Example 6 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method addGlobalCapabilityAsAdmin.
@Test
public void addGlobalCapabilityAsAdmin() throws Exception {
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSectionInfo = createDefaultGlobalCapabilitiesAccessSectionInfo();
accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
ProjectAccessInfo updatedAccessSectionInfo = gApi.projects().name(allProjects.get()).access(accessInput);
assertThatMap(updatedAccessSectionInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions).keys().containsAtLeastElementsIn(accessSectionInfo.permissions.keySet());
}
Also used :
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo)
ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput)
AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)
Test(org.junit.Test)
Example 7 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method grantRevertPermissionDoesntDeleteAdminsPreferences.
@Test
public void grantRevertPermissionDoesntDeleteAdminsPreferences() throws Exception {
GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
GroupReference otherGroup = systemGroupBackend.getGroup(ANONYMOUS_USERS);
try (Repository repo = repoManager.openRepository(newProjectName)) {
MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, newProjectName, repo);
ProjectConfig projectConfig = projectConfigFactory.read(md);
projectConfig.upsertAccessSection(AccessSection.HEADS, heads -> {
grant(projectConfig, heads, Permission.REVERT, registeredUsers);
grant(projectConfig, heads, Permission.REVERT, otherGroup);
});
md.getCommitBuilder().setAuthor(admin.newIdent());
md.getCommitBuilder().setCommitter(admin.newIdent());
md.setMessage("Add revert permission for all registered users\n");
projectConfig.commit(md);
}
projectCache.evict(newProjectName);
ProjectAccessInfo expected = pApi().access();
grantRevertPermission.execute(newProjectName);
projectCache.evict(newProjectName);
ProjectAccessInfo actual = pApi().access();
// Permissions don't change
assertThat(actual.local).isEqualTo(expected.local);
}
Also used :
ProjectConfig(com.google.gerrit.server.project.ProjectConfig)
InMemoryRepository(org.eclipse.jgit.internal.storage.dfs.InMemoryRepository)
TestRepository(org.eclipse.jgit.junit.TestRepository)
Repository(org.eclipse.jgit.lib.Repository)
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
GroupReference(com.google.gerrit.entities.GroupReference)
MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate)
AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)
Test(org.junit.Test)
Example 8 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method permissionsGroupMap.
@Test
public void permissionsGroupMap() throws Exception {
// Add initial permission set
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSection = newAccessSectionInfo();
PermissionInfo push = newPermissionInfo();
PermissionRuleInfo pri = new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false);
push.rules.put(SystemGroupBackend.PROJECT_OWNERS.get(), pri);
accessSection.permissions.put(Permission.PUSH, push);
PermissionInfo read = newPermissionInfo();
pri = new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false);
read.rules.put(SystemGroupBackend.ANONYMOUS_USERS.get(), pri);
accessSection.permissions.put(Permission.READ, read);
accessInput.add.put(REFS_ALL, accessSection);
ProjectAccessInfo result = pApi().access(accessInput);
assertThatMap(result.groups).keys().containsExactly(SystemGroupBackend.PROJECT_OWNERS.get(), SystemGroupBackend.ANONYMOUS_USERS.get());
// Check the name, which is what the UI cares about; exhaustive
// coverage of GroupInfo should be in groups REST API tests.
assertThat(result.groups.get(SystemGroupBackend.PROJECT_OWNERS.get()).name).isEqualTo("Project Owners");
// Strip the ID, since it is in the key.
assertThat(result.groups.get(SystemGroupBackend.PROJECT_OWNERS.get()).id).isNull();
// Get call returns groups too.
ProjectAccessInfo loggedInResult = pApi().access();
assertThatMap(loggedInResult.groups).keys().containsExactly(SystemGroupBackend.PROJECT_OWNERS.get(), SystemGroupBackend.ANONYMOUS_USERS.get());
GroupInfo owners = loggedInResult.groups.get(SystemGroupBackend.PROJECT_OWNERS.get());
assertThat(owners.name).isEqualTo("Project Owners");
assertThat(owners.id).isNull();
assertThat(owners.members).isNull();
assertThat(owners.includes).isNull();
// PROJECT_OWNERS is invisible to anonymous user, but GetAccess disregards visibility.
requestScopeOperations.setApiUserAnonymous();
ProjectAccessInfo anonResult = pApi().access();
assertThatMap(anonResult.groups).keys().containsExactly(SystemGroupBackend.PROJECT_OWNERS.get(), SystemGroupBackend.ANONYMOUS_USERS.get());
}
Also used :
PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo)
GroupInfo(com.google.gerrit.extensions.common.GroupInfo)
PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo)
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo)
ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput)
AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)
Test(org.junit.Test)
Example 9 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method grantRevertPermission.
