Example 11 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method webLink.
@Test
public void webLink() throws Exception {
try (Registration registration = newFileHistoryWebLink()) {
ProjectAccessInfo info = pApi().access();
assertThat(info.configWebLinks).hasSize(1);
assertThat(info.configWebLinks.get(0).url).isEqualTo("http://view/" + newProjectName + "/project.config");
}
}
Also used :
Registration(com.google.gerrit.acceptance.ExtensionRegistry.Registration)
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)
Test(org.junit.Test)
Example 12 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class PluginAccessIT method setAccessAddPluginCapabilitySucceed.
@Test
public void setAccessAddPluginCapabilitySucceed() throws Exception {
String pluginCapability = TEST_PLUGIN_NAME + "-" + TEST_PLUGIN_CAPABILITY;
ProjectAccessInput accessInput = createAccessInput(AccessSection.GLOBAL_CAPABILITIES, pluginCapability);
ProjectAccessInfo projectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
Set<String> capabilities = projectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet();
assertThat(capabilities).contains(pluginCapability);
// Verifies the plugin defined capability could be listed.
assertThat(pluginPermissionsUtil.collectPluginCapabilities()).containsKey(pluginCapability);
}
Also used :
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput)
Test(org.junit.Test)
AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)
Example 13 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method removeGlobalCapabilityAsAdmin.
@Test
public void removeGlobalCapabilityAsAdmin() throws Exception {
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
PermissionInfo permissionInfo = newPermissionInfo();
permissionInfo.rules.put(adminGroup.getGroupUUID().get(), null);
accessSectionInfo.permissions.put(GlobalCapability.ACCESS_DATABASE, permissionInfo);
// Add and validate first as removing existing privileges such as
// administrateServer would break upcoming tests
accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
ProjectAccessInfo updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
assertThat(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsAllIn(accessSectionInfo.permissions.keySet());
// Remove
accessInput.add.clear();
accessInput.remove.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
assertThat(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsNoneIn(accessSectionInfo.permissions.keySet());
}
Also used :
AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup)
PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo)
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo)
ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput)
Test(org.junit.Test)
AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)
Example 14 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class ListAccess method apply.
@Override
public Response<Map<String, ProjectAccessInfo>> apply(TopLevelResource resource) throws Exception {
Map<String, ProjectAccessInfo> access = new TreeMap<>();
for (String p : projects) {
if (Strings.nullToEmpty(p).isEmpty()) {
continue;
}
Project.NameKey projectName = Project.nameKey(IdString.fromUrl(p).get().trim());
if (!projectCache.get(projectName).isPresent()) {
throw new ResourceNotFoundException(projectName.get());
}
try {
permissionBackend.currentUser().project(projectName).check(ProjectPermission.ACCESS);
} catch (AuthException e) {
throw new ResourceNotFoundException(projectName.get(), e);
}
access.put(projectName.get(), getAccess.apply(projectName));
}
return Response.ok(access);
}
Also used :
Project(com.google.gerrit.entities.Project)
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
IdString(com.google.gerrit.extensions.restapi.IdString)
TreeMap(java.util.TreeMap)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
Example 15 with ProjectAccessInfo
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class GetAccess method apply.
@Override
public Response<ProjectAccessInfo> apply(ProjectResource rsrc) throws ResourceNotFoundException, ResourceConflictException, IOException, PermissionBackendException {
// Load the current configuration from the repository, ensuring it's the most
// recent version available. If it differs from what was in the project
// state, force a cache flush now.
Project.NameKey projectName = rsrc.getNameKey();
ProjectAccessInfo info = new ProjectAccessInfo();
ProjectState projectState = projectCache.get(projectName).orElseThrow(illegalState(projectName));
PermissionBackend.ForProject perm = permissionBackend.currentUser().project(projectName);
ProjectConfig config;
try (MetaDataUpdate md = metaDataUpdateFactory.get().create(projectName)) {
config = projectConfigFactory.read(md);
info.configWebLinks = new ArrayList<>();
// config may have a null revision if the repo doesn't have its own refs/meta/config.
if (config.getRevision() != null) {
info.configWebLinks.addAll(webLinks.getFileHistoryLinks(projectName.get(), config.getRevision().getName(), ProjectConfig.PROJECT_CONFIG));
}
if (config.updateGroupNames(groupBackend)) {
md.setMessage("Update group names\n");
config.commit(md);
projectCache.evictAndReindex(config.getProject());
projectState = projectCache.get(projectName).orElseThrow(illegalState(projectName));
perm = permissionBackend.currentUser().project(projectName);
} else if (config.getRevision() != null && !config.getRevision().equals(projectState.getConfig().getRevision().orElse(null))) {
projectCache.evictAndReindex(config.getProject());
projectState = projectCache.get(projectName).orElseThrow(illegalState(projectName));
perm = permissionBackend.currentUser().project(projectName);
}
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(e.getMessage());
} catch (RepositoryNotFoundException e) {
throw new ResourceNotFoundException(rsrc.getName(), e);
}
// The following implementation must match the ProjectAccessFactory JSON RPC endpoint.
info.local = new HashMap<>();
info.ownerOf = new HashSet<>();
Map<AccountGroup.UUID, GroupInfo> groups = new HashMap<>();
boolean canReadConfig = check(perm, RefNames.REFS_CONFIG, READ);
boolean canWriteConfig = check(perm, ProjectPermission.WRITE_CONFIG);
// config to set the project state to any state that is not HIDDEN.
