Example 1 with PermissionDeniedException
use of com.google.gerrit.common.errors.PermissionDeniedException in project gerrit by GerritCodeReview.
the class ProjectAccessHandler method call.
@Override
public final T call() throws NoSuchProjectException, IOException, ConfigInvalidException, InvalidNameException, NoSuchGroupException, OrmException, UpdateParentFailedException, PermissionDeniedException, PermissionBackendException {
final ProjectControl projectControl = projectControlFactory.controlFor(projectName);
Capable r = projectControl.canPushToAtLeastOneRef();
if (r != Capable.OK) {
throw new PermissionDeniedException(r.getMessage());
}
try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
ProjectConfig config = ProjectConfig.read(md, base);
Set<String> toDelete = scanSectionNames(config);
for (AccessSection section : mergeSections(sectionList)) {
String name = section.getName();
if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
if (checkIfOwner && !projectControl.isOwner()) {
continue;
}
replace(config, toDelete, section);
} else if (AccessSection.isValid(name)) {
if (checkIfOwner && !projectControl.controlForRef(name).isOwner()) {
continue;
}
RefPattern.validate(name);
replace(config, toDelete, section);
}
}
for (String name : toDelete) {
if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
if (!checkIfOwner || projectControl.isOwner()) {
config.remove(config.getAccessSection(name));
}
} else if (!checkIfOwner || projectControl.controlForRef(name).isOwner()) {
config.remove(config.getAccessSection(name));
}
}
boolean parentProjectUpdate = false;
if (!config.getProject().getNameKey().equals(allProjects) && !config.getProject().getParent(allProjects).equals(parentProjectName)) {
parentProjectUpdate = true;
try {
setParent.get().validateParentUpdate(projectControl, MoreObjects.firstNonNull(parentProjectName, allProjects).get(), checkIfOwner);
} catch (AuthException e) {
throw new UpdateParentFailedException("You are not allowed to change the parent project since you are " + "not an administrator. You may save the modifications for review " + "so that an administrator can approve them.", e);
} catch (ResourceConflictException | UnprocessableEntityException e) {
throw new UpdateParentFailedException(e.getMessage(), e);
}
config.getProject().setParentName(parentProjectName);
}
if (message != null && !message.isEmpty()) {
if (!message.endsWith("\n")) {
message += "\n";
}
md.setMessage(message);
} else {
md.setMessage("Modify access rules\n");
}
return updateProjectConfig(projectControl, config, md, parentProjectUpdate);
} catch (RepositoryNotFoundException notFound) {
throw new NoSuchProjectException(projectName);
}
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
NoSuchProjectException(com.google.gerrit.server.project.NoSuchProjectException)
UpdateParentFailedException(com.google.gerrit.common.errors.UpdateParentFailedException)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
RepositoryNotFoundException(org.eclipse.jgit.errors.RepositoryNotFoundException)
ProjectControl(com.google.gerrit.server.project.ProjectControl)
AccessSection(com.google.gerrit.common.data.AccessSection)
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
Capable(com.google.gerrit.common.data.Capable)
PermissionDeniedException(com.google.gerrit.common.errors.PermissionDeniedException)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Example 2 with PermissionDeniedException
use of com.google.gerrit.common.errors.PermissionDeniedException in project gerrit by GerritCodeReview.
the class ReviewProjectAccess method updateProjectConfig.
// TODO(dborowitz): Hack MetaDataUpdate so it can be created within a BatchUpdate and we can avoid
// calling setUpdateRef(false).
