Search in sources :

Example 16 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class AccessIT method addPluginGlobalCapability.

@Test
public void addPluginGlobalCapability() throws Exception {
    try (Registration registration = extensionRegistry.newRegistration().add(new CapabilityDefinition() {

        @Override
        public String getDescription() {
            return "A Plugin Global Capability";
        }
    }, "fooCapability")) {
        ProjectAccessInput accessInput = newProjectAccessInput();
        AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
        PermissionInfo foo = newPermissionInfo();
        PermissionRuleInfo pri = new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false);
        foo.rules.put(SystemGroupBackend.REGISTERED_USERS.get(), pri);
        accessSectionInfo.permissions.put(ExtensionRegistry.PLUGIN_NAME + "-fooCapability", foo);
        accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
        ProjectAccessInfo updatedAccessSectionInfo = gApi.projects().name(allProjects.get()).access(accessInput);
        assertThatMap(updatedAccessSectionInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions).keys().containsAtLeastElementsIn(accessSectionInfo.permissions.keySet());
    }
}
Also used : PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) Registration(com.google.gerrit.acceptance.ExtensionRegistry.Registration) PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput) CapabilityDefinition(com.google.gerrit.extensions.config.CapabilityDefinition) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Test(org.junit.Test)

Example 17 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class AccessIT method removeGlobalCapabilityAsAdmin.

@Test
public void removeGlobalCapabilityAsAdmin() throws Exception {
    ProjectAccessInput accessInput = newProjectAccessInput();
    AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
    PermissionInfo permissionInfo = newPermissionInfo();
    permissionInfo.rules.put(adminGroupUuid().get(), null);
    accessSectionInfo.permissions.put(GlobalCapability.ACCESS_DATABASE, permissionInfo);
    // Add and validate first as removing existing privileges such as
    // administrateServer would break upcoming tests
    accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
    ProjectAccessInfo updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
    assertThatMap(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions).keys().containsAtLeastElementsIn(accessSectionInfo.permissions.keySet());
    // Remove
    accessInput.add.clear();
    accessInput.remove.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
    updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
    assertThatMap(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions).keys().containsNoneIn(accessSectionInfo.permissions.keySet());
}
Also used : PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Test(org.junit.Test)

Example 18 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class AccessIT method addAccessSectionForPluginPermission.

@Test
public void addAccessSectionForPluginPermission() throws Exception {
    try (Registration registration = extensionRegistry.newRegistration().add(new PluginProjectPermissionDefinition() {

        @Override
        public String getDescription() {
            return "A Plugin Project Permission";
        }
    }, "fooPermission")) {
        ProjectAccessInput accessInput = newProjectAccessInput();
        AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
        PermissionInfo foo = newPermissionInfo();
        PermissionRuleInfo pri = new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false);
        foo.rules.put(SystemGroupBackend.REGISTERED_USERS.get(), pri);
        accessSectionInfo.permissions.put("plugin-" + ExtensionRegistry.PLUGIN_NAME + "-fooPermission", foo);
        accessInput.add.put(REFS_HEADS, accessSectionInfo);
        ProjectAccessInfo updatedAccessSectionInfo = pApi().access(accessInput);
        assertThat(updatedAccessSectionInfo.local).isEqualTo(accessInput.add);
        assertThat(pApi().access().local).isEqualTo(accessInput.add);
    }
}
Also used : PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) Registration(com.google.gerrit.acceptance.ExtensionRegistry.Registration) PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) ProjectAccessInput(com.google.gerrit.extensions.api.access.ProjectAccessInput) PluginProjectPermissionDefinition(com.google.gerrit.extensions.config.PluginProjectPermissionDefinition) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Test(org.junit.Test)

Example 19 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class AccessIT method grantDenyAndAllowForSameGroup.

