Examples with ContributorAgreement com.google.gerrit.entities.ContributorAgreement used on opensource projects

Example 1 with ContributorAgreement

use of com.google.gerrit.entities.ContributorAgreement in project gerrit by GerritCodeReview.

the class ContributorAgreementsChecker method check.

/**
 * Checks if the user has signed a contributor agreement for the project.
 *
 * @throws AuthException if the user has not signed a contributor agreement for the project
 * @throws IOException if project states could not be loaded
 */
public void check(Project.NameKey project, CurrentUser user) throws IOException, AuthException {
    metrics.claCheckCount.increment();
    ProjectState projectState = projectCache.get(project).orElseThrow(() -> new IOException("Can't load " + project));
    if (!projectState.is(BooleanProjectConfig.USE_CONTRIBUTOR_AGREEMENTS)) {
        return;
    }
    if (!user.isIdentifiedUser()) {
        throw new AuthException("Must be logged in to verify Contributor Agreement");
    }
    IdentifiedUser iUser = user.asIdentifiedUser();
    Collection<ContributorAgreement> contributorAgreements = projectCache.getAllProjects().getConfig().getContributorAgreements().values();
    List<UUID> okGroupIds = new ArrayList<>();
    for (ContributorAgreement ca : contributorAgreements) {
        List<AccountGroup.UUID> groupIds;
        groupIds = okGroupIds;
        // matchProjects defaults to match all projects when missing.
        List<String> matchProjectsRegexes = ca.getMatchProjectsRegexes();
        if (!matchProjectsRegexes.isEmpty() && !projectMatchesAnyPattern(project.get(), matchProjectsRegexes)) {
            // Doesn't match, isn't checked.
            continue;
        }
        // excludeProjects defaults to exclude no projects when missing.
        List<String> excludeProjectsRegexes = ca.getExcludeProjectsRegexes();
        if (!excludeProjectsRegexes.isEmpty() && projectMatchesAnyPattern(project.get(), excludeProjectsRegexes)) {
            // Matches, isn't checked.
            continue;
        }
        for (PermissionRule rule : ca.getAccepted()) {
            if ((rule.getAction() == Action.ALLOW) && (rule.getGroup() != null) && (rule.getGroup().getUUID() != null)) {
                groupIds.add(AccountGroup.uuid(rule.getGroup().getUUID().get()));
            }
        }
    }
    if (!okGroupIds.isEmpty() && !iUser.getEffectiveGroups().containsAnyOf(okGroupIds)) {
        final StringBuilder msg = new StringBuilder();
        msg.append("No Contributor Agreement on file for user ").append(iUser.getNameEmail()).append(" (id=").append(iUser.getAccountId()).append(")");
        msg.append(urlFormatter.get().getSettingsUrl("Agreements").orElse(""));
        throw new AuthException(msg.toString());
    }
}

Example 2 with ContributorAgreement

use of com.google.gerrit.entities.ContributorAgreement in project gerrit by GerritCodeReview.

the class ProjectConfigTest method readConfig.

