Search in sources :

Example 46 with MetaDataUpdate

use of com.google.gerrit.server.git.meta.MetaDataUpdate in project gerrit by GerritCodeReview.

the class PostLabels method apply.

@Override
public Response<?> apply(ProjectResource rsrc, BatchLabelInput input) throws AuthException, UnprocessableEntityException, PermissionBackendException, IOException, ConfigInvalidException, BadRequestException, ResourceConflictException {
    if (!user.get().isIdentifiedUser()) {
        throw new AuthException("Authentication required");
    }
    permissionBackend.currentUser().project(rsrc.getNameKey()).check(ProjectPermission.WRITE_CONFIG);
    if (input == null) {
        input = new BatchLabelInput();
    }
    try (MetaDataUpdate md = updateFactory.create(rsrc.getNameKey())) {
        boolean dirty = false;
        ProjectConfig config = projectConfigFactory.read(md);
        if (input.delete != null && !input.delete.isEmpty()) {
            for (String labelName : input.delete) {
                if (!deleteLabel.deleteLabel(config, labelName.trim())) {
                    throw new UnprocessableEntityException(String.format("label %s not found", labelName));
                }
            }
            dirty = true;
        }
        if (input.create != null && !input.create.isEmpty()) {
            for (LabelDefinitionInput labelInput : input.create) {
                if (labelInput.name == null || labelInput.name.trim().isEmpty()) {
                    throw new BadRequestException("label name is required for new label");
                }
                if (labelInput.commitMessage != null) {
                    throw new BadRequestException("commit message on label definition input not supported");
                }
                createLabel.createLabel(config, labelInput.name.trim(), labelInput);
            }
            dirty = true;
        }
        if (input.update != null && !input.update.isEmpty()) {
            for (Map.Entry<String, LabelDefinitionInput> e : input.update.entrySet()) {
                LabelType labelType = config.getLabelSections().get(e.getKey().trim());
                if (labelType == null) {
                    throw new UnprocessableEntityException(String.format("label %s not found", e.getKey()));
                }
                if (e.getValue().commitMessage != null) {
                    throw new BadRequestException("commit message on label definition input not supported");
                }
                setLabel.updateLabel(config, labelType, e.getValue());
            }
            dirty = true;
        }
        if (input.commitMessage != null) {
            md.setMessage(Strings.emptyToNull(input.commitMessage.trim()));
        } else {
            md.setMessage("Update labels");
        }
        if (dirty) {
            config.commit(md);
            projectCache.evictAndReindex(rsrc.getProjectState().getProject());
        }
    }
    return Response.ok("");
}
Also used : ProjectConfig(com.google.gerrit.server.project.ProjectConfig) UnprocessableEntityException(com.google.gerrit.extensions.restapi.UnprocessableEntityException) LabelType(com.google.gerrit.entities.LabelType) AuthException(com.google.gerrit.extensions.restapi.AuthException) BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException) BatchLabelInput(com.google.gerrit.extensions.common.BatchLabelInput) LabelDefinitionInput(com.google.gerrit.extensions.common.LabelDefinitionInput) Map(java.util.Map) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate)

Example 47 with MetaDataUpdate

use of com.google.gerrit.server.git.meta.MetaDataUpdate in project gerrit by GerritCodeReview.

the class GetAccess method apply.

