Example 16 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class AllProjectsCreator method initAllProjects.
private void initAllProjects(Repository git) throws IOException, ConfigInvalidException {
BatchRefUpdate bru = git.getRefDatabase().newBatchUpdate();
try (MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, allProjectsName, git, bru)) {
md.getCommitBuilder().setAuthor(serverUser);
md.getCommitBuilder().setCommitter(serverUser);
md.setMessage(MoreObjects.firstNonNull(Strings.emptyToNull(message), "Initialized Gerrit Code Review " + Version.getVersion()));
ProjectConfig config = ProjectConfig.read(md);
Project p = config.getProject();
p.setDescription("Access inherited by all other projects.");
p.setRequireChangeID(InheritableBoolean.TRUE);
p.setUseContentMerge(InheritableBoolean.TRUE);
p.setUseContributorAgreements(InheritableBoolean.FALSE);
p.setUseSignedOffBy(InheritableBoolean.FALSE);
p.setEnableSignedPush(InheritableBoolean.FALSE);
AccessSection cap = config.getAccessSection(AccessSection.GLOBAL_CAPABILITIES, true);
AccessSection all = config.getAccessSection(AccessSection.ALL, true);
AccessSection heads = config.getAccessSection(AccessSection.HEADS, true);
AccessSection tags = config.getAccessSection("refs/tags/*", true);
AccessSection meta = config.getAccessSection(RefNames.REFS_CONFIG, true);
AccessSection refsFor = config.getAccessSection("refs/for/*", true);
AccessSection magic = config.getAccessSection("refs/for/" + AccessSection.ALL, true);
grant(config, cap, GlobalCapability.ADMINISTRATE_SERVER, admin);
grant(config, all, Permission.READ, admin, anonymous);
grant(config, refsFor, Permission.ADD_PATCH_SET, registered);
if (batch != null) {
Permission priority = cap.getPermission(GlobalCapability.PRIORITY, true);
PermissionRule r = rule(config, batch);
r.setAction(Action.BATCH);
priority.add(r);
Permission stream = cap.getPermission(GlobalCapability.STREAM_EVENTS, true);
stream.add(rule(config, batch));
}
LabelType cr = initCodeReviewLabel(config);
grant(config, heads, cr, -1, 1, registered);
grant(config, heads, cr, -2, 2, admin, owners);
grant(config, heads, Permission.CREATE, admin, owners);
grant(config, heads, Permission.PUSH, admin, owners);
grant(config, heads, Permission.SUBMIT, admin, owners);
grant(config, heads, Permission.FORGE_AUTHOR, registered);
grant(config, heads, Permission.FORGE_COMMITTER, admin, owners);
grant(config, heads, Permission.EDIT_TOPIC_NAME, true, admin, owners);
grant(config, tags, Permission.CREATE, admin, owners);
grant(config, tags, Permission.CREATE_TAG, admin, owners);
grant(config, tags, Permission.CREATE_SIGNED_TAG, admin, owners);
grant(config, magic, Permission.PUSH, registered);
grant(config, magic, Permission.PUSH_MERGE, registered);
meta.getPermission(Permission.READ, true).setExclusiveGroup(true);
grant(config, meta, Permission.READ, admin, owners);
grant(config, meta, cr, -2, 2, admin, owners);
grant(config, meta, Permission.CREATE, admin, owners);
grant(config, meta, Permission.PUSH, admin, owners);
grant(config, meta, Permission.SUBMIT, admin, owners);
config.commitToNewRef(md, RefNames.REFS_CONFIG);
initSequences(git, bru);
execute(git, bru);
}
}
Also used :
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
Project(com.google.gerrit.reviewdb.client.Project)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
LabelType(com.google.gerrit.common.data.LabelType)
Permission(com.google.gerrit.common.data.Permission)
BatchRefUpdate(org.eclipse.jgit.lib.BatchRefUpdate)
AccessSection(com.google.gerrit.common.data.AccessSection)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Example 17 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class AclUtil method grant.
public static void grant(ProjectConfig config, AccessSection section, LabelType type, int min, int max, GroupReference... groupList) {
String name = Permission.LABEL + type.getName();
Permission p = section.getPermission(name, true);
for (GroupReference group : groupList) {
if (group != null) {
PermissionRule r = rule(config, group);
r.setRange(min, max);
p.add(r);
}
}
}
Also used :
PermissionRule(com.google.gerrit.common.data.PermissionRule)
Permission(com.google.gerrit.common.data.Permission)
GroupReference(com.google.gerrit.common.data.GroupReference)
Example 18 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class AclUtil method grant.
public static void grant(ProjectConfig config, AccessSection section, String permission, boolean force, Boolean exclusive, GroupReference... groupList) {
Permission p = section.getPermission(permission, true);
if (exclusive != null) {
p.setExclusiveGroup(exclusive);
}
for (GroupReference group : groupList) {
if (group != null) {
PermissionRule r = rule(config, group);
r.setForce(force);
p.add(r);
}
}
}
Also used :
PermissionRule(com.google.gerrit.common.data.PermissionRule)
Permission(com.google.gerrit.common.data.Permission)
GroupReference(com.google.gerrit.common.data.GroupReference)
Example 19 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class AclUtil method block.
public static void block(ProjectConfig config, AccessSection section, String permission, GroupReference... groupList) {
Permission p = section.getPermission(permission, true);
for (GroupReference group : groupList) {
if (group != null) {
PermissionRule r = rule(config, group);
r.setBlock();
p.add(r);
}
}
}
Also used :
PermissionRule(com.google.gerrit.common.data.PermissionRule)
Permission(com.google.gerrit.common.data.Permission)
GroupReference(com.google.gerrit.common.data.GroupReference)
Example 20 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class Util method grant.
private static PermissionRule grant(ProjectConfig project, String permissionName, PermissionRule rule, String ref, boolean exclusive) {
Permission permission = project.getAccessSection(ref, true).getPermission(permissionName, true);
if (exclusive) {
permission.setExclusiveGroup(exclusive);
}
permission.add(rule);
return rule;
}
Also used :
Permission(com.google.gerrit.common.data.Permission)
Aggregations
Permission (com.google.gerrit.common.data.Permission)29
AccessSection (com.google.gerrit.common.data.AccessSection)19
PermissionRule (com.google.gerrit.common.data.PermissionRule)18
ProjectConfig (com.google.gerrit.server.git.ProjectConfig)10
MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)9
GroupReference (com.google.gerrit.common.data.GroupReference)6
Permission.isPermission (com.google.gerrit.common.data.Permission.isPermission)4
ProjectPermission (com.google.gerrit.server.permissions.ProjectPermission)4
ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)4
AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)3
Project (com.google.gerrit.reviewdb.client.Project)3
OrmException (com.google.gwtorm.server.OrmException)3
HashSet (java.util.HashSet)3
RevCommit (org.eclipse.jgit.revwalk.RevCommit)3
Test (org.junit.Test)3
ContributorAgreement (com.google.gerrit.common.data.ContributorAgreement)2
GroupDescription (com.google.gerrit.common.data.GroupDescription)2
LabelType (com.google.gerrit.common.data.LabelType)2
NoSuchGroupException (com.google.gerrit.common.errors.NoSuchGroupException)2
AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)2
