Search in sources :

Example 26 with ProjectConfig

use of com.google.gerrit.server.git.ProjectConfig in project gerrit by GerritCodeReview.

the class CommentAddedEventIT method saveLabelConfig.

private void saveLabelConfig() throws Exception {
    ProjectConfig cfg = projectCache.checkedGet(project).getConfig();
    cfg.getLabelSections().put(label.getName(), label);
    cfg.getLabelSections().put(pLabel.getName(), pLabel);
    saveProjectConfig(project, cfg);
}
Also used : ProjectConfig(com.google.gerrit.server.git.ProjectConfig)

Example 27 with ProjectConfig

use of com.google.gerrit.server.git.ProjectConfig in project gerrit by GerritCodeReview.

the class SetAccess method apply.

@Override
public ProjectAccessInfo apply(ProjectResource rsrc, ProjectAccessInput input) throws ResourceNotFoundException, ResourceConflictException, IOException, AuthException, BadRequestException, UnprocessableEntityException, PermissionBackendException {
    List<AccessSection> removals = getAccessSections(input.remove);
    List<AccessSection> additions = getAccessSections(input.add);
    MetaDataUpdate.User metaDataUpdateUser = metaDataUpdateFactory.get();
    ProjectControl projectControl = rsrc.getControl();
    ProjectConfig config;
    Project.NameKey newParentProjectName = input.parent == null ? null : new Project.NameKey(input.parent);
    try (MetaDataUpdate md = metaDataUpdateUser.create(rsrc.getNameKey())) {
        config = ProjectConfig.read(md);
        // Perform removal checks
        for (AccessSection section : removals) {
            boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(section.getName());
            if (isGlobalCapabilities) {
                checkGlobalCapabilityPermissions(config.getName());
            } else if (!projectControl.controlForRef(section.getName()).isOwner()) {
                throw new AuthException("You are not allowed to edit permissionsfor ref: " + section.getName());
            }
        }
        // Perform addition checks
        for (AccessSection section : additions) {
            String name = section.getName();
            boolean isGlobalCapabilities = AccessSection.GLOBAL_CAPABILITIES.equals(name);
            if (isGlobalCapabilities) {
                checkGlobalCapabilityPermissions(config.getName());
            } else {
                if (!AccessSection.isValid(name)) {
                    throw new BadRequestException("invalid section name");
                }
                if (!projectControl.controlForRef(name).isOwner()) {
                    throw new AuthException("You are not allowed to edit permissionsfor ref: " + name);
                }
                RefPattern.validate(name);
            }
            // Check all permissions for soundness
            for (Permission p : section.getPermissions()) {
                if (isGlobalCapabilities && !GlobalCapability.isCapability(p.getName())) {
                    throw new BadRequestException("Cannot add non-global capability " + p.getName() + " to global capabilities");
                }
            }
        }
        // Apply removals
        for (AccessSection section : removals) {
            if (section.getPermissions().isEmpty()) {
                // Remove entire section
                config.remove(config.getAccessSection(section.getName()));
            }
            // Remove specific permissions
            for (Permission p : section.getPermissions()) {
                if (p.getRules().isEmpty()) {
                    config.remove(config.getAccessSection(section.getName()), p);
                } else {
                    for (PermissionRule r : p.getRules()) {
                        config.remove(config.getAccessSection(section.getName()), p, r);
                    }
                }
            }
        }
        // Apply additions
        for (AccessSection section : additions) {
            AccessSection currentAccessSection = config.getAccessSection(section.getName());
            if (currentAccessSection == null) {
                // Add AccessSection
                config.replace(section);
            } else {
                for (Permission p : section.getPermissions()) {
                    Permission currentPermission = currentAccessSection.getPermission(p.getName());
                    if (currentPermission == null) {
                        // Add Permission
                        currentAccessSection.addPermission(p);
                    } else {
                        for (PermissionRule r : p.getRules()) {
                            // AddPermissionRule
                            currentPermission.add(r);
                        }
                    }
                }
            }
        }
        if (newParentProjectName != null && !config.getProject().getNameKey().equals(allProjects) && !config.getProject().getParent(allProjects).equals(newParentProjectName)) {
            try {
                setParent.get().validateParentUpdate(projectControl, MoreObjects.firstNonNull(newParentProjectName, allProjects).get(), true);
            } catch (UnprocessableEntityException e) {
                throw new ResourceConflictException(e.getMessage(), e);
            }
            config.getProject().setParentName(newParentProjectName);
        }
        if (!Strings.isNullOrEmpty(input.message)) {
            if (!input.message.endsWith("\n")) {
                input.message += "\n";
            }
            md.setMessage(input.message);
        } else {
            md.setMessage("Modify access rules\n");
        }
        config.commit(md);
        projectCache.evict(config.getProject());
    } catch (InvalidNameException e) {
        throw new BadRequestException(e.toString());
    } catch (ConfigInvalidException e) {
        throw new ResourceConflictException(rsrc.getName());
    }
    return getAccess.apply(rsrc.getNameKey());
}
Also used : UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException) ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException) PermissionRule(com.google.gerrit.common.data.PermissionRule) AuthException(com.google.gerrit.extensions.restapi.AuthException) AccessSection(com.google.gerrit.common.data.AccessSection) ProjectConfig(com.google.gerrit.server.git.ProjectConfig) Project(com.google.gerrit.reviewdb.client.Project) ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException) InvalidNameException(com.google.gerrit.common.errors.InvalidNameException) GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission) Permission(com.google.gerrit.common.data.Permission) BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)