@Test
public void grantRevertPermission() throws Exception {
String ref = "refs/*";
String groupId = "global:Registered-Users";
grantRevertPermission.execute(newProjectName);
ProjectAccessInfo info = pApi().access();
assertThat(info.local.containsKey(ref)).isTrue();
AccessSectionInfo accessSectionInfo = info.local.get(ref);
assertThat(accessSectionInfo.permissions.containsKey(Permission.REVERT)).isTrue();
PermissionInfo permissionInfo = accessSectionInfo.permissions.get(Permission.REVERT);
assertThat(permissionInfo.rules.containsKey(groupId)).isTrue();
PermissionRuleInfo permissionRuleInfo = permissionInfo.rules.get(groupId);
assertThat(permissionRuleInfo.action).isEqualTo(PermissionRuleInfo.Action.ALLOW);
}
Also used :
PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo)
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo)
AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo)
AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)
Test(org.junit.Test)
Example 10 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method grantAllowAndDenyForSameGroup.
@Test
public void grantAllowAndDenyForSameGroup() throws Exception {
GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
String access = "access";
List<String> allowThenDeny = asList(registeredUsers.toConfigValue(), "deny " + registeredUsers.toConfigValue());
// Clone repository to forcefully add permission
TestRepository<InMemoryRepository> allProjectsRepo = cloneProject(allProjects, admin);
// Fetch permission ref
GitUtil.fetch(allProjectsRepo, "refs/meta/config:cfg");
allProjectsRepo.reset("cfg");
// Load current permissions
String config = gApi.projects().name(allProjects.get()).branch(RefNames.REFS_CONFIG).file(ProjectConfig.PROJECT_CONFIG).asString();
// Append and push allowThenDeny permissions
Config cfg = new Config();
cfg.fromText(config);
cfg.setStringList(access, AccessSection.HEADS, Permission.READ, allowThenDeny);
config = cfg.toText();
PushOneCommit push = pushFactory.create(admin.newIdent(), allProjectsRepo, "Subject", ProjectConfig.PROJECT_CONFIG, config);
push.to(RefNames.REFS_CONFIG).assertOkStatus();
ProjectAccessInfo pai = gApi.projects().name(allProjects.get()).access();
Map<String, AccessSectionInfo> local = pai.local;
AccessSectionInfo heads = local.get(AccessSection.HEADS);
Map<String, PermissionInfo> permissions = heads.permissions;
PermissionInfo read = permissions.get(Permission.READ);
Map<String, PermissionRuleInfo> rules = read.rules;
assertEquals(rules.get(registeredUsers.getUUID().get()), new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false));
}
Also used :
InMemoryRepository(org.eclipse.jgit.internal.storage.dfs.InMemoryRepository)
ProjectConfig(com.google.gerrit.server.project.ProjectConfig)
Config(org.eclipse.jgit.lib.Config)
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
PushOneCommit(com.google.gerrit.acceptance.PushOneCommit)
PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo)
PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo)
AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo)
GroupReference(com.google.gerrit.entities.GroupReference)
AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)
Test(org.junit.Test)
Aggregations
ProjectAccessInfo (com.google.gerrit.extensions.api.access.ProjectAccessInfo)23
AbstractDaemonTest (com.google.gerrit.acceptance.AbstractDaemonTest)20
Test (org.junit.Test)20
AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)11
PermissionInfo (com.google.gerrit.extensions.api.access.PermissionInfo)9
ProjectAccessInput (com.google.gerrit.extensions.api.access.ProjectAccessInput)9
PermissionRuleInfo (com.google.gerrit.extensions.api.access.PermissionRuleInfo)7
IdString (com.google.gerrit.extensions.restapi.IdString)6
RestResponse (com.google.gerrit.acceptance.RestResponse)5
ProjectConfig (com.google.gerrit.server.project.ProjectConfig)5
TypeToken (com.google.gson.reflect.TypeToken)5
GroupReference (com.google.gerrit.entities.GroupReference)4
InMemoryRepository (org.eclipse.jgit.internal.storage.dfs.InMemoryRepository)4
Registration (com.google.gerrit.acceptance.ExtensionRegistry.Registration)3
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)3
MetaDataUpdate (com.google.gerrit.server.git.meta.MetaDataUpdate)3
PushOneCommit (com.google.gerrit.acceptance.PushOneCommit)2
Project (com.google.gerrit.entities.Project)2
GroupInfo (com.google.gerrit.extensions.common.GroupInfo)2
AuthException (com.google.gerrit.extensions.restapi.AuthException)2
