Search in sources :

Example 21 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class AccessIT method grantRevertPermissionByOnNewRefAndDeletingOnOldRef.

@Test
public void grantRevertPermissionByOnNewRefAndDeletingOnOldRef() throws Exception {
    String refsHeads = "refs/heads/*";
    String refsStar = "refs/*";
    String groupId = "global:Registered-Users";
    GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
    try (Repository repo = repoManager.openRepository(newProjectName)) {
        MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, newProjectName, repo);
        ProjectConfig projectConfig = projectConfigFactory.read(md);
        projectConfig.upsertAccessSection(AccessSection.HEADS, heads -> {
            grant(projectConfig, heads, Permission.REVERT, registeredUsers);
        });
        md.getCommitBuilder().setAuthor(admin.newIdent());
        md.getCommitBuilder().setCommitter(admin.newIdent());
        md.setMessage("Add revert permission for all registered users\n");
        projectConfig.commit(md);
    }
    grantRevertPermission.execute(newProjectName);
    ProjectAccessInfo info = pApi().access();
    // Revert permission is removed on refs/heads/*.
    assertThat(info.local.containsKey(refsHeads)).isTrue();
    AccessSectionInfo accessSectionInfo = info.local.get(refsHeads);
    assertThat(accessSectionInfo.permissions.containsKey(Permission.REVERT)).isFalse();
    // new permission is added on refs/* with Registered-Users.
    assertThat(info.local.containsKey(refsStar)).isTrue();
    accessSectionInfo = info.local.get(refsStar);
    assertThat(accessSectionInfo.permissions.containsKey(Permission.REVERT)).isTrue();
    PermissionInfo permissionInfo = accessSectionInfo.permissions.get(Permission.REVERT);
    assertThat(permissionInfo.rules.containsKey(groupId)).isTrue();
    PermissionRuleInfo permissionRuleInfo = permissionInfo.rules.get(groupId);
    assertThat(permissionRuleInfo.action).isEqualTo(PermissionRuleInfo.Action.ALLOW);
}
Also used : ProjectConfig(com.google.gerrit.server.project.ProjectConfig) InMemoryRepository(org.eclipse.jgit.internal.storage.dfs.InMemoryRepository) TestRepository(org.eclipse.jgit.junit.TestRepository) Repository(org.eclipse.jgit.lib.Repository) PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) GroupReference(com.google.gerrit.entities.GroupReference) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Test(org.junit.Test)

Example 22 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class AccessIT method grantRevertPermissionDoesntDeleteAdminsPreferences.

@Test
public void grantRevertPermissionDoesntDeleteAdminsPreferences() throws Exception {
    GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
    GroupReference otherGroup = systemGroupBackend.getGroup(ANONYMOUS_USERS);
    try (Repository repo = repoManager.openRepository(newProjectName)) {
        MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, newProjectName, repo);
        ProjectConfig projectConfig = projectConfigFactory.read(md);
        projectConfig.upsertAccessSection(AccessSection.HEADS, heads -> {
            grant(projectConfig, heads, Permission.REVERT, registeredUsers);
            grant(projectConfig, heads, Permission.REVERT, otherGroup);
        });
        md.getCommitBuilder().setAuthor(admin.newIdent());
        md.getCommitBuilder().setCommitter(admin.newIdent());
        md.setMessage("Add revert permission for all registered users\n");
        projectConfig.commit(md);
    }
    projectCache.evict(newProjectName);
    ProjectAccessInfo expected = pApi().access();
    grantRevertPermission.execute(newProjectName);
    projectCache.evict(newProjectName);
    ProjectAccessInfo actual = pApi().access();
    // Permissions don't change
    assertThat(actual.local).isEqualTo(expected.local);
}
Also used : ProjectConfig(com.google.gerrit.server.project.ProjectConfig) InMemoryRepository(org.eclipse.jgit.internal.storage.dfs.InMemoryRepository) TestRepository(org.eclipse.jgit.junit.TestRepository) Repository(org.eclipse.jgit.lib.Repository) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) GroupReference(com.google.gerrit.entities.GroupReference) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Test(org.junit.Test)

Example 23 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class AccessIT method grantAllowAndDenyForSameGroup.

