Search in sources :

Example 21 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class ProjectAccessFactory method buildGroupInfo.

private Map<AccountGroup.UUID, GroupInfo> buildGroupInfo(List<AccessSection> local) {
    Map<AccountGroup.UUID, GroupInfo> infos = new HashMap<>();
    for (AccessSection section : local) {
        for (Permission permission : section.getPermissions()) {
            for (PermissionRule rule : permission.getRules()) {
                if (rule.getGroup() != null) {
                    AccountGroup.UUID uuid = rule.getGroup().getUUID();
                    if (uuid != null && !infos.containsKey(uuid)) {
                        GroupDescription.Basic group = groupBackend.get(uuid);
                        infos.put(uuid, group != null ? new GroupInfo(group) : null);
                    }
                }
            }
        }
    }
    return Maps.filterEntries(infos, in -> in.getValue() != null);
}
Also used : GroupDescription(com.google.gerrit.common.data.GroupDescription) AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup) HashMap(java.util.HashMap) GroupInfo(com.google.gerrit.common.data.GroupInfo) PermissionRule(com.google.gerrit.common.data.PermissionRule) Permission(com.google.gerrit.common.data.Permission) ProjectPermission(com.google.gerrit.server.permissions.ProjectPermission) AccessSection(com.google.gerrit.common.data.AccessSection)

Example 22 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class ProjectAccessFactory method call.

@Override
public ProjectAccess call() throws NoSuchProjectException, IOException, ConfigInvalidException, PermissionBackendException {
    ProjectControl pc = checkProjectControl();
    // Load the current configuration from the repository, ensuring its the most
    // recent version available. If it differs from what was in the project
    // state, force a cache flush now.
    //
    ProjectConfig config;
    try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
        config = ProjectConfig.read(md);
        if (config.updateGroupNames(groupBackend)) {
            md.setMessage("Update group names\n");
            config.commit(md);
            projectCache.evict(config.getProject());
            pc = checkProjectControl();
        } else if (config.getRevision() != null && !config.getRevision().equals(pc.getProjectState().getConfig().getRevision())) {
            projectCache.evict(config.getProject());
            pc = checkProjectControl();
        }
    }
    final RefControl metaConfigControl = pc.controlForRef(RefNames.REFS_CONFIG);
    List<AccessSection> local = new ArrayList<>();
    Set<String> ownerOf = new HashSet<>();
    Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
    for (AccessSection section : config.getAccessSections()) {
        String name = section.getName();
        if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
            if (pc.isOwner()) {
                local.add(section);
                ownerOf.add(name);
            } else if (metaConfigControl.isVisible()) {
                local.add(section);
            }
        } else if (RefConfigSection.isValid(name)) {
            RefControl rc = pc.controlForRef(name);
            if (rc.isOwner()) {
                local.add(section);
                ownerOf.add(name);
            } else if (metaConfigControl.isVisible()) {
                local.add(section);
            } else if (rc.isVisible()) {
                // Filter the section to only add rules describing groups that
                // are visible to the current-user. This includes any group the
                // user is a member of, as well as groups they own or that
                // are visible to all users.
                AccessSection dst = null;
                for (Permission srcPerm : section.getPermissions()) {
                    Permission dstPerm = null;
                    for (PermissionRule srcRule : srcPerm.getRules()) {
                        AccountGroup.UUID group = srcRule.getGroup().getUUID();
                        if (group == null) {
                            continue;
                        }
                        Boolean canSeeGroup = visibleGroups.get(group);
                        if (canSeeGroup == null) {
                            try {
                                canSeeGroup = groupControlFactory.controlFor(group).isVisible();
                            } catch (NoSuchGroupException e) {
                                canSeeGroup = Boolean.FALSE;
                            }
                            visibleGroups.put(group, canSeeGroup);
                        }
                        if (canSeeGroup) {
                            if (dstPerm == null) {
                                if (dst == null) {
                                    dst = new AccessSection(name);
                                    local.add(dst);
                                }
                                dstPerm = dst.getPermission(srcPerm.getName(), true);
                            }
                            dstPerm.add(srcRule);
                        }
                    }
                }
            }
        }
    }
    if (ownerOf.isEmpty() && pc.isOwnerAnyRef()) {
        // Special case: If the section list is empty, this project has no current
        // access control information. Rely on what ProjectControl determines
        // is ownership, which probably means falling back to site administrators.
        ownerOf.add(AccessSection.ALL);
    }
    final ProjectAccess detail = new ProjectAccess();
    detail.setProjectName(projectName);
    if (config.getRevision() != null) {
        detail.setRevision(config.getRevision().name());
    }
    detail.setInheritsFrom(config.getProject().getParent(allProjectsName));
    if (projectName.equals(allProjectsName)) {
        if (pc.isOwner()) {
            ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
        }
    }
    detail.setLocal(local);
    detail.setOwnerOf(ownerOf);
    detail.setCanUpload(metaConfigControl.isVisible() && (pc.isOwner() || metaConfigControl.canUpload()));
    detail.setConfigVisible(pc.isOwner() || metaConfigControl.isVisible());
    detail.setGroupInfo(buildGroupInfo(local));
    detail.setLabelTypes(pc.getLabelTypes());
    detail.setFileHistoryLinks(getConfigFileLogLinks(projectName.get()));
    return detail;
}
Also used : HashMap(java.util.HashMap) PermissionRule(com.google.gerrit.common.data.PermissionRule) RefControl(com.google.gerrit.server.project.RefControl) ArrayList(java.util.ArrayList) ProjectControl(com.google.gerrit.server.project.ProjectControl) AccessSection(com.google.gerrit.common.data.AccessSection) NoSuchGroupException(com.google.gerrit.common.errors.NoSuchGroupException) ProjectAccess(com.google.gerrit.common.data.ProjectAccess) ProjectConfig(com.google.gerrit.server.git.ProjectConfig) Permission(com.google.gerrit.common.data.Permission) ProjectPermission(com.google.gerrit.server.permissions.ProjectPermission) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate) HashSet(java.util.HashSet)

