Search in sources :

Example 1 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class AccessIT method addGlobalCapabilityAsAdmin.

@Test
public void addGlobalCapabilityAsAdmin() throws Exception {
    ProjectAccessInput accessInput = newProjectAccessInput();
    AccessSectionInfo accessSectionInfo = createDefaultGlobalCapabilitiesAccessSectionInfo();
    accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
    ProjectAccessInfo updatedAccessSectionInfo = gApi.projects().name(allProjects.get()).access(accessInput);
    assertThat(updatedAccessSectionInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsAllIn(accessSectionInfo.permissions.keySet());
}
Also used : ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput) Test(org.junit.Test) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)

Example 2 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class GetAccess method apply.

@Override
public ProjectAccessInfo apply(ProjectResource rsrc) throws ResourceNotFoundException, ResourceConflictException, IOException {
    // Load the current configuration from the repository, ensuring it's the most
    // recent version available. If it differs from what was in the project
    // state, force a cache flush now.
    //
    Project.NameKey projectName = rsrc.getNameKey();
    ProjectAccessInfo info = new ProjectAccessInfo();
    ProjectConfig config;
    ProjectControl pc = createProjectControl(projectName);
    RefControl metaConfigControl = pc.controlForRef(RefNames.REFS_CONFIG);
    try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
        config = ProjectConfig.read(md);
        if (config.updateGroupNames(groupBackend)) {
            md.setMessage("Update group names\n");
            config.commit(md);
            projectCache.evict(config.getProject());
            pc = createProjectControl(projectName);
        } else if (config.getRevision() != null && !config.getRevision().equals(pc.getProjectState().getConfig().getRevision())) {
            projectCache.evict(config.getProject());
            pc = createProjectControl(projectName);
        }
    } catch (ConfigInvalidException e) {
        throw new ResourceConflictException(e.getMessage());
    } catch (RepositoryNotFoundException e) {
        throw new ResourceNotFoundException(rsrc.getName());
    }
    info.local = new HashMap<>();
    info.ownerOf = new HashSet<>();
    Map<AccountGroup.UUID, Boolean> visibleGroups = new HashMap<>();
    for (AccessSection section : config.getAccessSections()) {
        String name = section.getName();
        if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
            if (pc.isOwner()) {
                info.local.put(name, createAccessSection(section));
                info.ownerOf.add(name);
            } else if (metaConfigControl.isVisible()) {
                info.local.put(section.getName(), createAccessSection(section));
            }
        } else if (RefConfigSection.isValid(name)) {
            RefControl rc = pc.controlForRef(name);
            if (rc.isOwner()) {
                info.local.put(name, createAccessSection(section));
                info.ownerOf.add(name);
            } else if (metaConfigControl.isVisible()) {
                info.local.put(name, createAccessSection(section));
            } else if (rc.isVisible()) {
                // Filter the section to only add rules describing groups that
                // are visible to the current-user. This includes any group the
                // user is a member of, as well as groups they own or that
                // are visible to all users.
                AccessSection dst = null;
                for (Permission srcPerm : section.getPermissions()) {
                    Permission dstPerm = null;
                    for (PermissionRule srcRule : srcPerm.getRules()) {
                        AccountGroup.UUID group = srcRule.getGroup().getUUID();
                        if (group == null) {
                            continue;
                        }
                        Boolean canSeeGroup = visibleGroups.get(group);
                        if (canSeeGroup == null) {
                            try {
                                canSeeGroup = groupControlFactory.controlFor(group).isVisible();
                            } catch (NoSuchGroupException e) {
                                canSeeGroup = Boolean.FALSE;
                            }
                            visibleGroups.put(group, canSeeGroup);
                        }
                        if (canSeeGroup) {
                            if (dstPerm == null) {
                                if (dst == null) {
                                    dst = new AccessSection(name);
                                    info.local.put(name, createAccessSection(dst));
                                }
                                dstPerm = dst.getPermission(srcPerm.getName(), true);
                            }
                            dstPerm.add(srcRule);
                        }
                    }
                }
            }
        }
    }
    if (info.ownerOf.isEmpty() && pc.isOwnerAnyRef()) {
        // Special case: If the section list is empty, this project has no current
        // access control information. Rely on what ProjectControl determines
        // is ownership, which probably means falling back to site administrators.
        info.ownerOf.add(AccessSection.ALL);
    }
    if (config.getRevision() != null) {
        info.revision = config.getRevision().name();
    }
    ProjectState parent = Iterables.getFirst(pc.getProjectState().parents(), null);
    if (parent != null) {
        info.inheritsFrom = projectJson.format(parent.getProject());
    }
    if (pc.getProject().getNameKey().equals(allProjectsName)) {
        if (pc.isOwner()) {
            info.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
        }
    }
    info.isOwner = toBoolean(pc.isOwner());
    info.canUpload = toBoolean(pc.isOwner() || (metaConfigControl.isVisible() && metaConfigControl.canUpload()));
    info.canAdd = toBoolean(pc.canAddRefs());
    info.configVisible = pc.isOwner() || metaConfigControl.isVisible();
    return info;
}
Also used : ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException) HashMap(java.util.HashMap) PermissionRule(com.google.gerrit.common.data.PermissionRule) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) RepositoryNotFoundException(org.eclipse.jgit.errors.RepositoryNotFoundException) AccessSection(com.google.gerrit.common.data.AccessSection) NoSuchGroupException(com.google.gerrit.common.errors.NoSuchGroupException) ProjectConfig(com.google.gerrit.server.git.ProjectConfig) Project(com.google.gerrit.reviewdb.client.Project) ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException) Permission(com.google.gerrit.common.data.Permission) ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)

Example 3 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class AccessIT method listAccess_withUrlEncodedProjectName.

