Search in sources :

Example 36 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class AclUtil method grant.

public static void grant(ProjectConfig config, AccessSection.Builder section, LabelType type, int min, int max, boolean exclusive, GroupReference... groupList) {
    String name = Permission.LABEL + type.getName();
    Permission.Builder p = section.upsertPermission(name);
    p.setExclusiveGroup(exclusive);
    for (GroupReference group : groupList) {
        if (group != null) {
            p.add(rule(config, group).setRange(min, max));
        }
    }
}
Also used : Permission(com.google.gerrit.entities.Permission) GroupReference(com.google.gerrit.entities.GroupReference)

Example 37 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class GrantRevertPermission method execute.

public void execute(Project.NameKey projectName) throws IOException, ConfigInvalidException {
    GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
    try (Repository repo = repoManager.openRepository(projectName)) {
        MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, projectName, repo);
        ProjectConfig projectConfig = projectConfigFactory.read(md);
        AtomicBoolean shouldExit = new AtomicBoolean(false);
        projectConfig.upsertAccessSection(AccessSection.HEADS, heads -> {
            Permission permissionOnRefsHeads = heads.build().getPermission(Permission.REVERT);
            if (permissionOnRefsHeads != null) {
                if (permissionOnRefsHeads.getRule(registeredUsers) == null || permissionOnRefsHeads.getRules().size() > 1) {
                    // If admins already changed the permission, don't do anything.
                    shouldExit.set(true);
                    return;
                }
                // permission already exists in refs/heads/*, delete it for Registered Users.
                remove(projectConfig, heads, Permission.REVERT, registeredUsers);
            }
        });
        if (shouldExit.get()) {
            return;
        }
        projectConfig.upsertAccessSection(AccessSection.ALL, all -> {
            Permission permissionOnRefsStar = all.build().getPermission(Permission.REVERT);
            if (permissionOnRefsStar != null && permissionOnRefsStar.getRule(registeredUsers) != null) {
                // permission already exists in refs/*, don't do anything.
                return;
            }
            // If the permission doesn't exist of refs/* for Registered Users, grant it.
            grant(projectConfig, all, Permission.REVERT, registeredUsers);
        });
        md.getCommitBuilder().setAuthor(serverUser);
        md.getCommitBuilder().setCommitter(serverUser);
        md.setMessage("Add revert permission for all registered users\n");
        projectConfig.commit(md);
    }
}
Also used : ProjectConfig(com.google.gerrit.server.project.ProjectConfig) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) Repository(org.eclipse.jgit.lib.Repository) Permission(com.google.gerrit.entities.Permission) GroupReference(com.google.gerrit.entities.GroupReference) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate)

Example 38 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class Schema_184 method upgrade.

@Override
public void upgrade(Arguments args, UpdateUI ui) throws Exception {
    try (Repository allUsersRepo = args.repoManager.openRepository(args.allUsers)) {
        AccountGroup.NameKey newName = AccountGroup.nameKey(ServiceUserClassifier.SERVICE_USERS);
        Optional<GroupReference> nonInteractiveUsers = GroupNameNotes.loadAllGroups(allUsersRepo).stream().filter(g -> g.getName().equals("Non-Interactive Users")).findAny();
        if (!nonInteractiveUsers.isPresent()) {
            return;
        }
        GroupNameNotes newNameNotes = GroupNameNotes.forRename(args.allUsers, allUsersRepo, nonInteractiveUsers.get().getUUID(), AccountGroup.nameKey(nonInteractiveUsers.get().getName()), newName);
        GroupConfig groupConfig = GroupConfig.loadForGroup(args.allUsers, allUsersRepo, nonInteractiveUsers.get().getUUID());
        groupConfig.setGroupDelta(GroupDelta.builder().setName(newName).build(), AuditLogFormatter.createPartiallyWorkingFallBack());
        commit(args.allUsers, args.serverUser, allUsersRepo, groupConfig, newNameNotes);
        index(args.groupIndexCollection, groupConfig.getLoadedGroup().orElseThrow(() -> new IllegalStateException("Created group wasn't automatically loaded")));
    }
}
Also used : AccountGroup(com.google.gerrit.entities.AccountGroup) AllUsersName(com.google.gerrit.server.config.AllUsersName) AuditLogFormatter(com.google.gerrit.server.group.db.AuditLogFormatter) GroupNameNotes(com.google.gerrit.server.group.db.GroupNameNotes) InternalGroup(com.google.gerrit.entities.InternalGroup) GroupConfig(com.google.gerrit.server.group.db.GroupConfig) GroupIndexCollection(com.google.gerrit.server.index.group.GroupIndexCollection) IOException(java.io.IOException) GroupReference(com.google.gerrit.entities.GroupReference) PersonIdent(org.eclipse.jgit.lib.PersonIdent) Nullable(com.google.gerrit.common.Nullable) BatchRefUpdate(org.eclipse.jgit.lib.BatchRefUpdate) Optional(java.util.Optional) GroupIndex(com.google.gerrit.server.index.group.GroupIndex) GroupDelta(com.google.gerrit.server.group.db.GroupDelta) RefUpdateUtil(com.google.gerrit.git.RefUpdateUtil) ServiceUserClassifier(com.google.gerrit.server.account.ServiceUserClassifier) GitReferenceUpdated(com.google.gerrit.server.extensions.events.GitReferenceUpdated) Repository(org.eclipse.jgit.lib.Repository) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate) Repository(org.eclipse.jgit.lib.Repository) GroupNameNotes(com.google.gerrit.server.group.db.GroupNameNotes) AccountGroup(com.google.gerrit.entities.AccountGroup) GroupConfig(com.google.gerrit.server.group.db.GroupConfig) GroupReference(com.google.gerrit.entities.GroupReference)

Example 39 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class SchemaCreatorImpl method create.

