Example 16 with PermissionRule
use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class PermissionEditor method addGroup.
private void addGroup(final GroupReference ref) {
if (ref.getUUID() != null) {
if (value.getRule(ref) == null) {
PermissionRule newRule = value.getRule(ref, true);
if (validRange != null) {
int min = validRange.getDefaultMin();
int max = validRange.getDefaultMax();
newRule.setRange(min, max);
} else if (GlobalCapability.PRIORITY.equals(value.getName())) {
newRule.setAction(PermissionRule.Action.BATCH);
}
rules.getList().add(newRule);
}
groupToAdd.setValue(null);
groupToAdd.setFocus(true);
} else {
// If the oracle didn't get to complete a UUID, resolve it now.
//
addRule.setEnabled(false);
GroupMap.suggestAccountGroupForProject(projectName.get(), ref.getName(), 1, new GerritCallback<GroupMap>() {
@Override
public void onSuccess(GroupMap result) {
addRule.setEnabled(true);
if (result.values().length() == 1) {
addGroup(new GroupReference(result.values().get(0).getGroupUUID(), result.values().get(0).name()));
} else {
groupToAdd.setFocus(true);
new ErrorDialog(Gerrit.M.noSuchGroupMessage(ref.getName())).center();
}
}
@Override
public void onFailure(Throwable caught) {
addRule.setEnabled(true);
super.onFailure(caught);
}
});
}
}
Also used :
PermissionRule(com.google.gerrit.common.data.PermissionRule)
GroupMap(com.google.gerrit.client.groups.GroupMap)
ErrorDialog(com.google.gerrit.client.ErrorDialog)
GroupReference(com.google.gerrit.common.data.GroupReference)
Example 17 with PermissionRule
use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class GetAgreements method apply.
@Override
public List<AgreementInfo> apply(AccountResource resource) throws RestApiException {
if (!agreementsEnabled) {
throw new MethodNotAllowedException("contributor agreements disabled");
}
if (!self.get().isIdentifiedUser()) {
throw new AuthException("not allowed to get contributor agreements");
}
IdentifiedUser user = self.get().asIdentifiedUser();
if (user != resource.getUser()) {
throw new AuthException("not allowed to get contributor agreements");
}
List<AgreementInfo> results = new ArrayList<>();
Collection<ContributorAgreement> cas = projectCache.getAllProjects().getConfig().getContributorAgreements();
for (ContributorAgreement ca : cas) {
List<AccountGroup.UUID> groupIds = new ArrayList<>();
for (PermissionRule rule : ca.getAccepted()) {
if ((rule.getAction() == Action.ALLOW) && (rule.getGroup() != null)) {
if (rule.getGroup().getUUID() != null) {
groupIds.add(rule.getGroup().getUUID());
} else {
log.warn("group \"" + rule.getGroup().getName() + "\" does not " + "exist, referenced in CLA \"" + ca.getName() + "\"");
}
}
}
if (user.getEffectiveGroups().containsAnyOf(groupIds)) {
results.add(agreementJson.format(ca));
}
}
return results;
}
Also used :
MethodNotAllowedException(com.google.gerrit.extensions.restapi.MethodNotAllowedException)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
AgreementInfo(com.google.gerrit.extensions.common.AgreementInfo)
ContributorAgreement(com.google.gerrit.common.data.ContributorAgreement)
ArrayList(java.util.ArrayList)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
IdentifiedUser(com.google.gerrit.server.IdentifiedUser)
Example 18 with PermissionRule
use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class ProjectConfig method loadPermissionRules.
private void loadPermissionRules(Config rc, String section, String subsection, String varName, Map<String, GroupReference> groupsByName, Permission perm, boolean useRange) {
for (String ruleString : rc.getStringList(section, subsection, varName)) {
PermissionRule rule;
try {
rule = PermissionRule.fromString(ruleString, useRange);
} catch (IllegalArgumentException notRule) {
error(new ValidationError(PROJECT_CONFIG, "Invalid rule in " + section + (subsection != null ? "." + subsection : "") + "." + varName + ": " + notRule.getMessage()));
continue;
}
GroupReference ref = groupsByName.get(rule.getGroup().getName());
if (ref == null) {
// The group wasn't mentioned in the groups table, so there is
// no valid UUID for it. Pool the reference anyway so at least
// all rules in the same file share the same GroupReference.
//
ref = rule.getGroup();
groupsByName.put(ref.getName(), ref);
error(new ValidationError(PROJECT_CONFIG, "group \"" + ref.getName() + "\" not in " + GroupList.FILE_NAME));
}
rule.setGroup(ref);
perm.add(rule);
}
}
Also used :
PermissionRule(com.google.gerrit.common.data.PermissionRule)
GroupReference(com.google.gerrit.common.data.GroupReference)
Example 19 with PermissionRule
use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class ProjectConfig method saveContributorAgreements.