@Test
public void grantDenyAndAllowForSameGroup() throws Exception {
    GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
    String access = "access";
    List<String> denyThenAllow = asList("deny " + registeredUsers.toConfigValue(), registeredUsers.toConfigValue());
    // Clone repository to forcefully add permission
    TestRepository<InMemoryRepository> allProjectsRepo = cloneProject(allProjects, admin);
    // Fetch permission ref
    GitUtil.fetch(allProjectsRepo, "refs/meta/config:cfg");
    allProjectsRepo.reset("cfg");
    // Load current permissions
    String config = gApi.projects().name(allProjects.get()).branch(RefNames.REFS_CONFIG).file(ProjectConfig.PROJECT_CONFIG).asString();
    // Append and push denyThenAllow permissions
    Config cfg = new Config();
    cfg.fromText(config);
    cfg.setStringList(access, AccessSection.HEADS, Permission.READ, denyThenAllow);
    config = cfg.toText();
    PushOneCommit push = pushFactory.create(admin.newIdent(), allProjectsRepo, "Subject", ProjectConfig.PROJECT_CONFIG, config);
    push.to(RefNames.REFS_CONFIG).assertOkStatus();
    ProjectAccessInfo pai = gApi.projects().name(allProjects.get()).access();
    Map<String, AccessSectionInfo> local = pai.local;
    AccessSectionInfo heads = local.get(AccessSection.HEADS);
    Map<String, PermissionInfo> permissions = heads.permissions;
    PermissionInfo read = permissions.get(Permission.READ);
    Map<String, PermissionRuleInfo> rules = read.rules;
    assertEquals(rules.get(registeredUsers.getUUID().get()), new PermissionRuleInfo(PermissionRuleInfo.Action.DENY, false));
}
Also used : InMemoryRepository(org.eclipse.jgit.internal.storage.dfs.InMemoryRepository) ProjectConfig(com.google.gerrit.server.project.ProjectConfig) Config(org.eclipse.jgit.lib.Config) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) PushOneCommit(com.google.gerrit.acceptance.PushOneCommit) PermissionInfo(com.google.gerrit.extensions.api.access.PermissionInfo) PermissionRuleInfo(com.google.gerrit.extensions.api.access.PermissionRuleInfo) AccessSectionInfo(com.google.gerrit.extensions.api.access.AccessSectionInfo) GroupReference(com.google.gerrit.entities.GroupReference) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest) Test(org.junit.Test)

Example 20 with ProjectAccessInfo

use of com.google.gerrit.extensions.api.access.ProjectAccessInfo in project gerrit by GerritCodeReview.

the class AccessIT method listAccess_projectNameAreTrimmed.

@Test
public void listAccess_projectNameAreTrimmed() throws Exception {
    RestResponse r = adminRestSession.get("/access/?project=" + IdString.fromDecoded(" " + project.get() + " "));
    r.assertOK();
    Map<String, ProjectAccessInfo> infoByProject = newGson().fromJson(r.getReader(), new TypeToken<Map<String, ProjectAccessInfo>>() {
    }.getType());
    assertThat(infoByProject.keySet()).containsExactly(project.get());
}
Also used : RestResponse(com.google.gerrit.acceptance.RestResponse) TypeToken(com.google.gson.reflect.TypeToken) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) IdString(com.google.gerrit.extensions.restapi.IdString) Test(org.junit.Test) AbstractDaemonTest(com.google.gerrit.acceptance.AbstractDaemonTest)

Aggregations

ProjectAccessInfo (com.google.gerrit.extensions.api.access.ProjectAccessInfo)23 AbstractDaemonTest (com.google.gerrit.acceptance.AbstractDaemonTest)20 Test (org.junit.Test)20 AccessSectionInfo (com.google.gerrit.extensions.api.access.AccessSectionInfo)11 PermissionInfo (com.google.gerrit.extensions.api.access.PermissionInfo)9 ProjectAccessInput (com.google.gerrit.extensions.api.access.ProjectAccessInput)9 PermissionRuleInfo (com.google.gerrit.extensions.api.access.PermissionRuleInfo)7 IdString (com.google.gerrit.extensions.restapi.IdString)6 RestResponse (com.google.gerrit.acceptance.RestResponse)5 ProjectConfig (com.google.gerrit.server.project.ProjectConfig)5 TypeToken (com.google.gson.reflect.TypeToken)5 GroupReference (com.google.gerrit.entities.GroupReference)4 InMemoryRepository (org.eclipse.jgit.internal.storage.dfs.InMemoryRepository)4 Registration (com.google.gerrit.acceptance.ExtensionRegistry.Registration)3 ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)3 MetaDataUpdate (com.google.gerrit.server.git.meta.MetaDataUpdate)3 PushOneCommit (com.google.gerrit.acceptance.PushOneCommit)2 Project (com.google.gerrit.entities.Project)2 GroupInfo (com.google.gerrit.extensions.common.GroupInfo)2 AuthException (com.google.gerrit.extensions.restapi.AuthException)2