Example 16 with PermissionRule
use of com.google.gerrit.entities.PermissionRule in project gerrit by GerritCodeReview.
the class RefControl method canPerform.
/**
* True if the user has this permission.
*/
private boolean canPerform(String permissionName, boolean isChangeOwner, boolean withForce) {
if (isBlocked(permissionName, isChangeOwner, withForce)) {
if (logger.atFine().isEnabled() || LoggingContext.getInstance().isAclLogging()) {
String logMessage = String.format("'%s' cannot perform '%s' with force=%s on project '%s' for ref '%s'" + " because this permission is blocked", getUser().getLoggableName(), permissionName, withForce, projectControl.getProject().getName(), refName);
LoggingContext.getInstance().addAclLogRecord(logMessage);
logger.atFine().log("%s (caller: %s)", logMessage, callerFinder.findCallerLazy());
}
return false;
}
for (PermissionRule pr : relevant.getAllowRules(permissionName)) {
if (isAllow(pr, withForce) && projectControl.match(pr, isChangeOwner)) {
if (logger.atFine().isEnabled() || LoggingContext.getInstance().isAclLogging()) {
String logMessage = String.format("'%s' can perform '%s' with force=%s on project '%s' for ref '%s'", getUser().getLoggableName(), permissionName, withForce, projectControl.getProject().getName(), refName);
LoggingContext.getInstance().addAclLogRecord(logMessage);
logger.atFine().log("%s (caller: %s)", logMessage, callerFinder.findCallerLazy());
}
return true;
}
}
if (logger.atFine().isEnabled() || LoggingContext.getInstance().isAclLogging()) {
String logMessage = String.format("'%s' cannot perform '%s' with force=%s on project '%s' for ref '%s'", getUser().getLoggableName(), permissionName, withForce, projectControl.getProject().getName(), refName);
LoggingContext.getInstance().addAclLogRecord(logMessage);
logger.atFine().log("%s (caller: %s)", logMessage, callerFinder.findCallerLazy());
}
return false;
}
Also used :
PermissionRule(com.google.gerrit.entities.PermissionRule)
Example 17 with PermissionRule
use of com.google.gerrit.entities.PermissionRule in project gerrit by GerritCodeReview.
the class RefControl method toRange.
private PermissionRange toRange(String permissionName, boolean isChangeOwner) {
int blockAllowMin = Integer.MIN_VALUE, blockAllowMax = Integer.MAX_VALUE;
projectLoop: for (List<Permission> ps : relevant.getBlockRules(permissionName)) {
boolean blockFound = false;
int projectBlockAllowMin = Integer.MIN_VALUE, projectBlockAllowMax = Integer.MAX_VALUE;
for (Permission p : ps) {
if (p.getExclusiveGroup()) {
for (PermissionRule pr : p.getRules()) {
if (pr.getAction() == Action.ALLOW && projectControl.match(pr, isChangeOwner)) {
// exclusive override, usually for a more specific ref.
continue projectLoop;
}
}
}
for (PermissionRule pr : p.getRules()) {
if (pr.getAction() == Action.BLOCK && projectControl.match(pr, isChangeOwner)) {
projectBlockAllowMin = pr.getMin() + 1;
projectBlockAllowMax = pr.getMax() - 1;
blockFound = true;
}
}
if (blockFound) {
for (PermissionRule pr : p.getRules()) {
if (pr.getAction() == Action.ALLOW && projectControl.match(pr, isChangeOwner)) {
projectBlockAllowMin = pr.getMin();
projectBlockAllowMax = pr.getMax();
break;
}
}
break;
}
}
blockAllowMin = Math.max(projectBlockAllowMin, blockAllowMin);
blockAllowMax = Math.min(projectBlockAllowMax, blockAllowMax);
}
int voteMin = 0, voteMax = 0;
for (PermissionRule pr : relevant.getAllowRules(permissionName)) {
if (pr.getAction() == PermissionRule.Action.ALLOW && projectControl.match(pr, isChangeOwner)) {
// For votes, contrary to normal permissions, we aggregate all applicable rules.
voteMin = Math.min(voteMin, pr.getMin());
voteMax = Math.max(voteMax, pr.getMax());
}
}
return new PermissionRange(permissionName, /* min= */
Math.max(voteMin, blockAllowMin), /* max= */
Math.min(voteMax, blockAllowMax));
}
Also used :
PermissionRange(com.google.gerrit.entities.PermissionRange)
PermissionRule(com.google.gerrit.entities.PermissionRule)
Permission(com.google.gerrit.entities.Permission)
ImmutableList(com.google.common.collect.ImmutableList)
List(java.util.List)
Example 18 with PermissionRule
use of com.google.gerrit.entities.PermissionRule in project gerrit by GerritCodeReview.
the class PermissionRuleSerializerTest method roundTrip.
@Test
public void roundTrip() {
PermissionRule permissionRuleAutoValue = PermissionRule.builder(GroupReference.create("name")).setAction(PermissionRule.Action.BATCH).setForce(!PermissionRule.DEF_FORCE).setMax(321).setMin(123).build();
assertThat(deserialize(serialize(permissionRuleAutoValue))).isEqualTo(permissionRuleAutoValue);
}
Also used :
PermissionRule(com.google.gerrit.entities.PermissionRule)
Test(org.junit.Test)
Aggregations
PermissionRule (com.google.gerrit.entities.PermissionRule)18
Permission (com.google.gerrit.entities.Permission)7
ArrayList (java.util.ArrayList)6
AccessSection (com.google.gerrit.entities.AccessSection)5
ContributorAgreement (com.google.gerrit.entities.ContributorAgreement)4
GroupReference (com.google.gerrit.entities.GroupReference)3
AuthException (com.google.gerrit.extensions.restapi.AuthException)3
HashSet (java.util.HashSet)3
ImmutableList (com.google.common.collect.ImmutableList)2
AccountGroup (com.google.gerrit.entities.AccountGroup)2
PermissionRange (com.google.gerrit.entities.PermissionRange)2
IdentifiedUser (com.google.gerrit.server.IdentifiedUser)2
MetaDataUpdate (com.google.gerrit.server.git.meta.MetaDataUpdate)2
GlobalPermission (com.google.gerrit.server.permissions.GlobalPermission)2
ProjectPermission (com.google.gerrit.server.permissions.ProjectPermission)2
RefPermission (com.google.gerrit.server.permissions.RefPermission)2
ProjectConfig (com.google.gerrit.server.project.ProjectConfig)2
ProjectState (com.google.gerrit.server.project.ProjectState)2
IOException (java.io.IOException)2
List (java.util.List)2