@Test
public void readConfig() throws Exception {
    RevCommit rev = tr.commit().add("groups", group(developers)).add("project.config", "[access \"refs/heads/*\"]\n" + "  exclusiveGroupPermissions = read submit create\n" + "  submit = group Developers\n" + "  push = group Developers\n" + "  read = group Developers\n" + "[accounts]\n" + "  sameGroupVisibility = deny group Developers\n" + "  sameGroupVisibility = block group Staff\n" + "[contributor-agreement \"Individual\"]\n" + "  description = A simple description\n" + "  matchProjects = ^/ourproject\n" + "  matchProjects = ^/ourotherproject\n" + "  matchProjects = ^/someotherroot/ourproject\n" + "  excludeProjects = ^/theirproject\n" + "  excludeProjects = ^/theirotherproject\n" + "  excludeProjects = ^/someotherroot/theirproject\n" + "  excludeProjects = ^/someotherroot/theirotherproject\n" + "  accepted = group Developers\n" + "  accepted = group Staff\n" + "  autoVerify = group Developers\n" + "  agreementUrl = http://www.example.com/agree\n").create();
    ProjectConfig cfg = read(rev);
    assertThat(cfg.getAccountsSection().getSameGroupVisibility()).hasSize(2);
    ContributorAgreement ca = cfg.getContributorAgreement("Individual");
    assertThat(ca.getName()).isEqualTo("Individual");
    assertThat(ca.getDescription()).isEqualTo("A simple description");
    assertThat(ca.getMatchProjectsRegexes()).containsExactly("^/ourproject", "^/ourotherproject", "^/someotherroot/ourproject");
    assertThat(ca.getExcludeProjectsRegexes()).containsExactly("^/theirproject", "^/theirotherproject", "^/someotherroot/theirproject", "^/someotherroot/theirotherproject");
    assertThat(ca.getAgreementUrl()).isEqualTo("http://www.example.com/agree");
    assertThat(ca.getAccepted()).hasSize(2);
    assertThat(ca.getAccepted().get(0).getGroup()).isEqualTo(developers);
    assertThat(ca.getAccepted().get(1).getGroup().getName()).isEqualTo("Staff");
    assertThat(ca.getAutoVerify().getName()).isEqualTo("Developers");
    AccessSection section = cfg.getAccessSection("refs/heads/*");
    assertThat(section).isNotNull();
    assertThat(cfg.getAccessSection("refs/*")).isNull();
    Permission create = section.getPermission(Permission.CREATE);
    Permission submit = section.getPermission(Permission.SUBMIT);
    Permission read = section.getPermission(Permission.READ);
    Permission push = section.getPermission(Permission.PUSH);
    assertThat(create.getExclusiveGroup()).isTrue();
    assertThat(submit.getExclusiveGroup()).isTrue();
    assertThat(read.getExclusiveGroup()).isTrue();
    assertThat(push.getExclusiveGroup()).isFalse();
}

Example 3 with ContributorAgreement

use of com.google.gerrit.entities.ContributorAgreement in project gerrit by GerritCodeReview.

the class ContributorAgreementSerializerTest method roundTrip.

@Test
public void roundTrip() {
    ContributorAgreement autoValue = ContributorAgreement.builder("name").setDescription("desc").setAgreementUrl("url").setAutoVerify(GroupReference.create("auto-verify")).setAccepted(ImmutableList.of(PermissionRule.create(GroupReference.create("accepted1")), PermissionRule.create(GroupReference.create("accepted2")))).setExcludeProjectsRegexes(ImmutableList.of("refs/*")).setMatchProjectsRegexes(ImmutableList.of("refs/heads/*")).build();
    assertThat(deserialize(serialize(autoValue))).isEqualTo(autoValue);
}

Example 4 with ContributorAgreement

use of com.google.gerrit.entities.ContributorAgreement in project gerrit by GerritCodeReview.

the class ContributorAgreementSerializerTest method roundTripWithMinimalValues.

@Test
public void roundTripWithMinimalValues() {
    ContributorAgreement autoValue = ContributorAgreement.builder("name").setAccepted(ImmutableList.of(PermissionRule.create(GroupReference.create("accepted1")), PermissionRule.create(GroupReference.create("accepted2")))).build();
    assertThat(deserialize(serialize(autoValue))).isEqualTo(autoValue);
}

Example 5 with ContributorAgreement

use of com.google.gerrit.entities.ContributorAgreement in project gerrit by GerritCodeReview.

the class ProjectConfig method replace.

public void replace(ContributorAgreement section) {
    ContributorAgreement.Builder ca = section.toBuilder();
    ca.setAutoVerify(resolve(section.getAutoVerify()));
    ImmutableList.Builder<PermissionRule> newRules = ImmutableList.builder();
    for (PermissionRule rule : section.getAccepted()) {
        newRules.add(rule.toBuilder().setGroup(resolve(rule.getGroup())).build());
    }
    ca.setAccepted(newRules.build());
    contributorAgreements.put(section.getName(), ca.build());
}