if (!canWriteConfig) {
projectState.checkStatePermitsRead();
}
for (AccessSection section : config.getAccessSections()) {
String name = section.getName();
if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
if (canWriteConfig) {
info.local.put(name, createAccessSection(groups, section));
info.ownerOf.add(name);
} else if (canReadConfig) {
info.local.put(section.getName(), createAccessSection(groups, section));
}
} else if (AccessSection.isValidRefSectionName(name)) {
if (check(perm, name, WRITE_CONFIG)) {
info.local.put(name, createAccessSection(groups, section));
info.ownerOf.add(name);
} else if (canReadConfig) {
info.local.put(name, createAccessSection(groups, section));
} else if (check(perm, name, READ)) {
// Filter the section to only add rules describing groups that
// are visible to the current-user. This includes any group the
// user is a member of, as well as groups they own or that
// are visible to all users.
AccessSection.Builder dst = null;
for (Permission srcPerm : section.getPermissions()) {
Permission.Builder dstPerm = null;
for (PermissionRule srcRule : srcPerm.getRules()) {
AccountGroup.UUID groupId = srcRule.getGroup().getUUID();
if (groupId == null) {
continue;
}
loadGroup(groups, groupId);
if (dstPerm == null) {
if (dst == null) {
dst = AccessSection.builder(name);
info.local.put(name, createAccessSection(groups, dst.build()));
}
dstPerm = dst.upsertPermission(srcPerm.getName());
}
dstPerm.add(srcRule.toBuilder());
}
}
}
}
}
if (info.ownerOf.isEmpty()) {
try {
permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
// Special case: If the section list is empty, this project has no current
// access control information. Fall back to site administrators.
info.ownerOf.add(AccessSection.ALL);
} catch (AuthException e) {
// Do nothing.
}
}
if (config.getRevision() != null) {
info.revision = config.getRevision().name();
}
ProjectState parent = Iterables.getFirst(projectState.parents(), null);
if (parent != null) {
info.inheritsFrom = projectJson.format(parent.getProject());
}
if (projectName.equals(allProjectsName) && permissionBackend.currentUser().testOrFalse(ADMINISTRATE_SERVER)) {
info.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
}
info.isOwner = toBoolean(canWriteConfig);
info.canUpload = toBoolean(projectState.statePermitsWrite() && (canWriteConfig || (canReadConfig && perm.ref(RefNames.REFS_CONFIG).testOrFalse(CREATE_CHANGE))));
info.canAdd = toBoolean(perm.testOrFalse(CREATE_REF));
info.canAddTags = toBoolean(perm.testOrFalse(CREATE_TAG_REF));
info.configVisible = canReadConfig || canWriteConfig;
info.groups = groups.entrySet().stream().filter(e -> e.getValue() != null).collect(toMap(e -> e.getKey().get(), Map.Entry::getValue));
return Response.ok(info);
}
Also used :
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend)
HashMap(java.util.HashMap)
PermissionRule(com.google.gerrit.entities.PermissionRule)
ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
RefPermission(com.google.gerrit.server.permissions.RefPermission)
GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission)
ProjectPermission(com.google.gerrit.server.permissions.ProjectPermission)
Permission(com.google.gerrit.entities.Permission)
ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException)
GroupInfo(com.google.gerrit.extensions.common.GroupInfo)
RepositoryNotFoundException(org.eclipse.jgit.errors.RepositoryNotFoundException)
AccessSection(com.google.gerrit.entities.AccessSection)
ProjectConfig(com.google.gerrit.server.project.ProjectConfig)
Project(com.google.gerrit.entities.Project)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
ProjectState(com.google.gerrit.server.project.ProjectState)
MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate)
Aggregations
ProjectAccessInfo (com.google.gerrit.extensions.api.access.ProjectAccessInfo)23
AbstractDaemonTest (com.google.gerrit.acceptance.AbstractDaemonTest)20
Test (org.junit.Test)20
AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)11
PermissionInfo (com.google.gerrit.extensions.api.access.PermissionInfo)9
ProjectAccessInput (com.google.gerrit.extensions.api.access.ProjectAccessInput)9
PermissionRuleInfo (com.google.gerrit.extensions.api.access.PermissionRuleInfo)7
IdString (com.google.gerrit.extensions.restapi.IdString)6
RestResponse (com.google.gerrit.acceptance.RestResponse)5
ProjectConfig (com.google.gerrit.server.project.ProjectConfig)5
TypeToken (com.google.gson.reflect.TypeToken)5
GroupReference (com.google.gerrit.entities.GroupReference)4
InMemoryRepository (org.eclipse.jgit.internal.storage.dfs.InMemoryRepository)4
Registration (com.google.gerrit.acceptance.ExtensionRegistry.Registration)3
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)3
MetaDataUpdate (com.google.gerrit.server.git.meta.MetaDataUpdate)3
PushOneCommit (com.google.gerrit.acceptance.PushOneCommit)2
Project (com.google.gerrit.entities.Project)2
GroupInfo (com.google.gerrit.extensions.common.GroupInfo)2
AuthException (com.google.gerrit.extensions.restapi.AuthException)2