Example 28 with ProjectConfig

use of com.google.gerrit.server.git.ProjectConfig in project gerrit by GerritCodeReview.

the class AllProjectsCreator method initAllProjects.

private void initAllProjects(Repository git) throws IOException, ConfigInvalidException {
    BatchRefUpdate bru = git.getRefDatabase().newBatchUpdate();
    try (MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, allProjectsName, git, bru)) {
        md.getCommitBuilder().setAuthor(serverUser);
        md.getCommitBuilder().setCommitter(serverUser);
        md.setMessage(MoreObjects.firstNonNull(Strings.emptyToNull(message), "Initialized Gerrit Code Review " + Version.getVersion()));
        ProjectConfig config = ProjectConfig.read(md);
        Project p = config.getProject();
        p.setDescription("Access inherited by all other projects.");
        p.setRequireChangeID(InheritableBoolean.TRUE);
        p.setUseContentMerge(InheritableBoolean.TRUE);
        p.setUseContributorAgreements(InheritableBoolean.FALSE);
        p.setUseSignedOffBy(InheritableBoolean.FALSE);
        p.setEnableSignedPush(InheritableBoolean.FALSE);
        AccessSection cap = config.getAccessSection(AccessSection.GLOBAL_CAPABILITIES, true);
        AccessSection all = config.getAccessSection(AccessSection.ALL, true);
        AccessSection heads = config.getAccessSection(AccessSection.HEADS, true);
        AccessSection tags = config.getAccessSection("refs/tags/*", true);
        AccessSection meta = config.getAccessSection(RefNames.REFS_CONFIG, true);
        AccessSection refsFor = config.getAccessSection("refs/for/*", true);
        AccessSection magic = config.getAccessSection("refs/for/" + AccessSection.ALL, true);
        grant(config, cap, GlobalCapability.ADMINISTRATE_SERVER, admin);
        grant(config, all, Permission.READ, admin, anonymous);
        grant(config, refsFor, Permission.ADD_PATCH_SET, registered);
        if (batch != null) {
            Permission priority = cap.getPermission(GlobalCapability.PRIORITY, true);
            PermissionRule r = rule(config, batch);
            r.setAction(Action.BATCH);
            priority.add(r);
            Permission stream = cap.getPermission(GlobalCapability.STREAM_EVENTS, true);
            stream.add(rule(config, batch));
        }
        LabelType cr = initCodeReviewLabel(config);
        grant(config, heads, cr, -1, 1, registered);
        grant(config, heads, cr, -2, 2, admin, owners);
        grant(config, heads, Permission.CREATE, admin, owners);
        grant(config, heads, Permission.PUSH, admin, owners);
        grant(config, heads, Permission.SUBMIT, admin, owners);
        grant(config, heads, Permission.FORGE_AUTHOR, registered);
        grant(config, heads, Permission.FORGE_COMMITTER, admin, owners);
        grant(config, heads, Permission.EDIT_TOPIC_NAME, true, admin, owners);
        grant(config, tags, Permission.CREATE, admin, owners);
        grant(config, tags, Permission.CREATE_TAG, admin, owners);
        grant(config, tags, Permission.CREATE_SIGNED_TAG, admin, owners);
        grant(config, magic, Permission.PUSH, registered);
        grant(config, magic, Permission.PUSH_MERGE, registered);
        meta.getPermission(Permission.READ, true).setExclusiveGroup(true);
        grant(config, meta, Permission.READ, admin, owners);
        grant(config, meta, cr, -2, 2, admin, owners);
        grant(config, meta, Permission.CREATE, admin, owners);
        grant(config, meta, Permission.PUSH, admin, owners);
        grant(config, meta, Permission.SUBMIT, admin, owners);
        config.commitToNewRef(md, RefNames.REFS_CONFIG);
        initSequences(git, bru);
        execute(git, bru);
    }
}
Also used : ProjectConfig(com.google.gerrit.server.git.ProjectConfig) Project(com.google.gerrit.reviewdb.client.Project) PermissionRule(com.google.gerrit.common.data.PermissionRule) LabelType(com.google.gerrit.common.data.LabelType) Permission(com.google.gerrit.common.data.Permission) BatchRefUpdate(org.eclipse.jgit.lib.BatchRefUpdate) AccessSection(com.google.gerrit.common.data.AccessSection) MetaDataUpdate(com.google.gerrit.server.git.MetaDataUpdate)

