Examples with MetaDataUpdate com.google.gerrit.server.git.MetaDataUpdate used on opensource projects
Example 1 with MetaDataUpdate
use of com.google.gerrit.server.git.MetaDataUpdate in project gerrit by GerritCodeReview.
the class AbstractSubmoduleSubscription method allowSubmoduleSubscription.
protected void allowSubmoduleSubscription(String submodule, String subBranch, String superproject, String superBranch, boolean match) throws Exception {
Project.NameKey sub = new Project.NameKey(name(submodule));
Project.NameKey superName = new Project.NameKey(name(superproject));
try (MetaDataUpdate md = metaDataUpdateFactory.create(sub)) {
md.setMessage("Added superproject subscription");
SubscribeSection s;
ProjectConfig pc = ProjectConfig.read(md);
if (pc.getSubscribeSections().containsKey(superName)) {
s = pc.getSubscribeSections().get(superName);
} else {
s = new SubscribeSection(superName);
}
String refspec;
if (superBranch == null) {
refspec = subBranch;
} else {
refspec = subBranch + ":" + superBranch;
}
if (match) {
s.addMatchingRefSpec(refspec);
} else {
s.addMultiMatchRefSpec(refspec);
}
pc.addSubscribeSection(s);
ObjectId oldId = pc.getRevision();
ObjectId newId = pc.commit(md);
assertThat(newId).isNotEqualTo(oldId);
projectCache.evict(pc.getProject());
}
}
Also used :
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
Project(com.google.gerrit.reviewdb.client.Project)
ObjectId(org.eclipse.jgit.lib.ObjectId)
SubscribeSection(com.google.gerrit.common.data.SubscribeSection)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Example 2 with MetaDataUpdate
use of com.google.gerrit.server.git.MetaDataUpdate in project gerrit by GerritCodeReview.
the class ChangeOwnerIT method grantApproveToChangeOwner.
private void grantApproveToChangeOwner() throws Exception {
try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
md.setMessage(String.format("Grant approve to change owner"));
ProjectConfig config = ProjectConfig.read(md);
AccessSection s = config.getAccessSection("refs/heads/*", true);
Permission p = s.getPermission(LABEL + "Code-Review", true);
PermissionRule rule = new PermissionRule(config.resolve(systemGroupBackend.getGroup(SystemGroupBackend.CHANGE_OWNER)));
rule.setMin(-2);
rule.setMax(+2);
p.add(rule);
config.commit(md);
projectCache.evict(config.getProject());
}
}
Also used :
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
Permission(com.google.gerrit.common.data.Permission)
AccessSection(com.google.gerrit.common.data.AccessSection)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Example 3 with MetaDataUpdate
use of com.google.gerrit.server.git.MetaDataUpdate in project gerrit by GerritCodeReview.
the class SetAccess method apply.
@Override
public ProjectAccessInfo apply(ProjectResource rsrc, ProjectAccessInput input) throws ResourceNotFoundException, ResourceConflictException, IOException, AuthException, BadRequestException, UnprocessableEntityException, PermissionBackendException {
List<AccessSection> removals = getAccessSections(input.remove);
List<AccessSection> additions = getAccessSections(input.add);
MetaDataUpdate.User metaDataUpdateUser = metaDataUpdateFactory.get();
ProjectControl projectControl = rsrc.getControl();
ProjectConfig config;
Project.NameKey newParentProjectName = input.parent == null ? null : new Project.NameKey(input.parent);
try (MetaDataUpdate md = metaDataUpdateUser.create(rsrc.getNameKey())) {
config = ProjectConfig.read(md);
// Perform removal checks
for (AccessSection section : removals) {
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
if (isGlobalCapabilities) {
checkGlobalCapabilityPermissions(config.getName());
} else if (!projectControl.controlForRef(section.getName()).isOwner()) {
throw new AuthException("You are not allowed to edit permissionsfor ref: " + section.getName());
}
}
// Perform addition checks
for (AccessSection section : additions) {
String name = section.getName();
boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(name);
if (isGlobalCapabilities) {
checkGlobalCapabilityPermissions(config.getName());
} else {
if (!AccessSection.isValid(name)) {
throw new BadRequestException("invalid section name");
}
if (!projectControl.controlForRef(name).isOwner()) {
throw new AuthException("You are not allowed to edit permissionsfor ref: " + name);
}
RefPattern.validate(name);
}
// Check all permissions for soundness
for (Permission p : section.getPermissions()) {
if (isGlobalCapabilities && !GlobalCapability.isCapability(p.getName())) {
throw new BadRequestException("Cannot add non-global capability " + p.getName() + " to global capabilities");
}
}
}
// Apply removals
