use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method addGlobalCapabilityAsAdmin.
@Test
public void addGlobalCapabilityAsAdmin() throws Exception {
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSectionInfo = createDefaultGlobalCapabilitiesAccessSectionInfo();
accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
ProjectAccessInfo updatedAccessSectionInfo = gApi.projects().name(allProjects.get()).access(accessInput);
assertThat(updatedAccessSectionInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsAllIn(accessSectionInfo.permissions.keySet());
}
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class GetAccess method apply.
@Override
public ProjectAccessInfo apply(ProjectResource rsrc) throws ResourceNotFoundException, ResourceConflictException, IOException {
// Load the current configuration from the repository, ensuring it's the most
// recent version available. If it differs from what was in the project
// state, force a cache flush now.
//
Project.NameKey projectName = rsrc.getNameKey();
ProjectAccessInfo info = new ProjectAccessInfo();
ProjectConfig config;
ProjectControl pc = createProjectControl(projectName);
RefControl metaConfigControl = pc.controlForRef(RefNames.REFS_CONFIG);
try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
config = ProjectConfig.read(md);
if (config.updateGroupNames(groupBackend)) {
md.setMessage("Update group names\n");
config.commit(md);
projectCache.evict(config.getProject());
pc = createProjectControl(projectName);
} else if (config.getRevision() != null && !config.getRevision().equals(pc.getProjectState().getConfig().getRevision())) {
projectCache.evict(config.getProject());
pc = createProjectControl(projectName);
}
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(e.getMessage());
} catch (RepositoryNotFoundException e) {
throw new ResourceNotFoundException(rsrc.getName());
}
info.local = new HashMap<>();
info.ownerOf = new HashSet<>();
Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
for (AccessSection section : config.getAccessSections()) {
String name = section.getName();
if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
if (pc.isOwner()) {
info.local.put(name, createAccessSection(section));
info.ownerOf.add(name);
} else if (metaConfigControl.isVisible()) {
info.local.put(section.getName(), createAccessSection(section));
}
} else if (RefConfigSection.isValid(name)) {
RefControl rc = pc.controlForRef(name);
if (rc.isOwner()) {
info.local.put(name, createAccessSection(section));
info.ownerOf.add(name);
} else if (metaConfigControl.isVisible()) {
info.local.put(name, createAccessSection(section));
} else if (rc.isVisible()) {
// Filter the section to only add rules describing groups that
// are visible to the current-user. This includes any group the
// user is a member of, as well as groups they own or that
// are visible to all users.
AccessSection dst = null;
for (Permission srcPerm : section.getPermissions()) {
Permission dstPerm = null;
for (PermissionRule srcRule : srcPerm.getRules()) {
AccountGroup.UUID group = srcRule.getGroup().getUUID();
if (group == null) {
continue;
}
Boolean canSeeGroup = visibleGroups.get(group);
if (canSeeGroup == null) {
try {
canSeeGroup = groupControlFactory.controlFor(group).isVisible();
} catch (NoSuchGroupException e) {
canSeeGroup = Boolean.FALSE;
}
visibleGroups.put(group, canSeeGroup);
}
if (canSeeGroup) {
if (dstPerm == null) {
if (dst == null) {
dst = new AccessSection(name);
info.local.put(name, createAccessSection(dst));
}
dstPerm = dst.getPermission(srcPerm.getName(), true);
}
dstPerm.add(srcRule);
}
}
}
}
}
}
if (info.ownerOf.isEmpty() && pc.isOwnerAnyRef()) {
// Special case: If the section list is empty, this project has no current
// access control information. Rely on what ProjectControl determines
// is ownership, which probably means falling back to site administrators.
info.ownerOf.add(AccessSection.ALL);
}
if (config.getRevision() != null) {
info.revision = config.getRevision().name();
}
ProjectState parent = Iterables.getFirst(pc.getProjectState().parents(), null);
if (parent != null) {
info.inheritsFrom = projectJson.format(parent.getProject());
}
if (pc.getProject().getNameKey().equals(allProjectsName)) {
if (pc.isOwner()) {
info.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
}
}
info.isOwner = toBoolean(pc.isOwner());
info.canUpload = toBoolean(pc.isOwner() || (metaConfigControl.isVisible() && metaConfigControl.canUpload()));
info.canAdd = toBoolean(pc.canAddRefs());
info.configVisible = pc.isOwner() || metaConfigControl.isVisible();
return info;
}
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method listAccess_withUrlEncodedProjectName.
@Test
public void listAccess_withUrlEncodedProjectName() throws Exception {
String fooBarBazProjectName = name("foo/bar/baz");
ProjectInput in = new ProjectInput();
in.name = fooBarBazProjectName;
gApi.projects().create(in);
RestResponse r = adminRestSession.get("/access/?project=" + IdString.fromDecoded(fooBarBazProjectName));
r.assertOK();
Map<String, ProjectAccessInfo> infoByProject = newGson().fromJson(r.getReader(), new TypeToken<Map<String, ProjectAccessInfo>>() {
}.getType());
assertThat(infoByProject.keySet()).containsExactly(fooBarBazProjectName);
}
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method listAccessWithoutSpecifyingProject.
@Test
public void listAccessWithoutSpecifyingProject() throws Exception {
RestResponse r = adminRestSession.get("/access/");
r.assertOK();
Map<String, ProjectAccessInfo> infoByProject = newGson().fromJson(r.getReader(), new TypeToken<Map<String, ProjectAccessInfo>>() {
}.getType());
assertThat(infoByProject).isEmpty();
}
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method grantRevertPermissionByOnNewRefAndDeletingOnOldRef.
@Test
public void grantRevertPermissionByOnNewRefAndDeletingOnOldRef() throws Exception {
String refsHeads = "refs/heads/*";
String refsStar = "refs/*";
String groupId = "global:Registered-Users";
GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
try (Repository repo = repoManager.openRepository(newProjectName)) {
MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, newProjectName, repo);
ProjectConfig projectConfig = projectConfigFactory.read(md);
projectConfig.upsertAccessSection(AccessSection.HEADS, heads -> {
grant(projectConfig, heads, Permission.REVERT, registeredUsers);
});
md.getCommitBuilder().setAuthor(admin.newIdent());
md.getCommitBuilder().setCommitter(admin.newIdent());
md.setMessage("Add revert permission for all registered users\n");
projectConfig.commit(md);
}
grantRevertPermission.execute(newProjectName);
ProjectAccessInfo info = pApi().access();
// Revert permission is removed on refs/heads/*.
assertThat(info.local.containsKey(refsHeads)).isTrue();
AccessSectionInfo accessSectionInfo = info.local.get(refsHeads);
assertThat(accessSectionInfo.permissions.containsKey(Permission.REVERT)).isFalse();
// new permission is added on refs/* with Registered-Users.
assertThat(info.local.containsKey(refsStar)).isTrue();
accessSectionInfo = info.local.get(refsStar);
assertThat(accessSectionInfo.permissions.containsKey(Permission.REVERT)).isTrue();
PermissionInfo permissionInfo = accessSectionInfo.permissions.get(Permission.REVERT);
assertThat(permissionInfo.rules.containsKey(groupId)).isTrue();
PermissionRuleInfo permissionRuleInfo = permissionInfo.rules.get(groupId);
assertThat(permissionRuleInfo.action).isEqualTo(PermissionRuleInfo.Action.ALLOW);
}
Aggregations