Examples with AccountGroup com.google.gerrit.reviewdb.client.AccountGroup used on opensource projects

Example 21 with AccountGroup

use of com.google.gerrit.reviewdb.client.AccountGroup in project gerrit by GerritCodeReview.

the class AccessIT method removeGlobalCapabilityAsAdmin.

@Test
public void removeGlobalCapabilityAsAdmin() throws Exception {
    AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
    ProjectAccessInput accessInput = newProjectAccessInput();
    AccessSectionInfo accessSectionInfo = newAccessSectionInfo();
    PermissionInfo permissionInfo = newPermissionInfo();
    permissionInfo.rules.put(adminGroup.getGroupUUID().get(), null);
    accessSectionInfo.permissions.put(GlobalCapability.ACCESS_DATABASE, permissionInfo);
    // Add and validate first as removing existing privileges such as
    // administrateServer would break upcoming tests
    accessInput.add.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
    ProjectAccessInfo updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
    assertThat(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsAllIn(accessSectionInfo.permissions.keySet());
    // Remove
    accessInput.add.clear();
    accessInput.remove.put(AccessSection.GLOBAL_CAPABILITIES, accessSectionInfo);
    updatedProjectAccessInfo = gApi.projects().name(allProjects.get()).access(accessInput);
    assertThat(updatedProjectAccessInfo.local.get(AccessSection.GLOBAL_CAPABILITIES).permissions.keySet()).containsNoneIn(accessSectionInfo.permissions.keySet());
}

Example 22 with AccountGroup

use of com.google.gerrit.reviewdb.client.AccountGroup in project gerrit by GerritCodeReview.

the class CreateGroup method createGroup.

private AccountGroup createGroup(CreateGroupArgs createGroupArgs) throws OrmException, ResourceConflictException, IOException {
    // Do not allow creating groups with the same name as system groups
    for (String name : systemGroupBackend.getNames()) {
        if (name.toLowerCase(Locale.US).equals(createGroupArgs.getGroupName().toLowerCase(Locale.US))) {
            throw new ResourceConflictException("group '" + name + "' already exists");
        }
    }
    for (String name : systemGroupBackend.getReservedNames()) {
        if (name.toLowerCase(Locale.US).equals(createGroupArgs.getGroupName().toLowerCase(Locale.US))) {
            throw new ResourceConflictException("group name '" + name + "' is reserved");
        }
    }
    AccountGroup.Id groupId = new AccountGroup.Id(db.nextAccountGroupId());
    AccountGroup.UUID uuid = GroupUUID.make(createGroupArgs.getGroupName(), self.get().newCommitterIdent(serverIdent.getWhen(), serverIdent.getTimeZone()));
    AccountGroup group = new AccountGroup(createGroupArgs.getGroup(), groupId, uuid, TimeUtil.nowTs());
    group.setVisibleToAll(createGroupArgs.visibleToAll);
    if (createGroupArgs.ownerGroupId != null) {
        AccountGroup ownerGroup = groupCache.get(createGroupArgs.ownerGroupId);
        if (ownerGroup != null) {
            group.setOwnerGroupUUID(ownerGroup.getGroupUUID());
        }
    }
    if (createGroupArgs.groupDescription != null) {
        group.setDescription(createGroupArgs.groupDescription);
    }
    AccountGroupName gn = new AccountGroupName(group);
    // already been used to create another group
    try {
        db.accountGroupNames().insert(Collections.singleton(gn));
    } catch (OrmDuplicateKeyException e) {
        throw new ResourceConflictException("group '" + createGroupArgs.getGroupName() + "' already exists");
    }
    db.accountGroups().insert(Collections.singleton(group));
    addMembers.addMembers(groupId, createGroupArgs.initialMembers);
    groupCache.onCreateGroup(createGroupArgs.getGroup());
    return group;
}

Example 23 with AccountGroup

use of com.google.gerrit.reviewdb.client.AccountGroup in project gerrit by GerritCodeReview.

the class DeleteIncludedGroups method apply.