@SuppressWarnings("deprecation")
@Override
protected Change.Id updateProjectConfig(ProjectControl projectControl, ProjectConfig config, MetaDataUpdate md, boolean parentProjectUpdate) throws IOException, OrmException, PermissionDeniedException {
RefControl refsMetaConfigControl = projectControl.controlForRef(RefNames.REFS_CONFIG);
if (!refsMetaConfigControl.isVisible()) {
throw new PermissionDeniedException(RefNames.REFS_CONFIG + " not visible");
}
if (!projectControl.isOwner() && !refsMetaConfigControl.canUpload()) {
throw new PermissionDeniedException("cannot upload to " + RefNames.REFS_CONFIG);
}
md.setInsertChangeId(true);
Change.Id changeId = new Change.Id(seq.nextChangeId());
RevCommit commit = config.commitToNewRef(md, new PatchSet.Id(changeId, Change.INITIAL_PATCH_SET_ID).toRefName());
if (commit.getId().equals(base)) {
return null;
}
try (ObjectInserter objInserter = md.getRepository().newObjectInserter();
ObjectReader objReader = objInserter.newReader();
RevWalk rw = new RevWalk(objReader);
BatchUpdate bu = updateFactory.create(db, config.getProject().getNameKey(), projectControl.getUser(), TimeUtil.nowTs())) {
bu.setRepository(md.getRepository(), rw, objInserter);
bu.insertChange(changeInserterFactory.create(changeId, commit, RefNames.REFS_CONFIG).setValidate(false).setUpdateRef(// Created by commitToNewRef.
false));
bu.execute();
} catch (UpdateException | RestApiException e) {
throw new IOException(e);
}
ChangeResource rsrc;
try {
rsrc = changes.parse(changeId);
} catch (ResourceNotFoundException e) {
throw new IOException(e);
}
addProjectOwnersAsReviewers(rsrc);
if (parentProjectUpdate) {
addAdministratorsAsReviewers(rsrc);
}
return changeId;
}
Also used :
RefControl(com.google.gerrit.server.project.RefControl)
Change(com.google.gerrit.reviewdb.client.Change)
IOException(java.io.IOException)
RevWalk(org.eclipse.jgit.revwalk.RevWalk)
BatchUpdate(com.google.gerrit.server.update.BatchUpdate)
ChangeResource(com.google.gerrit.server.change.ChangeResource)
ObjectInserter(org.eclipse.jgit.lib.ObjectInserter)
PermissionDeniedException(com.google.gerrit.common.errors.PermissionDeniedException)
ObjectReader(org.eclipse.jgit.lib.ObjectReader)
ObjectId(org.eclipse.jgit.lib.ObjectId)
UpdateException(com.google.gerrit.server.update.UpdateException)
RestApiException(com.google.gerrit.extensions.restapi.RestApiException)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
RevCommit(org.eclipse.jgit.revwalk.RevCommit)
Example 3 with PermissionDeniedException
use of com.google.gerrit.common.errors.PermissionDeniedException in project gerrit by GerritCodeReview.
the class BanCommit method ban.
public BanCommitResult ban(final ProjectControl projectControl, final List<ObjectId> commitsToBan, final String reason) throws PermissionDeniedException, IOException, ConcurrentRefUpdateException {
if (!projectControl.isOwner()) {
throw new PermissionDeniedException("Not project owner: not permitted to ban commits");
}
final BanCommitResult result = new BanCommitResult();
NoteMap banCommitNotes = NoteMap.newEmptyMap();
// Add a note for each banned commit to notes.
final Project.NameKey project = projectControl.getProject().getNameKey();
try (Repository repo = repoManager.openRepository(project);
RevWalk revWalk = new RevWalk(repo);
ObjectInserter inserter = repo.newObjectInserter()) {
ObjectId noteId = null;
for (final ObjectId commitToBan : commitsToBan) {
try {
revWalk.parseCommit(commitToBan);
} catch (MissingObjectException e) {
// Ignore exception, non-existing commits can be banned.
