
                            // AddPermissionRule
                            currentPermission.add(r);
                        }
                    }
                }
            }
        }
        if (newParentProjectName != null && !config.getProject().getNameKey().equals(allProjects) && !config.getProject().getParent(allProjects).equals(newParentProjectName)) {
            try {
                setParent.get().validateParentUpdate(projectControl, MoreObjects.firstNonNull(newParentProjectName, allProjects).get(), true);
            } catch (UnprocessableEntityException e) {
                throw new ResourceConflictException(e.getMessage(), e);
            }
            config.getProject().setParentName(newParentProjectName);
        }
        if (!Strings.isNullOrEmpty(input.message)) {
            if (!input.message.endsWith("\n")) {
                input.message += "\n";
            }
            md.setMessage(input.message);
        } else {
            md.setMessage("Modify access rules\n");
        }
        config.commit(md);
        projectCache.evict(config.getProject());
    } catch (InvalidNameException e) {
        throw new BadRequestException(e.toString());
    } catch (ConfigInvalidException e) {
        throw new ResourceConflictException(rsrc.getName());
    }
    return getAccess.apply(rsrc.getNameKey());
}
Also used : UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException) ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException) PermissionRule(com.google.gerrit.common.data.PermissionRule) AuthException(com.google.gerrit.extensions.restapi.AuthException) AccessSection(com.google.gerrit.common.data.AccessSection) ProjectConfig(com.google.gerrit.server.git.ProjectConfig) Project(com.google.gerrit.reviewdb.client.Project) ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException) InvalidNameException(com.google.gerrit.common.errors.InvalidNameException) GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission) Permission(com.google.gerrit.common.data.Permission) BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)

Aggregations

Permission (com.google.gerrit.common.data.Permission)29 AccessSection (com.google.gerrit.common.data.AccessSection)19 PermissionRule (com.google.gerrit.common.data.PermissionRule)18 ProjectConfig (com.google.gerrit.server.git.ProjectConfig)10 MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)9 GroupReference (com.google.gerrit.common.data.GroupReference)6 Permission.isPermission (com.google.gerrit.common.data.Permission.isPermission)4 ProjectPermission (com.google.gerrit.server.permissions.ProjectPermission)4 ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)4 AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)3 Project (com.google.gerrit.reviewdb.client.Project)3 OrmException (com.google.gwtorm.server.OrmException)3 HashSet (java.util.HashSet)3 RevCommit (org.eclipse.jgit.revwalk.RevCommit)3 Test (org.junit.Test)3 ContributorAgreement (com.google.gerrit.common.data.ContributorAgreement)2 GroupDescription (com.google.gerrit.common.data.GroupDescription)2 LabelType (com.google.gerrit.common.data.LabelType)2 NoSuchGroupException (com.google.gerrit.common.errors.NoSuchGroupException)2 AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)2