Examples with PermissionRule com.google.gerrit.common.data.PermissionRule used on opensource projects

Example 31 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class AbstractDaemonTest method configureContributorAgreement.

protected ContributorAgreement configureContributorAgreement(boolean autoVerify) throws Exception {
    ContributorAgreement ca;
    if (autoVerify) {
        String g = createGroup("cla-test-group");
        GroupApi groupApi = gApi.groups().id(g);
        groupApi.description("CLA test group");
        AccountGroup caGroup = groupCache.get(new AccountGroup.UUID(groupApi.detail().id));
        GroupReference groupRef = GroupReference.forGroup(caGroup);
        PermissionRule rule = new PermissionRule(groupRef);
        rule.setAction(PermissionRule.Action.ALLOW);
        ca = new ContributorAgreement("cla-test");
        ca.setAutoVerify(groupRef);
        ca.setAccepted(ImmutableList.of(rule));
    } else {
        ca = new ContributorAgreement("cla-test-no-auto-verify");
    }
    ca.setDescription("description");
    ca.setAgreementUrl("agreement-url");
    ProjectConfig cfg = projectCache.checkedGet(allProjects).getConfig();
    cfg.replace(ca);
    saveProjectConfig(allProjects, cfg);
    return ca;
}

Example 32 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class ProjectAccessFactory method buildGroupInfo.

private Map<AccountGroup.UUID, GroupInfo> buildGroupInfo(List<AccessSection> local) {
    Map<AccountGroup.UUID, GroupInfo> infos = new HashMap<>();
    for (AccessSection section : local) {
        for (Permission permission : section.getPermissions()) {
            for (PermissionRule rule : permission.getRules()) {
                if (rule.getGroup() != null) {
                    AccountGroup.UUID uuid = rule.getGroup().getUUID();
                    if (uuid != null && !infos.containsKey(uuid)) {
                        GroupDescription.Basic group = groupBackend.get(uuid);
                        infos.put(uuid, group != null ? new GroupInfo(group) : null);
                    }
                }
            }
        }
    }
    return Maps.filterEntries(infos, in -> in.getValue() != null);
}

Example 33 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class ProjectAccessFactory method call.

@Override
public ProjectAccess call() throws NoSuchProjectException, IOException, ConfigInvalidException, PermissionBackendException {
    ProjectControl pc = checkProjectControl();
    // Load the current configuration from the repository, ensuring its the most
    // recent version available. If it differs from what was in the project
    // state, force a cache flush now.
    //
    ProjectConfig config;
    try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
        config = ProjectConfig.read(md);
        if (config.updateGroupNames(groupBackend)) {
            md.setMessage("Update group names\n");
            config.commit(md);
            projectCache.evict(config.getProject());
            pc = checkProjectControl();
        } else if (config.getRevision() != null && !config.getRevision().equals(pc.getProjectState().getConfig().getRevision())) {
            projectCache.evict(config.getProject());
            pc = checkProjectControl();
        }
    }
    final RefControl metaConfigControl = pc.controlForRef(RefNames.REFS_CONFIG);
    List<AccessSection> local = new ArrayList<>();
    Set<String> ownerOf = new HashSet<>();
    Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
    for (AccessSection section : config.getAccessSections()) {
        String name = section.getName();
        if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
            if (pc.isOwner()) {
                local.add(section);
                ownerOf.add(name);
            } else if (metaConfigControl.isVisible()) {
                local.add(section);
            }
        } else if (RefConfigSection.isValid(name)) {
            RefControl rc = pc.controlForRef(name);
            if (rc.isOwner()) {
                local.add(section);
                ownerOf.add(name);
            } else if (metaConfigControl.isVisible()) {
                local.add(section);
            } else if (rc.isVisible()) {
                // Filter the section to only add rules describing groups that
                // are visible to the current-user. This includes any group the
                // user is a member of, as well as groups they own or that
                // are visible to all users.
                AccessSection dst = null;
                for (Permission srcPerm : section.getPermissions()) {
                    Permission dstPerm = null;
                    for (PermissionRule srcRule : srcPerm.getRules()) {
                        AccountGroup.UUID group = srcRule.getGroup().getUUID();
                        if (group == null) {
                            continue;
                        }
                        Boolean canSeeGroup = visibleGroups.get(group);
                        if (canSeeGroup == null) {
                            try {
                                canSeeGroup = groupControlFactory.controlFor(group).isVisible();
                            } catch (NoSuchGroupException e) {
                                canSeeGroup = Boolean.FALSE;
                            }
                            visibleGroups.put(group, canSeeGroup);
                        }
                        if (canSeeGroup) {
                            if (dstPerm == null) {
                                if (dst == null) {
                                    dst = new AccessSection(name);
                                    local.add(dst);
                                }
                                dstPerm = dst.getPermission(srcPerm.getName(), true);
                            }
                            dstPerm.add(srcRule);
                        }
                    }
                }
            }
        }
    }
    if (ownerOf.isEmpty() && pc.isOwnerAnyRef()) {
        // Special case: If the section list is empty, this project has no current
        // access control information. Rely on what ProjectControl determines
        // is ownership, which probably means falling back to site administrators.
        ownerOf.add(AccessSection.ALL);
    }
    final ProjectAccess detail = new ProjectAccess();
    detail.setProjectName(projectName);
    if (config.getRevision() != null) {
        detail.setRevision(config.getRevision().name());
    }
    detail.setInheritsFrom(config.getProject().getParent(allProjectsName));
    if (projectName.equals(allProjectsName)) {
        if (pc.isOwner()) {
            ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
        }
    }
    detail.setLocal(local);
    detail.setOwnerOf(ownerOf);
    detail.setCanUpload(metaConfigControl.isVisible() && (pc.isOwner() || metaConfigControl.canUpload()));
    detail.setConfigVisible(pc.isOwner() || metaConfigControl.isVisible());
    detail.setGroupInfo(buildGroupInfo(local));
    detail.setLabelTypes(pc.getLabelTypes());
    detail.setFileHistoryLinks(getConfigFileLogLinks(projectName.get()));
    return detail;
}

