Search in sources :

Example 16 with Permission

use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.

the class ProjectControl method canPerformOnTagRef.

private boolean canPerformOnTagRef(String permissionName) {
    for (SectionMatcher matcher : access()) {
        AccessSection section = matcher.getSection();
        if (section.getName().startsWith(REFS_TAGS) || section.getName().startsWith(REGEX_PREFIX + REFS_TAGS)) {
            Permission permission = section.getPermission(permissionName);
            if (permission == null) {
                continue;
            }
            Boolean can = canPerform(permissionName, section, permission);
            if (can != null) {
                return can;
            }
        }
    }
    return false;
}
Also used : Permission(com.google.gerrit.entities.Permission) CoreOrPluginProjectPermission(com.google.gerrit.extensions.api.access.CoreOrPluginProjectPermission) PluginProjectPermission(com.google.gerrit.extensions.api.access.PluginProjectPermission) SectionMatcher(com.google.gerrit.server.project.SectionMatcher) AccessSection(com.google.gerrit.entities.AccessSection)

Example 17 with Permission

use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.

the class RefControl method toRange.

private PermissionRange toRange(String permissionName, boolean isChangeOwner) {
    int blockAllowMin = Integer.MIN_VALUE, blockAllowMax = Integer.MAX_VALUE;
    projectLoop: for (List<Permission> ps : relevant.getBlockRules(permissionName)) {
        boolean blockFound = false;
        int projectBlockAllowMin = Integer.MIN_VALUE, projectBlockAllowMax = Integer.MAX_VALUE;
        for (Permission p : ps) {
            if (p.getExclusiveGroup()) {
                for (PermissionRule pr : p.getRules()) {
                    if (pr.getAction() == Action.ALLOW && projectControl.match(pr, isChangeOwner)) {
                        // exclusive override, usually for a more specific ref.
                        continue projectLoop;
                    }
                }
            }
            for (PermissionRule pr : p.getRules()) {
                if (pr.getAction() == Action.BLOCK && projectControl.match(pr, isChangeOwner)) {
                    projectBlockAllowMin = pr.getMin() + 1;
                    projectBlockAllowMax = pr.getMax() - 1;
                    blockFound = true;
                }
            }
            if (blockFound) {
                for (PermissionRule pr : p.getRules()) {
                    if (pr.getAction() == Action.ALLOW && projectControl.match(pr, isChangeOwner)) {
                        projectBlockAllowMin = pr.getMin();
                        projectBlockAllowMax = pr.getMax();
                        break;
                    }
                }
                break;
            }
        }
        blockAllowMin = Math.max(projectBlockAllowMin, blockAllowMin);
        blockAllowMax = Math.min(projectBlockAllowMax, blockAllowMax);
    }
    int voteMin = 0, voteMax = 0;
    for (PermissionRule pr : relevant.getAllowRules(permissionName)) {
        if (pr.getAction() == PermissionRule.Action.ALLOW && projectControl.match(pr, isChangeOwner)) {
            // For votes, contrary to normal permissions, we aggregate all applicable rules.
            voteMin = Math.min(voteMin, pr.getMin());
            voteMax = Math.max(voteMax, pr.getMax());
        }
    }
    return new PermissionRange(permissionName, /* min= */
    Math.max(voteMin, blockAllowMin), /* max= */
    Math.min(voteMax, blockAllowMax));
}
Also used : PermissionRange(com.google.gerrit.entities.PermissionRange) PermissionRule(com.google.gerrit.entities.PermissionRule) Permission(com.google.gerrit.entities.Permission) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List)

Example 18 with Permission

use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.

the class AccessIT method grantRevertPermissionOnlyWorksOnce.