Example 23 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class AbstractDaemonTest method grant.

protected void grant(Project.NameKey project, String ref, String permission, boolean force, AccountGroup.UUID groupUUID) throws RepositoryNotFoundException, IOException, ConfigInvalidException {
    try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
        md.setMessage(String.format("Grant %s on %s", permission, ref));
        ProjectConfig config = ProjectConfig.read(md);
        AccessSection s = config.getAccessSection(ref, true);
        Permission p = s.getPermission(permission, true);
        PermissionRule rule = Util.newRule(config, groupUUID);
        rule.setForce(force);
        p.add(rule);
        config.commit(md);
        projectCache.evict(config.getProject());
    }
}
Also used : ProjectConfig(com.google.gerrit.server.git.ProjectConfig) PermissionRule(com.google.gerrit.common.data.PermissionRule) Permission(com.google.gerrit.common.data.Permission) AccessSection(com.google.gerrit.common.data.AccessSection) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)

Example 24 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class AbstractDaemonTest method removePermission.

protected void removePermission(Project.NameKey project, String ref, String permission) throws IOException, ConfigInvalidException {
    try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
        md.setMessage(String.format("Remove %s on %s", permission, ref));
        ProjectConfig config = ProjectConfig.read(md);
        AccessSection s = config.getAccessSection(ref, true);
        Permission p = s.getPermission(permission, true);
        p.getRules().clear();
        config.commit(md);
        projectCache.evict(config.getProject());
    }
}
Also used : ProjectConfig(com.google.gerrit.server.git.ProjectConfig) Permission(com.google.gerrit.common.data.Permission) AccessSection(com.google.gerrit.common.data.AccessSection) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)

Example 25 with Permission

use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.

the class Schema_125 method migrateData.

@Override
protected void migrateData(ReviewDb db, UpdateUI ui) throws OrmException {
    try (Repository git = repoManager.openRepository(allUsersName);
        MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, allUsersName, git)) {
        ProjectConfig config = ProjectConfig.read(md);
        config.getAccessSection(RefNames.REFS_USERS + "*", true).remove(new Permission(Permission.READ));
        GroupReference registered = systemGroupBackend.getGroup(REGISTERED_USERS);
        AccessSection users = config.getAccessSection(RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}", true);
        grant(config, users, Permission.READ, true, registered);
        grant(config, users, Permission.PUSH, true, registered);
        grant(config, users, Permission.SUBMIT, true, registered);
        for (LabelType lt : getLabelTypes(config)) {
            if ("Code-Review".equals(lt.getName()) || "Verified".equals(lt.getName())) {
                grant(config, users, lt, lt.getMin().getValue(), lt.getMax().getValue(), registered);
            }
        }
        md.getCommitBuilder().setAuthor(serverUser);
        md.getCommitBuilder().setCommitter(serverUser);
        md.setMessage(COMMIT_MSG);
        config.commit(md);
    } catch (ConfigInvalidException | IOException ex) {
        throw new OrmException(ex);
    }
}
Also used : ProjectConfig(com.google.gerrit.server.git.ProjectConfig) Repository(org.eclipse.jgit.lib.Repository) ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException) OrmException(com.google.gwtorm.server.OrmException) LabelType(com.google.gerrit.common.data.LabelType) Permission(com.google.gerrit.common.data.Permission) GroupReference(com.google.gerrit.common.data.GroupReference) IOException(java.io.IOException) AccessSection(com.google.gerrit.common.data.AccessSection) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)

Aggregations

Permission (com.google.gerrit.common.data.Permission)29 AccessSection (com.google.gerrit.common.data.AccessSection)19 PermissionRule (com.google.gerrit.common.data.PermissionRule)18 ProjectConfig (com.google.gerrit.server.git.ProjectConfig)10 MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)9 GroupReference (com.google.gerrit.common.data.GroupReference)6 Permission.isPermission (com.google.gerrit.common.data.Permission.isPermission)4 ProjectPermission (com.google.gerrit.server.permissions.ProjectPermission)4 ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)4 AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)3 Project (com.google.gerrit.reviewdb.client.Project)3 OrmException (com.google.gwtorm.server.OrmException)3 HashSet (java.util.HashSet)3 RevCommit (org.eclipse.jgit.revwalk.RevCommit)3 Test (org.junit.Test)3 ContributorAgreement (com.google.gerrit.common.data.ContributorAgreement)2 GroupDescription (com.google.gerrit.common.data.GroupDescription)2 LabelType (com.google.gerrit.common.data.LabelType)2 NoSuchGroupException (com.google.gerrit.common.errors.NoSuchGroupException)2 AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)2