Example 26 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class SetAccess method getAccessSections.
private List<AccessSection> getAccessSections(Map<String, AccessSectionInfo> sectionInfos) throws UnprocessableEntityException {
if (sectionInfos == null) {
return Collections.emptyList();
}
List<AccessSection> sections = new ArrayList<>(sectionInfos.size());
for (Map.Entry<String, AccessSectionInfo> entry : sectionInfos.entrySet()) {
AccessSection accessSection = new AccessSection(entry.getKey());
if (entry.getValue().permissions == null) {
continue;
}
for (Map.Entry<String, PermissionInfo> permissionEntry : entry.getValue().permissions.entrySet()) {
Permission p = new Permission(permissionEntry.getKey());
if (permissionEntry.getValue().exclusive != null) {
p.setExclusiveGroup(permissionEntry.getValue().exclusive);
}
if (permissionEntry.getValue().rules == null) {
continue;
}
for (Map.Entry<String, PermissionRuleInfo> permissionRuleInfoEntry : permissionEntry.getValue().rules.entrySet()) {
PermissionRuleInfo pri = permissionRuleInfoEntry.getValue();
GroupDescription.Basic group = groupsCollection.parseId(permissionRuleInfoEntry.getKey());
if (group == null) {
throw new UnprocessableEntityException(permissionRuleInfoEntry.getKey() + " is not a valid group ID");
}
PermissionRule r = new PermissionRule(GroupReference.forGroup(group));
if (pri != null) {
if (pri.max != null) {
r.setMax(pri.max);
}
if (pri.min != null) {
r.setMin(pri.min);
}
r.setAction(GetAccess.ACTION_TYPE.inverse().get(pri.action));
if (pri.force != null) {
r.setForce(pri.force);
}
}
p.add(r);
}
accessSection.getPermissions().add(p);
}
sections.add(accessSection);
}
return sections;
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
ArrayList(java.util.ArrayList)
AccessSection(com.google.gerrit.common.data.AccessSection)
GroupDescription(com.google.gerrit.common.data.GroupDescription)
PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo)
GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission)
Permission(com.google.gerrit.common.data.Permission)
PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo)
AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo)
Map(java.util.Map)
Example 27 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class AccountManager method create.
private AuthResult create(ReviewDb db, AuthRequest who) throws OrmException, AccountException, IOException, ConfigInvalidException {
Account.Id newId = new Account.Id(db.nextAccountId());
Account account = new Account(newId, TimeUtil.nowTs());
ExternalId extId = ExternalId.createWithEmail(who.getExternalIdKey(), newId, who.getEmailAddress());
account.setFullName(who.getDisplayName());
account.setPreferredEmail(extId.email());
boolean isFirstAccount = awaitsFirstAccountCheck.getAndSet(false) && db.accounts().anyAccounts().toList().isEmpty();
try {
AccountsUpdate accountsUpdate = accountsUpdateFactory.create();
accountsUpdate.upsert(db, account);
ExternalId existingExtId = externalIds.get(extId.key());
if (existingExtId != null && !existingExtId.accountId().equals(extId.accountId())) {
// external ID is assigned to another account, do not overwrite
accountsUpdate.delete(db, account);
throw new AccountException("Cannot assign external ID \"" + extId.key().get() + "\" to account " + newId + "; external ID already in use.");
}
externalIdsUpdateFactory.create().upsert(extId);
} finally {
// If adding the account failed, it may be that it actually was the
// first account. So we reset the 'check for first account'-guard, as
// otherwise the first account would not get administration permissions.
awaitsFirstAccountCheck.set(isFirstAccount);
}
if (isFirstAccount) {
// This is the first user account on our site. Assume this user
// is going to be the site's administrator and just make them that
// to bootstrap the authentication database.
//
Permission admin = projectCache.getAllProjects().getConfig().getAccessSection(AccessSection.GLOBAL_CAPABILITIES).getPermission(GlobalCapability.ADMINISTRATE_SERVER);
AccountGroup.UUID uuid = admin.getRules().get(0).getGroup().getUUID();
AccountGroup g = db.accountGroups().byUUID(uuid).iterator().next();
AccountGroup.Id adminId = g.getId();
AccountGroupMember m = new AccountGroupMember(new AccountGroupMember.Key(newId, adminId));
auditService.dispatchAddAccountsToGroup(newId, Collections.singleton(m));
db.accountGroupMembers().insert(Collections.singleton(m));
}
if (who.getUserName() != null) {
// Only set if the name hasn't been used yet, but was given to us.