@Override
public void create() throws IOException, ConfigInvalidException {
    GroupReference admins = createGroupReference("Administrators");
    GroupReference serviceUsers = createGroupReference(ServiceUserClassifier.SERVICE_USERS);
    AllProjectsInput allProjectsInput = AllProjectsInput.builder().administratorsGroup(admins).serviceUsersGroup(serviceUsers).build();
    allProjectsCreator.create(allProjectsInput);
    // We have to create the All-Users repository before we can use it to store the groups in it.
    allUsersCreator.setAdministrators(admins).create();
    // Don't rely on injection to construct Sequences, as the default GitReferenceUpdated has a
    // thick dependency stack which may not all be available at schema creation time.
    Sequences seqs = new Sequences(config, repoManager, GitReferenceUpdated.DISABLED, allProjectsName, allUsersName, metricMaker);
    try (Repository allUsersRepo = repoManager.openRepository(allUsersName)) {
        createAdminsGroup(seqs, allUsersRepo, admins);
        createBatchUsersGroup(seqs, allUsersRepo, serviceUsers, admins.getUUID());
    }
}
Also used : Sequences(com.google.gerrit.server.notedb.Sequences) Repository(org.eclipse.jgit.lib.Repository) GroupReference(com.google.gerrit.entities.GroupReference)

Example 40 with GroupReference

use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.

the class AgreementsIT method configureContributorAgreement.

protected ContributorAgreement configureContributorAgreement(boolean autoVerify) throws Exception {
    ContributorAgreement.Builder ca;
    String name = autoVerify ? "cla-test-group" : "cla-test-no-auto-verify-group";
    AccountGroup.UUID g = groupOperations.newGroup().name(name).create();
    GroupApi groupApi = gApi.groups().id(g.get());
    groupApi.description("CLA test group");
    InternalGroup caGroup = group(AccountGroup.uuid(groupApi.detail().id));
    GroupReference groupRef = GroupReference.create(caGroup.getGroupUUID(), caGroup.getName());
    PermissionRule rule = PermissionRule.builder(groupRef).setAction(PermissionRule.Action.ALLOW).build();
    if (autoVerify) {
        ca = ContributorAgreement.builder("cla-test");
        ca.setAutoVerify(groupRef);
        ca.setAccepted(ImmutableList.of(rule));
    } else {
        ca = ContributorAgreement.builder("cla-test-no-auto-verify");
    }
    ca.setDescription("description");
    ca.setAgreementUrl("agreement-url");
    ca.setAccepted(ImmutableList.of(rule));
    ca.setExcludeProjectsRegexes(ImmutableList.of("ExcludedProject"));
    try (ProjectConfigUpdate u = updateProject(allProjects)) {
        ContributorAgreement contributorAgreement = ca.build();
        u.getConfig().replace(contributorAgreement);
        u.save();
        return contributorAgreement;
    }
}
Also used : GroupApi(com.google.gerrit.extensions.api.groups.GroupApi) AccountGroup(com.google.gerrit.entities.AccountGroup) PermissionRule(com.google.gerrit.entities.PermissionRule) ContributorAgreement(com.google.gerrit.entities.ContributorAgreement) GroupReference(com.google.gerrit.entities.GroupReference) InternalGroup(com.google.gerrit.entities.InternalGroup)

Aggregations

GroupReference (com.google.gerrit.entities.GroupReference)59 Test (org.junit.Test)24 AccountGroup (com.google.gerrit.entities.AccountGroup)18 AbstractDaemonTest (com.google.gerrit.acceptance.AbstractDaemonTest)8 GroupDescription (com.google.gerrit.entities.GroupDescription)8 InternalGroup (com.google.gerrit.entities.InternalGroup)7 ProjectConfig (com.google.gerrit.server.project.ProjectConfig)7 IOException (java.io.IOException)7 Repository (org.eclipse.jgit.lib.Repository)7 MetaDataUpdate (com.google.gerrit.server.git.meta.MetaDataUpdate)6 Config (org.eclipse.jgit.lib.Config)6 CachedProjectConfig (com.google.gerrit.entities.CachedProjectConfig)5 InMemoryRepository (org.eclipse.jgit.internal.storage.dfs.InMemoryRepository)5 NotifyConfig (com.google.gerrit.entities.NotifyConfig)4 ArrayList (java.util.ArrayList)4 Account (com.google.gerrit.entities.Account)3 BooleanProjectConfig (com.google.gerrit.entities.BooleanProjectConfig)3 Permission (com.google.gerrit.entities.Permission)3 PermissionRule (com.google.gerrit.entities.PermissionRule)3 ProjectAccessInfo (com.google.gerrit.extensions.api.access.ProjectAccessInfo)3