use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class ChangeOwnerIT method grantApproveToChangeOwner.
private void grantApproveToChangeOwner() throws Exception {
try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
md.setMessage(String.format("Grant approve to change owner"));
ProjectConfig config = ProjectConfig.read(md);
AccessSection s = config.getAccessSection("refs/heads/*", true);
Permission p = s.getPermission(LABEL + "Code-Review", true);
PermissionRule rule = new PermissionRule(config.resolve(systemGroupBackend.getGroup(SystemGroupBackend.CHANGE_OWNER)));
rule.setMin(-2);
rule.setMax(+2);
p.add(rule);
config.commit(md);
projectCache.evict(config.getProject());
}
}
use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class CapabilityControl method toRange.
private static PermissionRange toRange(String permissionName, List<PermissionRule> ruleList) {
int min = 0;
int max = 0;
if (ruleList.isEmpty()) {
PermissionRange.WithDefaults defaultRange = GlobalCapability.getRange(permissionName);
if (defaultRange != null) {
min = defaultRange.getDefaultMin();
max = defaultRange.getDefaultMax();
}
} else {
for (PermissionRule rule : ruleList) {
min = Math.min(min, rule.getMin());
max = Math.max(max, rule.getMax());
}
}
return new PermissionRange(permissionName, min, max);
}
use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class CapabilityControl method getQueueType.
/** @return which priority queue the user's tasks should be submitted to. */
public QueueProvider.QueueType getQueueType() {
// If a non-generic group (that is not Anonymous Users or Registered Users)
// grants us INTERACTIVE permission, use the INTERACTIVE queue even if
// BATCH was otherwise granted. This allows site administrators to grant
// INTERACTIVE to Registered Users, and BATCH to 'CI Servers' and have
// the 'CI Servers' actually use the BATCH queue while everyone else gets
// to use the INTERACTIVE queue without additional grants.
//
GroupMembership groups = user.getEffectiveGroups();
boolean batch = false;
for (PermissionRule r : capabilities.priority) {
if (match(groups, r)) {
switch(r.getAction()) {
case INTERACTIVE:
if (!SystemGroupBackend.isAnonymousOrRegistered(r.getGroup())) {
return QueueProvider.QueueType.INTERACTIVE;
}
break;
case BATCH:
batch = true;
break;
case ALLOW:
case BLOCK:
case DENY:
break;
}
}
}
if (batch) {
// If any of our groups matched to the BATCH queue, use it.
return QueueProvider.QueueType.BATCH;
}
return QueueProvider.QueueType.INTERACTIVE;
}
use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class CapabilityControl method access.
/** Rules for the given permission, or the empty list. */
private List<PermissionRule> access(String permissionName) {
List<PermissionRule> rules = effective.get(permissionName);
if (rules != null) {
return rules;
}
rules = capabilities.getPermission(permissionName);
GroupMembership groups = user.getEffectiveGroups();
List<PermissionRule> mine = new ArrayList<>(rules.size());
for (PermissionRule rule : rules) {
if (match(groups, rule)) {
mine.add(rule);
}
}
if (mine.isEmpty()) {
mine = Collections.emptyList();
}
effective.put(permissionName, mine);
return mine;
}
use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class RefControl method isForceBlocked.
/** True if for this permission force is blocked for the user. Works only for non labels. */
private boolean isForceBlocked(String permissionName) {
List<PermissionRule> access = access(permissionName);
List<PermissionRule> overridden = relevant.getOverridden(permissionName);
Set<ProjectRef> allows = new HashSet<>();
Set<ProjectRef> blocks = new HashSet<>();
for (PermissionRule rule : access) {
if (rule.isBlock()) {
blocks.add(relevant.getRuleProps(rule));
} else if (rule.getForce()) {
allows.add(relevant.getRuleProps(rule));
}
}
for (PermissionRule rule : overridden) {
if (rule.getForce()) {
blocks.remove(relevant.getRuleProps(rule));
}
}
blocks.removeAll(allows);
return !blocks.isEmpty();
}
Aggregations