//
IdentifiedUser user = userFactory.create(newId);
try {
changeUserNameFactory.create(user, who.getUserName()).call();
} catch (NameAlreadyUsedException e) {
String message = "Cannot assign user name \"" + who.getUserName() + "\" to account " + newId + "; name already in use.";
handleSettingUserNameFailure(db, account, extId, message, e, false);
} catch (InvalidUserNameException e) {
String message = "Cannot assign user name \"" + who.getUserName() + "\" to account " + newId + "; name does not conform.";
handleSettingUserNameFailure(db, account, extId, message, e, false);
} catch (OrmException e) {
String message = "Cannot assign user name";
handleSettingUserNameFailure(db, account, extId, message, e, true);
}
}
byEmailCache.evict(account.getPreferredEmail());
byIdCache.evict(account.getId());
realm.onCreateAccount(who, account);
return new AuthResult(newId, extId.key(), true);
}
Also used :
Account(com.google.gerrit.reviewdb.client.Account)
AccountGroupMember(com.google.gerrit.reviewdb.client.AccountGroupMember)
ExternalId(com.google.gerrit.server.account.externalids.ExternalId)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
NameAlreadyUsedException(com.google.gerrit.common.errors.NameAlreadyUsedException)
AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup)
OrmException(com.google.gwtorm.server.OrmException)
Permission(com.google.gerrit.common.data.Permission)
ExternalId(com.google.gerrit.server.account.externalids.ExternalId)
Example 28 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class ProjectConfig method loadAccessSections.
private void loadAccessSections(Config rc, Map<String, GroupReference> groupsByName) {
accessSections = new HashMap<>();
sectionsWithUnknownPermissions = new HashSet<>();
for (String refName : rc.getSubsections(ACCESS)) {
if (RefConfigSection.isValid(refName) && isValidRegex(refName)) {
AccessSection as = getAccessSection(refName, true);
for (String varName : rc.getStringList(ACCESS, refName, KEY_GROUP_PERMISSIONS)) {
for (String n : varName.split("[, \t]{1,}")) {
n = convertLegacyPermission(n);
if (isPermission(n)) {
as.getPermission(n, true).setExclusiveGroup(true);
}
}
}
for (String varName : rc.getNames(ACCESS, refName)) {
String convertedName = convertLegacyPermission(varName);
if (isPermission(convertedName)) {
Permission perm = as.getPermission(convertedName, true);
loadPermissionRules(rc, ACCESS, refName, varName, groupsByName, perm, Permission.hasRange(convertedName));
} else {
sectionsWithUnknownPermissions.add(as.getName());
}
}
}
}
AccessSection capability = null;
for (String varName : rc.getNames(CAPABILITY)) {
if (capability == null) {
capability = new AccessSection(AccessSection.GLOBAL_CAPABILITIES);
accessSections.put(AccessSection.GLOBAL_CAPABILITIES, capability);
}
Permission perm = capability.getPermission(varName, true);
loadPermissionRules(rc, CAPABILITY, null, varName, groupsByName, perm, GlobalCapability.hasRange(varName));
}
}
Also used :
Permission(com.google.gerrit.common.data.Permission)
Permission.isPermission(com.google.gerrit.common.data.Permission.isPermission)
AccessSection(com.google.gerrit.common.data.AccessSection)
Example 29 with Permission
use of com.google.gerrit.common.data.Permission in project gerrit by GerritCodeReview.
the class ProjectConfig method remove.
public void remove(AccessSection section) {
if (section != null) {
String name = section.getName();
if (sectionsWithUnknownPermissions.contains(name)) {
AccessSection a = accessSections.get(name);
a.setPermissions(new ArrayList<Permission>());
} else {
accessSections.remove(name);
}
}
}
Also used :
Permission(com.google.gerrit.common.data.Permission)
Permission.isPermission(com.google.gerrit.common.data.Permission.isPermission)
AccessSection(com.google.gerrit.common.data.AccessSection)
Aggregations
Permission (com.google.gerrit.common.data.Permission)29
AccessSection (com.google.gerrit.common.data.AccessSection)19
PermissionRule (com.google.gerrit.common.data.PermissionRule)18
ProjectConfig (com.google.gerrit.server.git.ProjectConfig)10
MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)9
GroupReference (com.google.gerrit.common.data.GroupReference)6
Permission.isPermission (com.google.gerrit.common.data.Permission.isPermission)4
ProjectPermission (com.google.gerrit.server.permissions.ProjectPermission)4
ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)4
AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)3
Project (com.google.gerrit.reviewdb.client.Project)3
OrmException (com.google.gwtorm.server.OrmException)3
HashSet (java.util.HashSet)3
RevCommit (org.eclipse.jgit.revwalk.RevCommit)3
Test (org.junit.Test)3
ContributorAgreement (com.google.gerrit.common.data.ContributorAgreement)2
GroupDescription (com.google.gerrit.common.data.GroupDescription)2
LabelType (com.google.gerrit.common.data.LabelType)2
NoSuchGroupException (com.google.gerrit.common.errors.NoSuchGroupException)2
AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)2