} catch (IncorrectObjectTypeException e) {
result.notACommit(commitToBan);
continue;
}
if (noteId == null) {
noteId = createNoteContent(reason, inserter);
}
banCommitNotes.set(commitToBan, noteId);
}
NotesBranchUtil notesBranchUtil = notesBranchUtilFactory.create(project, repo, inserter);
NoteMap newlyCreated = notesBranchUtil.commitNewNotes(banCommitNotes, REFS_REJECT_COMMITS, createPersonIdent(), buildCommitMessage(commitsToBan, reason));
for (Note n : banCommitNotes) {
if (newlyCreated.contains(n)) {
result.commitBanned(n);
} else {
result.commitAlreadyBanned(n);
}
}
return result;
}
}
Also used :
ObjectId(org.eclipse.jgit.lib.ObjectId)
IncorrectObjectTypeException(org.eclipse.jgit.errors.IncorrectObjectTypeException)
NoteMap(org.eclipse.jgit.notes.NoteMap)
RevWalk(org.eclipse.jgit.revwalk.RevWalk)
MissingObjectException(org.eclipse.jgit.errors.MissingObjectException)
Project(com.google.gerrit.reviewdb.client.Project)
Repository(org.eclipse.jgit.lib.Repository)
ObjectInserter(org.eclipse.jgit.lib.ObjectInserter)
Note(org.eclipse.jgit.notes.Note)
PermissionDeniedException(com.google.gerrit.common.errors.PermissionDeniedException)
Example 4 with PermissionDeniedException
use of com.google.gerrit.common.errors.PermissionDeniedException in project gerrit by GerritCodeReview.
the class BanCommit method apply.
@Override
public BanResultInfo apply(ProjectResource rsrc, Input input) throws UnprocessableEntityException, AuthException, ResourceConflictException, IOException {
BanResultInfo r = new BanResultInfo();
if (input != null && input.commits != null && !input.commits.isEmpty()) {
List<ObjectId> commitsToBan = new ArrayList<>(input.commits.size());
for (String c : input.commits) {
try {
commitsToBan.add(ObjectId.fromString(c));
} catch (IllegalArgumentException e) {
throw new UnprocessableEntityException(e.getMessage());
}
}
try {
BanCommitResult result = banCommit.ban(rsrc.getControl(), commitsToBan, input.reason);
r.newlyBanned = transformCommits(result.getNewlyBannedCommits());
r.alreadyBanned = transformCommits(result.getAlreadyBannedCommits());
r.ignored = transformCommits(result.getIgnoredObjectIds());
} catch (PermissionDeniedException e) {
throw new AuthException(e.getMessage());
} catch (ConcurrentRefUpdateException e) {
throw new ResourceConflictException(e.getMessage(), e);
}
}
return r;
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
ObjectId(org.eclipse.jgit.lib.ObjectId)
ArrayList(java.util.ArrayList)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
PermissionDeniedException(com.google.gerrit.common.errors.PermissionDeniedException)
BanCommitResult(com.google.gerrit.server.git.BanCommitResult)
ConcurrentRefUpdateException(org.eclipse.jgit.api.errors.ConcurrentRefUpdateException)
Aggregations
PermissionDeniedException (com.google.gerrit.common.errors.PermissionDeniedException)4
ObjectId (org.eclipse.jgit.lib.ObjectId)3
AuthException (com.google.gerrit.extensions.restapi.AuthException)2
ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)2
UnprocessableEntityException (com.google.gerrit.extensions.restapi.UnprocessableEntityException)2
ObjectInserter (org.eclipse.jgit.lib.ObjectInserter)2
RevWalk (org.eclipse.jgit.revwalk.RevWalk)2
AccessSection (com.google.gerrit.common.data.AccessSection)1
Capable (com.google.gerrit.common.data.Capable)1
UpdateParentFailedException (com.google.gerrit.common.errors.UpdateParentFailedException)1
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)1
RestApiException (com.google.gerrit.extensions.restapi.RestApiException)1
Change (com.google.gerrit.reviewdb.client.Change)1
Project (com.google.gerrit.reviewdb.client.Project)1
ChangeResource (com.google.gerrit.server.change.ChangeResource)1
BanCommitResult (com.google.gerrit.server.git.BanCommitResult)1
MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)1
ProjectConfig (com.google.gerrit.server.git.ProjectConfig)1
NoSuchProjectException (com.google.gerrit.server.project.NoSuchProjectException)1
ProjectControl (com.google.gerrit.server.project.ProjectControl)1
