Example 1 with InvalidNameException
use of com.google.gerrit.common.errors.InvalidNameException in project gerrit by GerritCodeReview.
the class SetAccess method apply.
@Override
public ProjectAccessInfo apply(ProjectResource rsrc, ProjectAccessInput input) throws ResourceNotFoundException, ResourceConflictException, IOException, AuthException, BadRequestException, UnprocessableEntityException, PermissionBackendException {
List<AccessSection> removals = getAccessSections(input.remove);
List<AccessSection> additions = getAccessSections(input.add);
MetaDataUpdate.User metaDataUpdateUser = metaDataUpdateFactory.get();
ProjectControl projectControl = rsrc.getControl();
ProjectConfig config;
Project.NameKey newParentProjectName = input.parent == null ? null : new Project.NameKey(input.parent);
try (MetaDataUpdate md = metaDataUpdateUser.create(rsrc.getNameKey())) {
config = ProjectConfig.read(md);
// Perform removal checks
for (AccessSection section : removals) {
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
if (isGlobalCapabilities) {
checkGlobalCapabilityPermissions(config.getName());
} else if (!projectControl.controlForRef(section.getName()).isOwner()) {
throw new AuthException("You are not allowed to edit permissionsfor ref: " + section.getName());
}
}
// Perform addition checks
for (AccessSection section : additions) {
String name = section.getName();
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(name);
if (isGlobalCapabilities) {
checkGlobalCapabilityPermissions(config.getName());
} else {
if (!AccessSection.isValid(name)) {
throw new BadRequestException("invalid section name");
}
if (!projectControl.controlForRef(name).isOwner()) {
throw new AuthException("You are not allowed to edit permissionsfor ref: " + name);
}
RefPattern.validate(name);
}
// Check all permissions for soundness
for (Permission p : section.getPermissions()) {
if (isGlobalCapabilities && !GlobalCapability.isCapability(p.getName())) {
throw new BadRequestException("Cannot add non-global capability " + p.getName() + " to global capabilities");
}
}
}
// Apply removals
for (AccessSection section : removals) {
if (section.getPermissions().isEmpty()) {
// Remove entire section
config.remove(config.getAccessSection(section.getName()));
}
// Remove specific permissions
for (Permission p : section.getPermissions()) {
if (p.getRules().isEmpty()) {
config.remove(config.getAccessSection(section.getName()), p);
} else {
for (PermissionRule r : p.getRules()) {
config.remove(config.getAccessSection(section.getName()), p, r);
}
}
}
}
// Apply additions
for (AccessSection section : additions) {
AccessSection currentAccessSection = config.getAccessSection(section.getName());
if (currentAccessSection == null) {
// Add AccessSection
config.replace(section);
} else {
for (Permission p : section.getPermissions()) {
Permission currentPermission = currentAccessSection.getPermission(p.getName());
if (currentPermission == null) {
// Add Permission
currentAccessSection.addPermission(p);
} else {
for (PermissionRule r : p.getRules()) {
// AddPermissionRule
currentPermission.add(r);
}
}
}
}
}
if (newParentProjectName != null && !config.getProject().getNameKey().equals(allProjects) && !config.getProject().getParent(allProjects).equals(newParentProjectName)) {
try {
setParent.get().validateParentUpdate(projectControl, MoreObjects.firstNonNull(newParentProjectName, allProjects).get(), true);
} catch (UnprocessableEntityException e) {
throw new ResourceConflictException(e.getMessage(), e);
}
config.getProject().setParentName(newParentProjectName);
}
if (!Strings.isNullOrEmpty(input.message)) {
if (!input.message.endsWith("\n")) {
input.message += "\n";
}
md.setMessage(input.message);
} else {
md.setMessage("Modify access rules\n");
}
config.commit(md);
projectCache.evict(config.getProject());
} catch (InvalidNameException e) {
throw new BadRequestException(e.toString());
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(rsrc.getName());
}
return getAccess.apply(rsrc.getNameKey());
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
AccessSection(com.google.gerrit.common.data.AccessSection)
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
Project(com.google.gerrit.reviewdb.client.Project)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
InvalidNameException(com.google.gerrit.common.errors.InvalidNameException)
GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission)
Permission(com.google.gerrit.common.data.Permission)
BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Aggregations
AccessSection (com.google.gerrit.common.data.AccessSection)1
Permission (com.google.gerrit.common.data.Permission)1
PermissionRule (com.google.gerrit.common.data.PermissionRule)1
InvalidNameException (com.google.gerrit.common.errors.InvalidNameException)1
AuthException (com.google.gerrit.extensions.restapi.AuthException)1
BadRequestException (com.google.gerrit.extensions.restapi.BadRequestException)1
ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)1
UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)1
Project (com.google.gerrit.reviewdb.client.Project)1
MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)1
ProjectConfig (com.google.gerrit.server.git.ProjectConfig)1
GlobalPermission (com.google.gerrit.server.permissions.GlobalPermission)1
ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)1