for (AccessSection section : removals) {
if (section.getPermissions().isEmpty()) {
// Remove entire section
config.remove(config.getAccessSection(section.getName()));
}
// Remove specific permissions
for (Permission p : section.getPermissions()) {
if (p.getRules().isEmpty()) {
config.remove(config.getAccessSection(section.getName()), p);
} else {
for (PermissionRule r : p.getRules()) {
config.remove(config.getAccessSection(section.getName()), p, r);
}
}
}
}
// Apply additions
for (AccessSection section : additions) {
AccessSection currentAccessSection = config.getAccessSection(section.getName());
if (currentAccessSection == null) {
// Add AccessSection
config.replace(section);
} else {
for (Permission p : section.getPermissions()) {
Permission currentPermission = currentAccessSection.getPermission(p.getName());
if (currentPermission == null) {
// Add Permission
currentAccessSection.addPermission(p);
} else {
for (PermissionRule r : p.getRules()) {
// AddPermissionRule
currentPermission.add(r);
}
}
}
}
}
if (newParentProjectName != null && !config.getProject().getNameKey().equals(allProjects) && !config.getProject().getParent(allProjects).equals(newParentProjectName)) {
try {
setParent.get().validateParentUpdate(projectControl, MoreObjects.firstNonNull(newParentProjectName, allProjects).get(), true);
} catch (UnprocessableEntityException e) {
throw new ResourceConflictException(e.getMessage(), e);
}
config.getProject().setParentName(newParentProjectName);
}
if (!Strings.isNullOrEmpty(input.message)) {
if (!input.message.endsWith("\n")) {
input.message += "\n";
}
md.setMessage(input.message);
} else {
md.setMessage("Modify access rules\n");
}
config.commit(md);
projectCache.evict(config.getProject());
} catch (InvalidNameException e) {
throw new BadRequestException(e.toString());
} catch (ConfigInvalidException e) {
throw new ResourceConflictException(rsrc.getName());
}
return getAccess.apply(rsrc.getNameKey());
}
Also used :
UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException)
ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
AuthException(com.google.gerrit.extensions.restapi.AuthException)
AccessSection(com.google.gerrit.common.data.AccessSection)
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
Project(com.google.gerrit.reviewdb.client.Project)
ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException)
InvalidNameException(com.google.gerrit.common.errors.InvalidNameException)
GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission)
Permission(com.google.gerrit.common.data.Permission)
BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Example 4 with MetaDataUpdate
use of com.google.gerrit.server.git.MetaDataUpdate in project gerrit by GerritCodeReview.
the class AllProjectsCreator method initAllProjects.
private void initAllProjects(Repository git) throws IOException, ConfigInvalidException {
BatchRefUpdate bru = git.getRefDatabase().newBatchUpdate();
try (MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, allProjectsName, git, bru)) {
md.getCommitBuilder().setAuthor(serverUser);
md.getCommitBuilder().setCommitter(serverUser);
md.setMessage(MoreObjects.firstNonNull(Strings.emptyToNull(message), "Initialized Gerrit Code Review " + Version.getVersion()));
ProjectConfig config = ProjectConfig.read(md);
Project p = config.getProject();
p.setDescription("Access inherited by all other projects.");
p.setRequireChangeID(InheritableBoolean.TRUE);
p.setUseContentMerge(InheritableBoolean.TRUE);
p.setUseContributorAgreements(InheritableBoolean.FALSE);
p.setUseSignedOffBy(InheritableBoolean.FALSE);
p.setEnableSignedPush(InheritableBoolean.FALSE);
AccessSection cap = config.getAccessSection(AccessSection.GLOBAL_CAPABILITIES, true);
AccessSection all = config.getAccessSection(AccessSection.ALL, true);
AccessSection heads = config.getAccessSection(AccessSection.HEADS, true);
AccessSection tags = config.getAccessSection("refs/tags/*", true);
AccessSection meta = config.getAccessSection(RefNames.REFS_CONFIG, true);
AccessSection refsFor = config.getAccessSection("refs/for/*", true);
AccessSection magic = config.getAccessSection("refs/for/" + AccessSection.ALL, true);
grant(config, cap, GlobalCapability.ADMINISTRATE_SERVER, admin);
grant(config, all, Permission.READ, admin, anonymous);
grant(config, refsFor, Permission.ADD_PATCH_SET, registered);
if (batch != null) {
Permission priority = cap.getPermission(GlobalCapability.PRIORITY, true);
PermissionRule r = rule(config, batch);
r.setAction(Action.BATCH);
priority.add(r);
Permission stream = cap.getPermission(GlobalCapability.STREAM_EVENTS, true);
stream.add(rule(config, batch));