@Test
public void grantRevertPermissionOnlyWorksOnce() throws Exception {
    grantRevertPermission.execute(newProjectName);
    grantRevertPermission.execute(newProjectName);
    try (Repository repo = repoManager.openRepository(newProjectName)) {
        MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, newProjectName, repo);
        ProjectConfig projectConfig = projectConfigFactory.read(md);
        AccessSection all = projectConfig.getAccessSection(AccessSection.ALL);
        Permission permission = all.getPermission(Permission.REVERT);
        assertThat(permission.getRules()).hasSize(1);
    }
}
Also used : ProjectConfig(com.google.gerrit.server.project.ProjectConfig) InMemoryRepository(org.eclipse.jgit.internal.storage.dfs.InMemoryRepository) TestRepository(org.eclipse.jgit.junit.TestRepository) Repository(org.eclipse.jgit.lib.Repository) GrantRevertPermission(com.google.gerrit.server.schema.GrantRevertPermission) Permission(com.google.gerrit.entities.Permission) AccessSection(com.google.gerrit.entities.AccessSection) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Test(org.junit.Test)

Example 19 with Permission

use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.

the class CheckAccessIT method noRules.

@Test
@Sandboxed
public void noRules() throws Exception {
    normalProject = projectOperations.newProject().create();
    for (AccessSection section : projectOperations.project(allProjectsName).getProjectConfig().getAccessSections()) {
        if (!section.getName().startsWith(Constants.R_REFS)) {
            continue;
        }
        for (Permission permission : section.getPermissions()) {
            projectOperations.project(allProjectsName).forUpdate().remove(permissionKey(permission.getName()).ref(section.getName()).build()).update();
        }
    }
    AccessCheckInput input = new AccessCheckInput();
    input.account = privilegedUser.email();
    input.permission = Permission.READ;
    input.ref = "refs/heads/main";
    AccessCheckInfo info = gApi.projects().name(normalProject.get()).checkAccess(input);
    assertThat(info.status).isEqualTo(403);
    assertThat(info.debugLogs).isNotEmpty();
    assertThat(info.debugLogs.get(0)).contains("Found no rules");
}
Also used : AccessCheckInput(com.google.gerrit.extensions.api.config.AccessCheckInput) AccessCheckInfo(com.google.gerrit.extensions.api.config.AccessCheckInfo) Permission(com.google.gerrit.entities.Permission) AccessSection(com.google.gerrit.entities.AccessSection) Test(org.junit.Test) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Sandboxed(com.google.gerrit.acceptance.Sandboxed)

Example 20 with Permission

use of com.google.gerrit.entities.Permission in project gerrit by GerritCodeReview.

the class PermissionSerializerTest method roundTripWithMinimalValues.

@Test
public void roundTripWithMinimalValues() {
    Permission permission = Permission.builder(Permission.ABANDON).build();
    assertThat(deserialize(serialize(permission))).isEqualTo(permission);
}
Also used : Permission(com.google.gerrit.entities.Permission) Test(org.junit.Test)

Aggregations

Permission (com.google.gerrit.entities.Permission)21 AccessSection (com.google.gerrit.entities.AccessSection)16 PermissionRule (com.google.gerrit.entities.PermissionRule)9 MetaDataUpdate (com.google.gerrit.server.git.meta.MetaDataUpdate)5 ArrayList (java.util.ArrayList)5 HashSet (java.util.HashSet)5 ProjectConfig (com.google.gerrit.server.project.ProjectConfig)4 List (java.util.List)4 ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)4 ImmutableList (com.google.common.collect.ImmutableList)3 Sets (com.google.common.collect.Sets)3 FluentLogger (com.google.common.flogger.FluentLogger)3 AccountGroup (com.google.gerrit.entities.AccountGroup)3 GroupReference (com.google.gerrit.entities.GroupReference)3 CoreOrPluginProjectPermission (com.google.gerrit.extensions.api.access.CoreOrPluginProjectPermission)3 PluginProjectPermission (com.google.gerrit.extensions.api.access.PluginProjectPermission)3 Repository (org.eclipse.jgit.lib.Repository)3 Test (org.junit.Test)3 VisibleForTesting (com.google.common.annotations.VisibleForTesting)2 Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)2