use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.
the class ProjectControl method canPerformOnTagRef.
private boolean canPerformOnTagRef(String permissionName) {
for (SectionMatcher matcher : access()) {
AccessSection section = matcher.getSection();
if (section.getName().startsWith(REFS_TAGS) || section.getName().startsWith(REGEX_PREFIX + REFS_TAGS)) {
Permission permission = section.getPermission(permissionName);
if (permission == null) {
continue;
}
Boolean can = canPerform(permissionName, section, permission);
if (can != null) {
return can;
}
}
}
return false;
}
use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.
the class RefControl method toRange.
private PermissionRange toRange(String permissionName, boolean isChangeOwner) {
int blockAllowMin = Integer.MIN_VALUE, blockAllowMax = Integer.MAX_VALUE;
projectLoop: for (List<Permission> ps : relevant.getBlockRules(permissionName)) {
boolean blockFound = false;
int projectBlockAllowMin = Integer.MIN_VALUE, projectBlockAllowMax = Integer.MAX_VALUE;
for (Permission p : ps) {
if (p.getExclusiveGroup()) {
for (PermissionRule pr : p.getRules()) {
if (pr.getAction() == Action.ALLOW && projectControl.match(pr, isChangeOwner)) {
// exclusive override, usually for a more specific ref.
continue projectLoop;
}
}
}
for (PermissionRule pr : p.getRules()) {
if (pr.getAction() == Action.BLOCK && projectControl.match(pr, isChangeOwner)) {
projectBlockAllowMin = pr.getMin() + 1;
projectBlockAllowMax = pr.getMax() - 1;
blockFound = true;
}
}
if (blockFound) {
for (PermissionRule pr : p.getRules()) {
if (pr.getAction() == Action.ALLOW && projectControl.match(pr, isChangeOwner)) {
projectBlockAllowMin = pr.getMin();
projectBlockAllowMax = pr.getMax();
break;
}
}
break;
}
}
blockAllowMin = Math.max(projectBlockAllowMin, blockAllowMin);
blockAllowMax = Math.min(projectBlockAllowMax, blockAllowMax);
}
int voteMin = 0, voteMax = 0;
for (PermissionRule pr : relevant.getAllowRules(permissionName)) {
if (pr.getAction() == PermissionRule.Action.ALLOW && projectControl.match(pr, isChangeOwner)) {
// For votes, contrary to normal permissions, we aggregate all applicable rules.
voteMin = Math.min(voteMin, pr.getMin());
voteMax = Math.max(voteMax, pr.getMax());
}
}
return new PermissionRange(permissionName, /* min= */
Math.max(voteMin, blockAllowMin), /* max= */
Math.min(voteMax, blockAllowMax));
}
use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.
the class AccessIT method grantRevertPermissionOnlyWorksOnce.
@Test
public void grantRevertPermissionOnlyWorksOnce() throws Exception {
grantRevertPermission.execute(newProjectName);
grantRevertPermission.execute(newProjectName);
try (Repository repo = repoManager.openRepository(newProjectName)) {
MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, newProjectName, repo);
ProjectConfig projectConfig = projectConfigFactory.read(md);
AccessSection all = projectConfig.getAccessSection(AccessSection.ALL);
Permission permission = all.getPermission(Permission.REVERT);
assertThat(permission.getRules()).hasSize(1);
}
}
use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.
the class CheckAccessIT method noRules.
@Test
@Sandboxed
public void noRules() throws Exception {
normalProject = projectOperations.newProject().create();
for (AccessSection section : projectOperations.project(allProjectsName).getProjectConfig().getAccessSections()) {
if (!section.getName().startsWith(Constants.R_REFS)) {
continue;
}
for (Permission permission : section.getPermissions()) {
projectOperations.project(allProjectsName).forUpdate().remove(permissionKey(permission.getName()).ref(section.getName()).build()).update();
}
}
AccessCheckInput input = new AccessCheckInput();
input.account = privilegedUser.email();
input.permission = Permission.READ;
input.ref = "refs/heads/main";
AccessCheckInfo info = gApi.projects().name(normalProject.get()).checkAccess(input);
assertThat(info.status).isEqualTo(403);
assertThat(info.debugLogs).isNotEmpty();
assertThat(info.debugLogs.get(0)).contains("Found no rules");
}
use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.
the class PermissionSerializerTest method roundTripWithMinimalValues.
@Test
public void roundTripWithMinimalValues() {
Permission permission = Permission.builder(Permission.ABANDON).build();
assertThat(deserialize(serialize(permission))).isEqualTo(permission);
}
Aggregations