@Test
public void grantAllowAndDenyForSameGroup() throws Exception {
    GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
    String access = "access";
    List<String> allowThenDeny = asList(registeredUsers.toConfigValue(), "deny " + registeredUsers.toConfigValue());
    // Clone repository to forcefully add permission
    TestRepository<InMemoryRepository> allProjectsRepo = cloneProject(allProjects, admin);
    // Fetch permission ref
    GitUtil.fetch(allProjectsRepo, "refs/meta/config:cfg");
    allProjectsRepo.reset("cfg");
    // Load current permissions
    String config = gApi.projects().name(allProjects.get()).branch(RefNames.REFS_CONFIG).file(ProjectConfig.PROJECT_CONFIG).asString();
    // Append and push allowThenDeny permissions
    Config cfg = new Config();
    cfg.fromText(config);
    cfg.setStringList(access, AccessSection.HEADS, Permission.READ, allowThenDeny);
    config = cfg.toText();
    PushOneCommit push = pushFactory.create(admin.newIdent(), allProjectsRepo, "Subject", ProjectConfig.PROJECT_CONFIG, config);
    push.to(RefNames.REFS_CONFIG).assertOkStatus();
    ProjectAccessInfo pai = gApi.projects().name(allProjects.get()).access();
    Map<String, AccessSectionInfo> local = pai.local;
    AccessSectionInfo heads = local.get(AccessSection.HEADS);
    Map<String, PermissionInfo> permissions = heads.permissions;
    PermissionInfo read = permissions.get(Permission.READ);
    Map<String, PermissionRuleInfo> rules = read.rules;
    assertEquals(rules.get(registeredUsers.getUUID().get()), new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false));
}
Also used : InMemoryRepository(org.eclipse.jgit.internal.storage.dfs.InMemoryRepository) ProjectConfig(com.google.gerrit.server.project.ProjectConfig) Config(org.eclipse.jgit.lib.Config) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) PushOneCommit(com.google.gerrit.acceptance.PushOneCommit) PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) GroupReference(com.google.gerrit.entities.GroupReference) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Test(org.junit.Test)

Example 24 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class GroupListTest method byUUID.

@Test
public void byUUID() throws Exception {
    AccountGroup.UUID uuid = AccountGroup.uuid("d96b998f8a66ff433af50befb975d0e2bb6e0999");
    GroupReference groupReference = groupList.byUUID(uuid);
    assertEquals(uuid, groupReference.getUUID());
    assertEquals(ServiceUserClassifier.SERVICE_USERS, groupReference.getName());
}
Also used : AccountGroup(com.google.gerrit.entities.AccountGroup) GroupReference(com.google.gerrit.entities.GroupReference) Test(org.junit.Test)

Example 25 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class GroupQueryBuilder method parseGroup.

private AccountGroup.UUID parseGroup(String groupNameOrUuid) throws QueryParseException {
    Optional<InternalGroup> group = args.groupCache.get(AccountGroup.uuid(groupNameOrUuid));
    if (group.isPresent()) {
        return group.get().getGroupUUID();
    }
    GroupReference groupReference = GroupBackends.findBestSuggestion(args.groupBackend, groupNameOrUuid);
    if (groupReference == null) {
        throw error("Group " + groupNameOrUuid + " not found");
    }
    return groupReference.getUUID();
}
Also used : GroupReference(com.google.gerrit.entities.GroupReference) InternalGroup(com.google.gerrit.entities.InternalGroup)

Aggregations

GroupReference (com.google.gerrit.entities.GroupReference)59 Test (org.junit.Test)24 AccountGroup (com.google.gerrit.entities.AccountGroup)18 AbstractDaemonTest (com.google.gerrit.acceptance.AbstractDaemonTest)8 GroupDescription (com.google.gerrit.entities.GroupDescription)8 InternalGroup (com.google.gerrit.entities.InternalGroup)7 ProjectConfig (com.google.gerrit.server.project.ProjectConfig)7 IOException (java.io.IOException)7 Repository (org.eclipse.jgit.lib.Repository)7 MetaDataUpdate (com.google.gerrit.server.git.meta.MetaDataUpdate)6 Config (org.eclipse.jgit.lib.Config)6 CachedProjectConfig (com.google.gerrit.entities.CachedProjectConfig)5 InMemoryRepository (org.eclipse.jgit.internal.storage.dfs.InMemoryRepository)5 NotifyConfig (com.google.gerrit.entities.NotifyConfig)4 ArrayList (java.util.ArrayList)4 Account (com.google.gerrit.entities.Account)3 BooleanProjectConfig (com.google.gerrit.entities.BooleanProjectConfig)3 Permission (com.google.gerrit.entities.Permission)3 PermissionRule (com.google.gerrit.entities.PermissionRule)3 ProjectAccessInfo (com.google.gerrit.extensions.api.access.ProjectAccessInfo)3