}
LabelType cr = initCodeReviewLabel(config);
grant(config, heads, cr, -1, 1, registered);
grant(config, heads, cr, -2, 2, admin, owners);
grant(config, heads, Permission.CREATE, admin, owners);
grant(config, heads, Permission.PUSH, admin, owners);
grant(config, heads, Permission.SUBMIT, admin, owners);
grant(config, heads, Permission.FORGE_AUTHOR, registered);
grant(config, heads, Permission.FORGE_COMMITTER, admin, owners);
grant(config, heads, Permission.EDIT_TOPIC_NAME, true, admin, owners);
grant(config, tags, Permission.CREATE, admin, owners);
grant(config, tags, Permission.CREATE_TAG, admin, owners);
grant(config, tags, Permission.CREATE_SIGNED_TAG, admin, owners);
grant(config, magic, Permission.PUSH, registered);
grant(config, magic, Permission.PUSH_MERGE, registered);
meta.getPermission(Permission.READ, true).setExclusiveGroup(true);
grant(config, meta, Permission.READ, admin, owners);
grant(config, meta, cr, -2, 2, admin, owners);
grant(config, meta, Permission.CREATE, admin, owners);
grant(config, meta, Permission.PUSH, admin, owners);
grant(config, meta, Permission.SUBMIT, admin, owners);
config.commitToNewRef(md, RefNames.REFS_CONFIG);
initSequences(git, bru);
execute(git, bru);
}
}
Also used :
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
Project(com.google.gerrit.reviewdb.client.Project)
PermissionRule(com.google.gerrit.common.data.PermissionRule)
LabelType(com.google.gerrit.common.data.LabelType)
Permission(com.google.gerrit.common.data.Permission)
BatchRefUpdate(org.eclipse.jgit.lib.BatchRefUpdate)
AccessSection(com.google.gerrit.common.data.AccessSection)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Example 5 with MetaDataUpdate
use of com.google.gerrit.server.git.MetaDataUpdate in project gerrit by GerritCodeReview.
the class AllUsersCreator method initAllUsers.
private void initAllUsers(Repository git) throws IOException, ConfigInvalidException {
try (MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, allUsersName, git)) {
md.getCommitBuilder().setAuthor(serverUser);
md.getCommitBuilder().setCommitter(serverUser);
md.setMessage("Initialized Gerrit Code Review " + Version.getVersion());
ProjectConfig config = ProjectConfig.read(md);
Project project = config.getProject();
project.setDescription("Individual user settings and preferences.");
AccessSection users = config.getAccessSection(RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}", true);
LabelType cr = AllProjectsCreator.initCodeReviewLabel(config);
grant(config, users, Permission.READ, false, true, registered);
grant(config, users, Permission.PUSH, false, true, registered);
grant(config, users, Permission.SUBMIT, false, true, registered);
grant(config, users, cr, -2, 2, registered);
AccessSection defaults = config.getAccessSection(RefNames.REFS_USERS_DEFAULT, true);
defaults.getPermission(Permission.READ, true).setExclusiveGroup(true);
grant(config, defaults, Permission.READ, admin);
defaults.getPermission(Permission.PUSH, true).setExclusiveGroup(true);
grant(config, defaults, Permission.PUSH, admin);
defaults.getPermission(Permission.CREATE, true).setExclusiveGroup(true);
grant(config, defaults, Permission.CREATE, admin);
config.commit(md);
}
}
Also used :
ProjectConfig(com.google.gerrit.server.git.ProjectConfig)
Project(com.google.gerrit.reviewdb.client.Project)
LabelType(com.google.gerrit.common.data.LabelType)
AccessSection(com.google.gerrit.common.data.AccessSection)
MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)
Aggregations
MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)37
ProjectConfig (com.google.gerrit.server.git.ProjectConfig)25
ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)18
Project (com.google.gerrit.reviewdb.client.Project)15
AccessSection (com.google.gerrit.common.data.AccessSection)14
IOException (java.io.IOException)13
Repository (org.eclipse.jgit.lib.Repository)12
OrmException (com.google.gwtorm.server.OrmException)11
Permission (com.google.gerrit.common.data.Permission)9
PermissionRule (com.google.gerrit.common.data.PermissionRule)8
ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)7
RepositoryNotFoundException (org.eclipse.jgit.errors.RepositoryNotFoundException)7
HashMap (java.util.HashMap)6
BatchRefUpdate (org.eclipse.jgit.lib.BatchRefUpdate)6
GroupReference (com.google.gerrit.common.data.GroupReference)5
ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)5
Account (com.google.gerrit.reviewdb.client.Account)5
RevWalk (org.eclipse.jgit.revwalk.RevWalk)5
LabelType (com.google.gerrit.common.data.LabelType)4
AuthException (com.google.gerrit.extensions.restapi.AuthException)4
