use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class ProjectAccessFactory method buildGroupInfo.
private Map<AccountGroup.UUID, GroupInfo> buildGroupInfo(List<AccessSection> local) {
Map<AccountGroup.UUID, GroupInfo> infos = new HashMap<>();
for (AccessSection section : local) {
for (Permission permission : section.getPermissions()) {
for (PermissionRule rule : permission.getRules()) {
if (rule.getGroup() != null) {
AccountGroup.UUID uuid = rule.getGroup().getUUID();
if (uuid != null && !infos.containsKey(uuid)) {
GroupDescription.Basic group = groupBackend.get(uuid);
infos.put(uuid, group != null ? new GroupInfo(group) : null);
}
}
}
}
}
return Maps.filterEntries(infos, in -> in.getValue() != null);
}
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class ProjectAccessFactory method call.
@Override
public ProjectAccess call() throws NoSuchProjectException, IOException, ConfigInvalidException, PermissionBackendException {
ProjectControl pc = checkProjectControl();
// Load the current configuration from the repository, ensuring its the most
// recent version available. If it differs from what was in the project
// state, force a cache flush now.
//
ProjectConfig config;
try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
config = ProjectConfig.read(md);
if (config.updateGroupNames(groupBackend)) {
md.setMessage("Update group names\n");
config.commit(md);
projectCache.evict(config.getProject());
pc = checkProjectControl();
} else if (config.getRevision() != null && !config.getRevision().equals(pc.getProjectState().getConfig().getRevision())) {
projectCache.evict(config.getProject());
pc = checkProjectControl();
}
}
final RefControl metaConfigControl = pc.controlForRef(RefNames.REFS_CONFIG);
List<AccessSection> local = new ArrayList<>();
Set<String> ownerOf = new HashSet<>();
Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
for (AccessSection section : config.getAccessSections()) {
String name = section.getName();
if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
if (pc.isOwner()) {
local.add(section);
ownerOf.add(name);
} else if (metaConfigControl.isVisible()) {
local.add(section);
}
} else if (RefConfigSection.isValid(name)) {
RefControl rc = pc.controlForRef(name);
if (rc.isOwner()) {
local.add(section);
ownerOf.add(name);
} else if (metaConfigControl.isVisible()) {
local.add(section);
} else if (rc.isVisible()) {
// Filter the section to only add rules describing groups that
// are visible to the current-user. This includes any group the
// user is a member of, as well as groups they own or that
// are visible to all users.
AccessSection dst = null;
for (Permission srcPerm : section.getPermissions()) {
Permission dstPerm = null;
for (PermissionRule srcRule : srcPerm.getRules()) {
AccountGroup.UUID group = srcRule.getGroup().getUUID();
if (group == null) {
continue;
}
Boolean canSeeGroup = visibleGroups.get(group);
if (canSeeGroup == null) {
try {
canSeeGroup = groupControlFactory.controlFor(group).isVisible();
} catch (NoSuchGroupException e) {
canSeeGroup = Boolean.FALSE;
}
visibleGroups.put(group, canSeeGroup);
}
if (canSeeGroup) {
if (dstPerm == null) {
if (dst == null) {
dst = new AccessSection(name);
local.add(dst);
}
dstPerm = dst.getPermission(srcPerm.getName(), true);
}
dstPerm.add(srcRule);
}
}
}
}
}
}
if (ownerOf.isEmpty() && pc.isOwnerAnyRef()) {
// Special case: If the section list is empty, this project has no current
// access control information. Rely on what ProjectControl determines
// is ownership, which probably means falling back to site administrators.
ownerOf.add(AccessSection.ALL);
}
final ProjectAccess detail = new ProjectAccess();
detail.setProjectName(projectName);
if (config.getRevision() != null) {
detail.setRevision(config.getRevision().name());
}
detail.setInheritsFrom(config.getProject().getParent(allProjectsName));
if (projectName.equals(allProjectsName)) {
if (pc.isOwner()) {
ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
}
}
detail.setLocal(local);
detail.setOwnerOf(ownerOf);
detail.setCanUpload(metaConfigControl.isVisible() && (pc.isOwner() || metaConfigControl.canUpload()));
detail.setConfigVisible(pc.isOwner() || metaConfigControl.isVisible());
detail.setGroupInfo(buildGroupInfo(local));
detail.setLabelTypes(pc.getLabelTypes());
detail.setFileHistoryLinks(getConfigFileLogLinks(projectName.get()));
return detail;
}
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class AbstractDaemonTest method grant.
protected void grant(Project.NameKey project, String ref, String permission, boolean force, AccountGroup.UUID groupUUID) throws RepositoryNotFoundException, IOException, ConfigInvalidException {
try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
md.setMessage(String.format("Grant %s on %s", permission, ref));
ProjectConfig config = ProjectConfig.read(md);
AccessSection s = config.getAccessSection(ref, true);
Permission p = s.getPermission(permission, true);
PermissionRule rule = Util.newRule(config, groupUUID);
rule.setForce(force);
p.add(rule);
config.commit(md);
projectCache.evict(config.getProject());
}
}
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class AbstractDaemonTest method removePermission.
protected void removePermission(Project.NameKey project, String ref, String permission) throws IOException, ConfigInvalidException {
try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
md.setMessage(String.format("Remove %s on %s", permission, ref));
ProjectConfig config = ProjectConfig.read(md);
AccessSection s = config.getAccessSection(ref, true);
Permission p = s.getPermission(permission, true);
p.getRules().clear();
config.commit(md);
projectCache.evict(config.getProject());
}
}
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class Schema_125 method migrateData.
@Override
protected void migrateData(ReviewDb db, UpdateUI ui) throws OrmException {
try (Repository git = repoManager.openRepository(allUsersName);
MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, allUsersName, git)) {
ProjectConfig config = ProjectConfig.read(md);
config.getAccessSection(RefNames.REFS_USERS + "*", true).remove(new Permission(Permission.READ));
GroupReference registered = systemGroupBackend.getGroup(REGISTERED_USERS);
AccessSection users = config.getAccessSection(RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}", true);
grant(config, users, Permission.READ, true, registered);
grant(config, users, Permission.PUSH, true, registered);
grant(config, users, Permission.SUBMIT, true, registered);
for (LabelType lt : getLabelTypes(config)) {
if ("Code-Review".equals(lt.getName()) || "Verified".equals(lt.getName())) {
grant(config, users, lt, lt.getMin().getValue(), lt.getMax().getValue(), registered);
}
}
md.getCommitBuilder().setAuthor(serverUser);
md.getCommitBuilder().setCommitter(serverUser);
md.setMessage(COMMIT_MSG);
config.commit(md);
} catch (ConfigInvalidException | IOException ex) {
throw new OrmException(ex);
}
}
Aggregations