Example 29 with ProjectConfig

use of com.google.gerrit.server.git.ProjectConfig in project gerrit by GerritCodeReview.

the class RefControlTest method inheritDuplicateSections.

@Test
public void inheritDuplicateSections() throws Exception {
    allow(parent, READ, ADMIN, "refs/*");
    allow(local, READ, DEVS, "refs/heads/*");
    assertCanAccess(user(local, "a", ADMIN));
    local = new ProjectConfig(localKey);
    local.load(newRepository(localKey));
    local.getProject().setParentName(parentKey);
    allow(local, READ, DEVS, "refs/*");
    assertCanAccess(user(local, "d", DEVS));
}
Also used : ProjectConfig(com.google.gerrit.server.git.ProjectConfig) Test(org.junit.Test)

Example 30 with ProjectConfig

use of com.google.gerrit.server.git.ProjectConfig in project gerrit by GerritCodeReview.

the class AbstractDaemonTest method configureContributorAgreement.

protected ContributorAgreement configureContributorAgreement(boolean autoVerify) throws Exception {
    ContributorAgreement ca;
    if (autoVerify) {
        String g = createGroup("cla-test-group");
        GroupApi groupApi = gApi.groups().id(g);
        groupApi.description("CLA test group");
        AccountGroup caGroup = groupCache.get(new AccountGroup.UUID(groupApi.detail().id));
        GroupReference groupRef = GroupReference.forGroup(caGroup);
        PermissionRule rule = new PermissionRule(groupRef);
        rule.setAction(PermissionRule.Action.ALLOW);
        ca = new ContributorAgreement("cla-test");
        ca.setAutoVerify(groupRef);
        ca.setAccepted(ImmutableList.of(rule));
    } else {
        ca = new ContributorAgreement("cla-test-no-auto-verify");
    }
    ca.setDescription("description");
    ca.setAgreementUrl("agreement-url");
    ProjectConfig cfg = projectCache.checkedGet(allProjects).getConfig();
    cfg.replace(ca);
    saveProjectConfig(allProjects, cfg);
    return ca;
}
Also used : ProjectConfig(com.google.gerrit.server.git.ProjectConfig) GroupApi(com.google.gerrit.extensions.api.groups.GroupApi) AccountGroup(com.google.gerrit.reviewdb.client.AccountGroup) PermissionRule(com.google.gerrit.common.data.PermissionRule) ContributorAgreement(com.google.gerrit.common.data.ContributorAgreement) IdString(com.google.gerrit.extensions.restapi.IdString) GroupReference(com.google.gerrit.common.data.GroupReference)

Aggregations

ProjectConfig (com.google.gerrit.server.git.ProjectConfig)64 MetaDataUpdate (com.google.gerrit.server.git.MetaDataUpdate)23 AccessSection (com.google.gerrit.common.data.AccessSection)15 Project (com.google.gerrit.reviewdb.client.Project)14 ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)14 AccountGroup (com.google.gerrit.reviewdb.client.AccountGroup)12 Permission (com.google.gerrit.common.data.Permission)10 PermissionRule (com.google.gerrit.common.data.PermissionRule)10 IOException (java.io.IOException)10 Repository (org.eclipse.jgit.lib.Repository)9 LabelType (com.google.gerrit.common.data.LabelType)8 Test (org.junit.Test)8 ResourceConflictException (com.google.gerrit.extensions.restapi.ResourceConflictException)7 RepositoryNotFoundException (org.eclipse.jgit.errors.RepositoryNotFoundException)7 Before (org.junit.Before)7 AbstractDaemonTest (com.google.gerrit.acceptance.AbstractDaemonTest)6 GroupReference (com.google.gerrit.common.data.GroupReference)6 OrmException (com.google.gwtorm.server.OrmException)6 ResourceNotFoundException (com.google.gerrit.extensions.restapi.ResourceNotFoundException)5 AuthException (com.google.gerrit.extensions.restapi.AuthException)4