@Test
public void listAccess_withUrlEncodedProjectName() throws Exception {
    String fooBarBazProjectName = name("foo/bar/baz");
    ProjectInput in = new ProjectInput();
    in.name = fooBarBazProjectName;
    gApi.projects().create(in);
    RestResponse r = adminRestSession.get("/access/?project=" + IdString.fromDecoded(fooBarBazProjectName));
    r.assertOK();
    Map<String, ProjectAccessInfo> infoByProject = newGson().fromJson(r.getReader(), new TypeToken<Map<String, ProjectAccessInfo>>() {
    }.getType());
    assertThat(infoByProject.keySet()).containsExactly(fooBarBazProjectName);
}
Also used : ProjectInput(com.google.gerrit.extensions.api.projects.ProjectInput) RestResponse(com.google.gerrit.acceptance.RestResponse) TypeToken(com.google.gson.reflect.TypeToken) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) IdString(com.google.gerrit.extensions.restapi.IdString) Test(org.junit.Test) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)

Example 4 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class AccessIT method listAccessWithoutSpecifyingProject.

@Test
public void listAccessWithoutSpecifyingProject() throws Exception {
    RestResponse r = adminRestSession.get("/access/");
    r.assertOK();
    Map<String, ProjectAccessInfo> infoByProject = newGson().fromJson(r.getReader(), new TypeToken<Map<String, ProjectAccessInfo>>() {
    }.getType());
    assertThat(infoByProject).isEmpty();
}
Also used : RestResponse(com.google.gerrit.acceptance.RestResponse) TypeToken(com.google.gson.reflect.TypeToken) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) IdString(com.google.gerrit.extensions.restapi.IdString) Test(org.junit.Test) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)

Example 5 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class AccessIT method grantRevertPermissionByOnNewRefAndDeletingOnOldRef.

@Test
public void grantRevertPermissionByOnNewRefAndDeletingOnOldRef() throws Exception {
    String refsHeads = "refs/heads/*";
    String refsStar = "refs/*";
    String groupId = "global:Registered-Users";
    GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
    try (Repository repo = repoManager.openRepository(newProjectName)) {
        MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, newProjectName, repo);
        ProjectConfig projectConfig = projectConfigFactory.read(md);
        projectConfig.upsertAccessSection(AccessSection.HEADS, heads -> {
            grant(projectConfig, heads, Permission.REVERT, registeredUsers);
        });
        md.getCommitBuilder().setAuthor(admin.newIdent());
        md.getCommitBuilder().setCommitter(admin.newIdent());
        md.setMessage("Add revert permission for all registered users\n");
        projectConfig.commit(md);
    }
    grantRevertPermission.execute(newProjectName);
    ProjectAccessInfo info = pApi().access();
    // Revert permission is removed on refs/heads/*.
    assertThat(info.local.containsKey(refsHeads)).isTrue();
    AccessSectionInfo accessSectionInfo = info.local.get(refsHeads);
    assertThat(accessSectionInfo.permissions.containsKey(Permission.REVERT)).isFalse();
    // new permission is added on refs/* with Registered-Users.
    assertThat(info.local.containsKey(refsStar)).isTrue();
    accessSectionInfo = info.local.get(refsStar);
    assertThat(accessSectionInfo.permissions.containsKey(Permission.REVERT)).isTrue();
    PermissionInfo permissionInfo = accessSectionInfo.permissions.get(Permission.REVERT);
    assertThat(permissionInfo.rules.containsKey(groupId)).isTrue();
    PermissionRuleInfo permissionRuleInfo = permissionInfo.rules.get(groupId);
    assertThat(permissionRuleInfo.action).isEqualTo(PermissionRuleInfo.Action.ALLOW);
}
Also used : ProjectConfig(com.google.gerrit.server.project.ProjectConfig) InMemoryRepository(org.eclipse.jgit.internal.storage.dfs.InMemoryRepository) TestRepository(org.eclipse.jgit.junit.TestRepository) Repository(org.eclipse.jgit.lib.Repository) PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) GroupReference(com.google.gerrit.entities.GroupReference) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Test(org.junit.Test)

Aggregations

ProjectAccessInfo (com.google.gerrit.extensions.api.access.ProjectAccessInfo)23 AbstractDaemonTest (com.google.gerrit.acceptance.AbstractDaemonTest)20 Test (org.junit.Test)20 AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)11 PermissionInfo (com.google.gerrit.extensions.api.access.PermissionInfo)9 ProjectAccessInput (com.google.gerrit.extensions.api.access.ProjectAccessInput)9 PermissionRuleInfo (com.google.gerrit.extensions.api.access.PermissionRuleInfo)7 IdString (com.google.gerrit.extensions.restapi.IdString)6 RestResponse (com.google.gerrit.acceptance.RestResponse)5 ProjectConfig (com.google.gerrit.server.project.ProjectConfig)5 TypeToken (com.google.gson.reflect.TypeToken)5 GroupReference (com.google.gerrit.entities.GroupReference)4 InMemoryRepository (org.eclipse.jgit.internal.storage.dfs.InMemoryRepository)4 Registration (com.google.gerrit.acceptance.ExtensionRegistry.Registration)3 ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)3 MetaDataUpdate (com.google.gerrit.server.git.meta.MetaDataUpdate)3 PushOneCommit (com.google.gerrit.acceptance.PushOneCommit)2 Project (com.google.gerrit.entities.Project)2 GroupInfo (com.google.gerrit.extensions.common.GroupInfo)2 AuthException (com.google.gerrit.extensions.restapi.AuthException)2