Search in sources :

Example 1 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class ChangeOwnerIT method grantApproveToChangeOwner.

private void grantApproveToChangeOwner() throws Exception {
    try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
        md.setMessage(String.format("Grant approve to change owner"));
        ProjectConfig config = ProjectConfig.read(md);
        AccessSection s = config.getAccessSection("refs/heads/*", true);
        Permission p = s.getPermission(LABEL + "Code-Review", true);
        PermissionRule rule = new PermissionRule(config.resolve(systemGroupBackend.getGroup(SystemGroupBackend.CHANGE_OWNER)));
        rule.setMin(-2);
        rule.setMax(+2);
        p.add(rule);
        config.commit(md);
        projectCache.evict(config.getProject());
    }
}
Also used : ProjectConfig(com.google.gerrit.server.git.ProjectConfig) PermissionRule(com.google.gerrit.common.data.PermissionRule) Permission(com.google.gerrit.common.data.Permission) AccessSection(com.google.gerrit.common.data.AccessSection) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)

Example 2 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class CapabilityControl method toRange.

private static PermissionRange toRange(String permissionName, List<PermissionRule> ruleList) {
    int min = 0;
    int max = 0;
    if (ruleList.isEmpty()) {
        PermissionRange.WithDefaults defaultRange = GlobalCapability.getRange(permissionName);
        if (defaultRange != null) {
            min = defaultRange.getDefaultMin();
            max = defaultRange.getDefaultMax();
        }
    } else {
        for (PermissionRule rule : ruleList) {
            min = Math.min(min, rule.getMin());
            max = Math.max(max, rule.getMax());
        }
    }
    return new PermissionRange(permissionName, min, max);
}
Also used : PermissionRange(com.google.gerrit.common.data.PermissionRange) PermissionRule(com.google.gerrit.common.data.PermissionRule)

Example 3 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class CapabilityControl method getQueueType.

/** @return which priority queue the user's tasks should be submitted to. */
public QueueProvider.QueueType getQueueType() {
    // If a non-generic group (that is not Anonymous Users or Registered Users)
    // grants us INTERACTIVE permission, use the INTERACTIVE queue even if
    // BATCH was otherwise granted. This allows site administrators to grant
    // INTERACTIVE to Registered Users, and BATCH to 'CI Servers' and have
    // the 'CI Servers' actually use the BATCH queue while everyone else gets
    // to use the INTERACTIVE queue without additional grants.
    //
    GroupMembership groups = user.getEffectiveGroups();
    boolean batch = false;
    for (PermissionRule r : capabilities.priority) {
        if (match(groups, r)) {
            switch(r.getAction()) {
                case INTERACTIVE:
                    if (!SystemGroupBackend.isAnonymousOrRegistered(r.getGroup())) {
                        return QueueProvider.QueueType.INTERACTIVE;
                    }
                    break;
                case BATCH:
                    batch = true;
                    break;
                case ALLOW:
                case BLOCK:
                case DENY:
                    break;
            }
        }
    }
    if (batch) {
        // If any of our groups matched to the BATCH queue, use it.
        return QueueProvider.QueueType.BATCH;
    }
    return QueueProvider.QueueType.INTERACTIVE;
}
Also used : PermissionRule(com.google.gerrit.common.data.PermissionRule)

Example 4 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class CapabilityControl method access.

/** Rules for the given permission, or the empty list. */
private List<PermissionRule> access(String permissionName) {
    List<PermissionRule> rules = effective.get(permissionName);
    if (rules != null) {
        return rules;
    }
    rules = capabilities.getPermission(permissionName);
    GroupMembership groups = user.getEffectiveGroups();
    List<PermissionRule> mine = new ArrayList<>(rules.size());
    for (PermissionRule rule : rules) {
        if (match(groups, rule)) {
            mine.add(rule);
        }
    }
    if (mine.isEmpty()) {
        mine = Collections.emptyList();
    }
    effective.put(permissionName, mine);
    return mine;
}
Also used : PermissionRule(com.google.gerrit.common.data.PermissionRule) ArrayList(java.util.ArrayList)

Example 5 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class RefControl method isForceBlocked.

/** True if for this permission force is blocked for the user. Works only for non labels. */
private boolean isForceBlocked(String permissionName) {
    List<PermissionRule> access = access(permissionName);
    List<PermissionRule> overridden = relevant.getOverridden(permissionName);
    Set<ProjectRef> allows = new HashSet<>();
    Set<ProjectRef> blocks = new HashSet<>();
    for (PermissionRule rule : access) {
        if (rule.isBlock()) {
            blocks.add(relevant.getRuleProps(rule));
        } else if (rule.getForce()) {
            allows.add(relevant.getRuleProps(rule));
        }
    }
    for (PermissionRule rule : overridden) {
        if (rule.getForce()) {
            blocks.remove(relevant.getRuleProps(rule));
        }
    }
    blocks.removeAll(allows);
    return !blocks.isEmpty();
}
Also used : PermissionRule(com.google.gerrit.common.data.PermissionRule) HashSet(java.util.HashSet)

Aggregations

PermissionRule (com.google.gerrit.common.data.PermissionRule)51 Permission (com.google.gerrit.common.data.Permission)18 AccessSection (com.google.gerrit.common.data.AccessSection)14 GroupReference (com.google.gerrit.common.data.GroupReference)11 ProjectConfig (com.google.gerrit.server.git.ProjectConfig)10 ArrayList (java.util.ArrayList)9 MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)8 ContributorAgreement (com.google.gerrit.common.data.ContributorAgreement)6 HashSet (java.util.HashSet)6 PermissionRange (com.google.gerrit.common.data.PermissionRange)5 AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)5 Project (com.google.gerrit.reviewdb.client.Project)4 HashMap (java.util.HashMap)4 Test (org.junit.Test)4 GroupDescription (com.google.gerrit.common.data.GroupDescription)3 ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)3 NoSuchGroupException (com.google.gerrit.common.errors.NoSuchGroupException)2 AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)2 PermissionInfo (com.google.gerrit.extensions.api.access.PermissionInfo)2 PermissionRuleInfo (com.google.gerrit.extensions.api.access.PermissionRuleInfo)2