use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method addPluginGlobalCapability.
@Test
public void addPluginGlobalCapability() throws Exception {
try (Registration registration = extensionRegistry.newRegistration().add(new CapabilityDefinition() {
@Override
public String getDescription() {
return "A Plugin Global Capability";
}
}, "fooCapability")) {
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
PermissionInfo foo = newPermissionInfo();
PermissionRuleInfo pri = new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false);
foo.rules.put(SystemGroupBackend.REGISTERED_USERS.get(), pri);
accessSectionInfo.permissions.put(ExtensionRegistry.PLUGIN_NAME + "-fooCapability", foo);
accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
ProjectAccessInfo updatedAccessSectionInfo = gApi.projects().name(allProjects.get()).access(accessInput);
assertThatMap(updatedAccessSectionInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions).keys().containsAtLeastElementsIn(accessSectionInfo.permissions.keySet());
}
}
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method removeGlobalCapabilityAsAdmin.
@Test
public void removeGlobalCapabilityAsAdmin() throws Exception {
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
PermissionInfo permissionInfo = newPermissionInfo();
permissionInfo.rules.put(adminGroupUuid().get(), null);
accessSectionInfo.permissions.put(GlobalCapability.ACCESS_DATABASE, permissionInfo);
// Add and validate first as removing existing privileges such as
// administrateServer would break upcoming tests
accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
ProjectAccessInfo updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
assertThatMap(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions).keys().containsAtLeastElementsIn(accessSectionInfo.permissions.keySet());
// Remove
accessInput.add.clear();
accessInput.remove.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
assertThatMap(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions).keys().containsNoneIn(accessSectionInfo.permissions.keySet());
}
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method addAccessSectionForPluginPermission.
@Test
public void addAccessSectionForPluginPermission() throws Exception {
try (Registration registration = extensionRegistry.newRegistration().add(new PluginProjectPermissionDefinition() {
@Override
public String getDescription() {
return "A Plugin Project Permission";
}
}, "fooPermission")) {
ProjectAccessInput accessInput = newProjectAccessInput();
AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
PermissionInfo foo = newPermissionInfo();
PermissionRuleInfo pri = new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false);
foo.rules.put(SystemGroupBackend.REGISTERED_USERS.get(), pri);
accessSectionInfo.permissions.put("plugin-" + ExtensionRegistry.PLUGIN_NAME + "-fooPermission", foo);
accessInput.add.put(REFS_HEADS, accessSectionInfo);
ProjectAccessInfo updatedAccessSectionInfo = pApi().access(accessInput);
assertThat(updatedAccessSectionInfo.local).isEqualTo(accessInput.add);
assertThat(pApi().access().local).isEqualTo(accessInput.add);
}
}
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method grantDenyAndAllowForSameGroup.
@Test
public void grantDenyAndAllowForSameGroup() throws Exception {
GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
String access = "access";
List<String> denyThenAllow = asList("deny " + registeredUsers.toConfigValue(), registeredUsers.toConfigValue());
// Clone repository to forcefully add permission
TestRepository<InMemoryRepository> allProjectsRepo = cloneProject(allProjects, admin);
// Fetch permission ref
GitUtil.fetch(allProjectsRepo, "refs/meta/config:cfg");
allProjectsRepo.reset("cfg");
// Load current permissions
String config = gApi.projects().name(allProjects.get()).branch(RefNames.REFS_CONFIG).file(ProjectConfig.PROJECT_CONFIG).asString();
// Append and push denyThenAllow permissions
Config cfg = new Config();
cfg.fromText(config);
cfg.setStringList(access, AccessSection.HEADS, Permission.READ, denyThenAllow);
config = cfg.toText();
PushOneCommit push = pushFactory.create(admin.newIdent(), allProjectsRepo, "Subject", ProjectConfig.PROJECT_CONFIG, config);
push.to(RefNames.REFS_CONFIG).assertOkStatus();
ProjectAccessInfo pai = gApi.projects().name(allProjects.get()).access();
Map<String, AccessSectionInfo> local = pai.local;
AccessSectionInfo heads = local.get(AccessSection.HEADS);
Map<String, PermissionInfo> permissions = heads.permissions;
PermissionInfo read = permissions.get(Permission.READ);
Map<String, PermissionRuleInfo> rules = read.rules;
assertEquals(rules.get(registeredUsers.getUUID().get()), new PermissionRuleInfo(PermissionRuleInfo.Action.DENY, false));
}
use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.
the class AccessIT method listAccess_projectNameAreTrimmed.
@Test
public void listAccess_projectNameAreTrimmed() throws Exception {
RestResponse r = adminRestSession.get("/access/?project=" + IdString.fromDecoded(" " + project.get() + " "));
r.assertOK();
Map<String, ProjectAccessInfo> infoByProject = newGson().fromJson(r.getReader(), new TypeToken<Map<String, ProjectAccessInfo>>() {
}.getType());
assertThat(infoByProject.keySet()).containsExactly(project.get());
}
Aggregations