Example 34 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class AbstractDaemonTest method grant.

protected void grant(Project.NameKey project, String ref, String permission, boolean force, AccountGroup.UUID groupUUID) throws RepositoryNotFoundException, IOException, ConfigInvalidException {
    try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
        md.setMessage(String.format("Grant %s on %s", permission, ref));
        ProjectConfig config = ProjectConfig.read(md);
        AccessSection s = config.getAccessSection(ref, true);
        Permission p = s.getPermission(permission, true);
        PermissionRule rule = Util.newRule(config, groupUUID);
        rule.setForce(force);
        p.add(rule);
        config.commit(md);
        projectCache.evict(config.getProject());
    }
}

Example 35 with PermissionRule

use of com.google.gerrit.common.data.PermissionRule in project gerrit by GerritCodeReview.

the class CreateProject method createProjectConfig.

private void createProjectConfig(CreateProjectArgs args) throws IOException, ConfigInvalidException {
    try (MetaDataUpdate md = metaDataUpdateFactory.create(args.getProject())) {
        ProjectConfig config = ProjectConfig.read(md);
        Project newProject = config.getProject();
        newProject.setDescription(args.projectDescription);
        newProject.setSubmitType(MoreObjects.firstNonNull(args.submitType, repositoryCfg.getDefaultSubmitType(args.getProject())));
        newProject.setUseContributorAgreements(args.contributorAgreements);
        newProject.setUseSignedOffBy(args.signedOffBy);
        newProject.setUseContentMerge(args.contentMerge);
        newProject.setCreateNewChangeForAllNotInTarget(args.newChangeForAllNotInTarget);
        newProject.setRequireChangeID(args.changeIdRequired);
        newProject.setMaxObjectSizeLimit(args.maxObjectSizeLimit);
        if (args.newParent != null) {
            newProject.setParentName(args.newParent.getProject().getNameKey());
        }
        if (!args.ownerIds.isEmpty()) {
            AccessSection all = config.getAccessSection(AccessSection.ALL, true);
            for (AccountGroup.UUID ownerId : args.ownerIds) {
                GroupDescription.Basic g = groupBackend.get(ownerId);
                if (g != null) {
                    GroupReference group = config.resolve(GroupReference.forGroup(g));
                    all.getPermission(Permission.OWNER, true).add(new PermissionRule(group));
                }
            }
        }
        md.setMessage("Created project\n");
        config.commit(md);
        md.getRepository().setGitwebDescription(args.projectDescription);
    }
    projectCache.onCreateProject(args.getProject());
}