private void saveContributorAgreements(Config rc, Set<AccountGroup.UUID> keepGroups) {
for (ContributorAgreement ca : sort(contributorAgreements.values())) {
set(rc, CONTRIBUTOR_AGREEMENT, ca.getName(), KEY_DESCRIPTION, ca.getDescription());
set(rc, CONTRIBUTOR_AGREEMENT, ca.getName(), KEY_AGREEMENT_URL, ca.getAgreementUrl());
if (ca.getAutoVerify() != null) {
if (ca.getAutoVerify().getUUID() != null) {
keepGroups.add(ca.getAutoVerify().getUUID());
}
String autoVerify = new PermissionRule(ca.getAutoVerify()).asString(false);
set(rc, CONTRIBUTOR_AGREEMENT, ca.getName(), KEY_AUTO_VERIFY, autoVerify);
} else {
rc.unset(CONTRIBUTOR_AGREEMENT, ca.getName(), KEY_AUTO_VERIFY);
}
rc.setStringList(CONTRIBUTOR_AGREEMENT, ca.getName(), KEY_ACCEPTED, ruleToStringList(ca.getAccepted(), keepGroups));
}
}
Also used :
PermissionRule(com.google.gerrit.common.data.PermissionRule)
ContributorAgreement(com.google.gerrit.common.data.ContributorAgreement)
Example 20 with PermissionRule
use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.
the class ProjectConfig method saveAccessSections.
private void saveAccessSections(Config rc, Set<AccountGroup.UUID> keepGroups) {
AccessSection capability = accessSections.get(AccessSection.GLOBAL_CAPABILITIES);
if (capability != null) {
Set<String> have = new HashSet<>();
for (Permission permission : sort(capability.getPermissions())) {
have.add(permission.getName().toLowerCase());
boolean needRange = GlobalCapability.hasRange(permission.getName());
List<String> rules = new ArrayList<>();
for (PermissionRule rule : sort(permission.getRules())) {
GroupReference group = resolve(rule.getGroup());
if (group.getUUID() != null) {
keepGroups.add(group.getUUID());
}
rules.add(rule.asString(needRange));
}
rc.setStringList(CAPABILITY, null, permission.getName(), rules);
}
for (String varName : rc.getNames(CAPABILITY)) {
if (!have.contains(varName.toLowerCase())) {
rc.unset(CAPABILITY, null, varName);
}
}
} else {
rc.unsetSection(CAPABILITY, null);
}
for (AccessSection as : sort(accessSections.values())) {
String refName = as.getName();
if (AccessSection.GLOBAL_CAPABILITIES.equals(refName)) {
continue;
}
StringBuilder doNotInherit = new StringBuilder();
for (Permission perm : sort(as.getPermissions())) {
if (perm.getExclusiveGroup()) {
if (0 < doNotInherit.length()) {
doNotInherit.append(' ');
}
doNotInherit.append(perm.getName());
}
}
if (0 < doNotInherit.length()) {
rc.setString(ACCESS, refName, KEY_GROUP_PERMISSIONS, doNotInherit.toString());
} else {
rc.unset(ACCESS, refName, KEY_GROUP_PERMISSIONS);
}
Set<String> have = new HashSet<>();
for (Permission permission : sort(as.getPermissions())) {
have.add(permission.getName().toLowerCase());
boolean needRange = Permission.hasRange(permission.getName());
List<String> rules = new ArrayList<>();
for (PermissionRule rule : sort(permission.getRules())) {
GroupReference group = resolve(rule.getGroup());
if (group.getUUID() != null) {
keepGroups.add(group.getUUID());
}
rules.add(rule.asString(needRange));
}
rc.setStringList(ACCESS, refName, permission.getName(), rules);
}
for (String varName : rc.getNames(ACCESS, refName)) {
if (isPermission(convertLegacyPermission(varName)) && !have.contains(varName.toLowerCase())) {
rc.unset(ACCESS, refName, varName);
}
}
}
for (String name : rc.getSubsections(ACCESS)) {
if (RefConfigSection.isValid(name) && !accessSections.containsKey(name)) {
rc.unsetSection(ACCESS, name);
}
}
}
Also used :
PermissionRule(com.google.gerrit.common.data.PermissionRule)
Permission(com.google.gerrit.common.data.Permission)
Permission.isPermission(com.google.gerrit.common.data.Permission.isPermission)
ArrayList(java.util.ArrayList)
GroupReference(com.google.gerrit.common.data.GroupReference)
AccessSection(com.google.gerrit.common.data.AccessSection)
HashSet(java.util.HashSet)
Aggregations
PermissionRule (com.google.gerrit.common.data.PermissionRule)51
Permission (com.google.gerrit.common.data.Permission)18
AccessSection (com.google.gerrit.common.data.AccessSection)14
GroupReference (com.google.gerrit.common.data.GroupReference)11
ProjectConfig (com.google.gerrit.server.git.ProjectConfig)10
ArrayList (java.util.ArrayList)9
MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)8
ContributorAgreement (com.google.gerrit.common.data.ContributorAgreement)6
HashSet (java.util.HashSet)6
PermissionRange (com.google.gerrit.common.data.PermissionRange)5
AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)5
Project (com.google.gerrit.reviewdb.client.Project)4
HashMap (java.util.HashMap)4
Test (org.junit.Test)4
GroupDescription (com.google.gerrit.common.data.GroupDescription)3
ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)3
NoSuchGroupException (com.google.gerrit.common.errors.NoSuchGroupException)2
AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)2
PermissionInfo (com.google.gerrit.extensions.api.access.PermissionInfo)2
PermissionRuleInfo (com.google.gerrit.extensions.api.access.PermissionRuleInfo)2
