use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class AclUtil method grant.
public static void grant(ProjectConfig config, AccessSection.Builder section, LabelType type, int min, int max, boolean exclusive, GroupReference... groupList) {
String name = Permission.LABEL + type.getName();
Permission.Builder p = section.upsertPermission(name);
p.setExclusiveGroup(exclusive);
for (GroupReference group : groupList) {
if (group != null) {
p.add(rule(config, group).setRange(min, max));
}
}
}
use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class GrantRevertPermission method execute.
public void execute(Project.NameKey projectName) throws IOException, ConfigInvalidException {
GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
try (Repository repo = repoManager.openRepository(projectName)) {
MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, projectName, repo);
ProjectConfig projectConfig = projectConfigFactory.read(md);
AtomicBoolean shouldExit = new AtomicBoolean(false);
projectConfig.upsertAccessSection(AccessSection.HEADS, heads -> {
Permission permissionOnRefsHeads = heads.build().getPermission(Permission.REVERT);
if (permissionOnRefsHeads != null) {
if (permissionOnRefsHeads.getRule(registeredUsers) == null || permissionOnRefsHeads.getRules().size() > 1) {
// If admins already changed the permission, don't do anything.
shouldExit.set(true);
return;
}
// permission already exists in refs/heads/*, delete it for Registered Users.
remove(projectConfig, heads, Permission.REVERT, registeredUsers);
}
});
if (shouldExit.get()) {
return;
}
projectConfig.upsertAccessSection(AccessSection.ALL, all -> {
Permission permissionOnRefsStar = all.build().getPermission(Permission.REVERT);
if (permissionOnRefsStar != null && permissionOnRefsStar.getRule(registeredUsers) != null) {
// permission already exists in refs/*, don't do anything.
return;
}
// If the permission doesn't exist of refs/* for Registered Users, grant it.
grant(projectConfig, all, Permission.REVERT, registeredUsers);
});
md.getCommitBuilder().setAuthor(serverUser);
md.getCommitBuilder().setCommitter(serverUser);
md.setMessage("Add revert permission for all registered users\n");
projectConfig.commit(md);
}
}
use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class Schema_184 method upgrade.
@Override
public void upgrade(Arguments args, UpdateUI ui) throws Exception {
try (Repository allUsersRepo = args.repoManager.openRepository(args.allUsers)) {
AccountGroup.NameKey newName = AccountGroup.nameKey(ServiceUserClassifier.SERVICE_USERS);
Optional<GroupReference> nonInteractiveUsers = GroupNameNotes.loadAllGroups(allUsersRepo).stream().filter(g -> g.getName().equals("Non-Interactive Users")).findAny();
if (!nonInteractiveUsers.isPresent()) {
return;
}
GroupNameNotes newNameNotes = GroupNameNotes.forRename(args.allUsers, allUsersRepo, nonInteractiveUsers.get().getUUID(), AccountGroup.nameKey(nonInteractiveUsers.get().getName()), newName);
GroupConfig groupConfig = GroupConfig.loadForGroup(args.allUsers, allUsersRepo, nonInteractiveUsers.get().getUUID());
groupConfig.setGroupDelta(GroupDelta.builder().setName(newName).build(), AuditLogFormatter.createPartiallyWorkingFallBack());
commit(args.allUsers, args.serverUser, allUsersRepo, groupConfig, newNameNotes);
index(args.groupIndexCollection, groupConfig.getLoadedGroup().orElseThrow(() -> new IllegalStateException("Created group wasn't automatically loaded")));
}
}
use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class SchemaCreatorImpl method create.
@Override
public void create() throws IOException, ConfigInvalidException {
GroupReference admins = createGroupReference("Administrators");
GroupReference serviceUsers = createGroupReference(ServiceUserClassifier.SERVICE_USERS);
AllProjectsInput allProjectsInput = AllProjectsInput.builder().administratorsGroup(admins).serviceUsersGroup(serviceUsers).build();
allProjectsCreator.create(allProjectsInput);
// We have to create the All-Users repository before we can use it to store the groups in it.
allUsersCreator.setAdministrators(admins).create();
// Don't rely on injection to construct Sequences, as the default GitReferenceUpdated has a
// thick dependency stack which may not all be available at schema creation time.
Sequences seqs = new Sequences(config, repoManager, GitReferenceUpdated.DISABLED, allProjectsName, allUsersName, metricMaker);
try (Repository allUsersRepo = repoManager.openRepository(allUsersName)) {
createAdminsGroup(seqs, allUsersRepo, admins);
createBatchUsersGroup(seqs, allUsersRepo, serviceUsers, admins.getUUID());
}
}
use of com.google.gerrit.entities.GroupReference in project gerrit by GerritCodeReview.
the class AgreementsIT method configureContributorAgreement.
protected ContributorAgreement configureContributorAgreement(boolean autoVerify) throws Exception {
ContributorAgreement.Builder ca;
String name = autoVerify ? "cla-test-group" : "cla-test-no-auto-verify-group";
AccountGroup.UUID g = groupOperations.newGroup().name(name).create();
GroupApi groupApi = gApi.groups().id(g.get());
groupApi.description("CLA test group");
InternalGroup caGroup = group(AccountGroup.uuid(groupApi.detail().id));
GroupReference groupRef = GroupReference.create(caGroup.getGroupUUID(), caGroup.getName());
PermissionRule rule = PermissionRule.builder(groupRef).setAction(PermissionRule.Action.ALLOW).build();
if (autoVerify) {
ca = ContributorAgreement.builder("cla-test");
ca.setAutoVerify(groupRef);
ca.setAccepted(ImmutableList.of(rule));
} else {
ca = ContributorAgreement.builder("cla-test-no-auto-verify");
}
ca.setDescription("description");
ca.setAgreementUrl("agreement-url");
ca.setAccepted(ImmutableList.of(rule));
ca.setExcludeProjectsRegexes(ImmutableList.of("ExcludedProject"));
try (ProjectConfigUpdate u = updateProject(allProjects)) {
ContributorAgreement contributorAgreement = ca.build();
u.getConfig().replace(contributorAgreement);
u.save();
return contributorAgreement;
}
}
Aggregations