@Override
public Response<?> apply(GroupResource resource, Input input) throws AuthException, MethodNotAllowedException, UnprocessableEntityException, OrmException {
    AccountGroup internalGroup = resource.toAccountGroup();
    if (internalGroup == null) {
        throw new MethodNotAllowedException();
    }
    input = Input.init(input);
    final GroupControl control = resource.getControl();
    final Map<AccountGroup.UUID, AccountGroupById> includedGroups = getIncludedGroups(internalGroup.getId());
    final List<AccountGroupById> toRemove = new ArrayList<>();
    for (final String includedGroup : input.groups) {
        GroupDescription.Basic d = groupsCollection.parse(includedGroup);
        if (!control.canRemoveGroup()) {
            throw new AuthException(String.format("Cannot delete group: %s", d.getName()));
        }
        AccountGroupById g = includedGroups.remove(d.getGroupUUID());
        if (g != null) {
            toRemove.add(g);
        }
    }
    if (!toRemove.isEmpty()) {
        writeAudits(toRemove);
        db.get().accountGroupById().delete(toRemove);
        for (final AccountGroupById g : toRemove) {
            groupIncludeCache.evictParentGroupsOf(g.getIncludeUUID());
        }
        groupIncludeCache.evictSubgroupsOf(internalGroup.getGroupUUID());
    }
    return Response.none();
}

Example 24 with AccountGroup

use of com.google.gerrit.reviewdb.client.AccountGroup in project gerrit by GerritCodeReview.

the class AddIncludedGroups method apply.

@Override
public List<GroupInfo> apply(GroupResource resource, Input input) throws MethodNotAllowedException, AuthException, UnprocessableEntityException, OrmException {
    AccountGroup group = resource.toAccountGroup();
    if (group == null) {
        throw new MethodNotAllowedException();
    }
    input = Input.init(input);
    GroupControl control = resource.getControl();
    Map<AccountGroup.UUID, AccountGroupById> newIncludedGroups = new HashMap<>();
    List<GroupInfo> result = new ArrayList<>();
    Account.Id me = control.getUser().getAccountId();
    for (String includedGroup : input.groups) {
        GroupDescription.Basic d = groupsCollection.parse(includedGroup);
        if (!control.canAddGroup()) {
            throw new AuthException(String.format("Cannot add group: %s", d.getName()));
        }
        if (!newIncludedGroups.containsKey(d.getGroupUUID())) {
            AccountGroupById.Key agiKey = new AccountGroupById.Key(group.getId(), d.getGroupUUID());
            AccountGroupById agi = db.get().accountGroupById().get(agiKey);
            if (agi == null) {
                agi = new AccountGroupById(agiKey);
                newIncludedGroups.put(d.getGroupUUID(), agi);
            }
        }
        result.add(json.format(d));
    }
    if (!newIncludedGroups.isEmpty()) {
        auditService.dispatchAddGroupsToGroup(me, newIncludedGroups.values());
        db.get().accountGroupById().insert(newIncludedGroups.values());
        for (AccountGroupById agi : newIncludedGroups.values()) {
            groupIncludeCache.evictParentGroupsOf(agi.getIncludeUUID());
        }
        groupIncludeCache.evictSubgroupsOf(group.getGroupUUID());
    }
    return result;
}

Example 25 with AccountGroup

use of com.google.gerrit.reviewdb.client.AccountGroup in project gerrit by GerritCodeReview.

the class AddMembers method apply.

@Override
public List<AccountInfo> apply(GroupResource resource, Input input) throws AuthException, MethodNotAllowedException, UnprocessableEntityException, OrmException, IOException {
    AccountGroup internalGroup = resource.toAccountGroup();
    if (internalGroup == null) {
        throw new MethodNotAllowedException();
    }
    input = Input.init(input);
    GroupControl control = resource.getControl();
    Set<Account.Id> newMemberIds = new HashSet<>();
    for (String nameOrEmailOrId : input.members) {
        Account a = findAccount(nameOrEmailOrId);
        if (!a.isActive()) {
            throw new UnprocessableEntityException(String.format("Account Inactive: %s", nameOrEmailOrId));
        }
        if (!control.canAddMember()) {
            throw new AuthException("Cannot add member: " + a.getFullName());
        }
        newMemberIds.add(a.getId());
    }
    addMembers(internalGroup.getId(), newMemberIds);
    return toAccountInfoList(newMemberIds);
}