@Override
public Response<ProjectAccessInfo> apply(ProjectResource rsrc) throws ResourceNotFoundException, ResourceConflictException, IOException, PermissionBackendException {
    // Load the current configuration from the repository, ensuring it's the most
    // recent version available. If it differs from what was in the project
    // state, force a cache flush now.
    Project.NameKey projectName = rsrc.getNameKey();
    ProjectAccessInfo info = new ProjectAccessInfo();
    ProjectState projectState = projectCache.get(projectName).orElseThrow(illegalState(projectName));
    PermissionBackend.ForProject perm = permissionBackend.currentUser().project(projectName);
    ProjectConfig config;
    try (MetaDataUpdate md = metaDataUpdateFactory.get().create(projectName)) {
        config = projectConfigFactory.read(md);
        info.configWebLinks = new ArrayList<>();
        // config may have a null revision if the repo doesn't have its own refs/meta/config.
        if (config.getRevision() != null) {
            info.configWebLinks.addAll(webLinks.getFileHistoryLinks(projectName.get(), config.getRevision().getName(), ProjectConfig.PROJECT_CONFIG));
        }
        if (config.updateGroupNames(groupBackend)) {
            md.setMessage("Update group names\n");
            config.commit(md);
            projectCache.evictAndReindex(config.getProject());
            projectState = projectCache.get(projectName).orElseThrow(illegalState(projectName));
            perm = permissionBackend.currentUser().project(projectName);
        } else if (config.getRevision() != null && !config.getRevision().equals(projectState.getConfig().getRevision().orElse(null))) {
            projectCache.evictAndReindex(config.getProject());
            projectState = projectCache.get(projectName).orElseThrow(illegalState(projectName));
            perm = permissionBackend.currentUser().project(projectName);
        }
    } catch (ConfigInvalidException e) {
        throw new ResourceConflictException(e.getMessage());
    } catch (RepositoryNotFoundException e) {
        throw new ResourceNotFoundException(rsrc.getName(), e);
    }
    // The following implementation must match the ProjectAccessFactory JSON RPC endpoint.
    info.local = new HashMap<>();
    info.ownerOf = new HashSet<>();
    Map<AccountGroup.UUID, GroupInfo> groups = new HashMap<>();
    boolean canReadConfig = check(perm, RefNames.REFS_CONFIG, READ);
    boolean canWriteConfig = check(perm, ProjectPermission.WRITE_CONFIG);
    // config to set the project state to any state that is not HIDDEN.
    if (!canWriteConfig) {
        projectState.checkStatePermitsRead();
    }
    for (AccessSection section : config.getAccessSections()) {
        String name = section.getName();
        if (AccessSection.GLOBAL_CAPABILITIES.equals(name)) {
            if (canWriteConfig) {
                info.local.put(name, createAccessSection(groups, section));
                info.ownerOf.add(name);
            } else if (canReadConfig) {
                info.local.put(section.getName(), createAccessSection(groups, section));
            }
        } else if (AccessSection.isValidRefSectionName(name)) {
            if (check(perm, name, WRITE_CONFIG)) {
                info.local.put(name, createAccessSection(groups, section));
                info.ownerOf.add(name);
            } else if (canReadConfig) {
                info.local.put(name, createAccessSection(groups, section));
            } else if (check(perm, name, READ)) {
                // Filter the section to only add rules describing groups that
                // are visible to the current-user. This includes any group the
                // user is a member of, as well as groups they own or that
                // are visible to all users.
                AccessSection.Builder dst = null;
                for (Permission srcPerm : section.getPermissions()) {
                    Permission.Builder dstPerm = null;
                    for (PermissionRule srcRule : srcPerm.getRules()) {
                        AccountGroup.UUID groupId = srcRule.getGroup().getUUID();
                        if (groupId == null) {
                            continue;
                        }
                        loadGroup(groups, groupId);
                        if (dstPerm == null) {
                            if (dst == null) {
                                dst = AccessSection.builder(name);
                                info.local.put(name, createAccessSection(groups, dst.build()));
                            }
                            dstPerm = dst.upsertPermission(srcPerm.getName());
                        }
                        dstPerm.add(srcRule.toBuilder());
                    }
                }
            }
        }
    }
    if (info.ownerOf.isEmpty()) {
        try {
            permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
            // Special case: If the section list is empty, this project has no current
            // access control information. Fall back to site administrators.
            info.ownerOf.add(AccessSection.ALL);
        } catch (AuthException e) {
        // Do nothing.
        }
    }
    if (config.getRevision() != null) {
        info.revision = config.getRevision().name();
    }
    ProjectState parent = Iterables.getFirst(projectState.parents(), null);
    if (parent != null) {
        info.inheritsFrom = projectJson.format(parent.getProject());
    }
    if (projectName.equals(allProjectsName) && permissionBackend.currentUser().testOrFalse(ADMINISTRATE_SERVER)) {
        info.ownerOf.add(AccessSection.GLOBAL_CAPABILITIES);
    }
    info.isOwner = toBoolean(canWriteConfig);
    info.canUpload = toBoolean(projectState.statePermitsWrite() && (canWriteConfig || (canReadConfig && perm.ref(RefNames.REFS_CONFIG).testOrFalse(CREATE_CHANGE))));
    info.canAdd = toBoolean(perm.testOrFalse(CREATE_REF));
    info.canAddTags = toBoolean(perm.testOrFalse(CREATE_TAG_REF));
    info.configVisible = canReadConfig || canWriteConfig;
    info.groups = groups.entrySet().stream().filter(e -> e.getValue() != null).collect(toMap(e -> e.getKey().get(), Map.Entry::getValue));
    return Response.ok(info);
}
Also used : ConfigInvalidException(org.eclipse.jgit.errors.ConfigInvalidException) PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend) HashMap(java.util.HashMap) PermissionRule(com.google.gerrit.entities.PermissionRule) ProjectAccessInfo(com.google.gerrit.extensions.api.access.ProjectAccessInfo) AuthException(com.google.gerrit.extensions.restapi.AuthException) RefPermission(com.google.gerrit.server.permissions.RefPermission) GlobalPermission(com.google.gerrit.server.permissions.GlobalPermission) ProjectPermission(com.google.gerrit.server.permissions.ProjectPermission) Permission(com.google.gerrit.entities.Permission) ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException) GroupInfo(com.google.gerrit.extensions.common.GroupInfo) RepositoryNotFoundException(org.eclipse.jgit.errors.RepositoryNotFoundException) AccessSection(com.google.gerrit.entities.AccessSection) ProjectConfig(com.google.gerrit.server.project.ProjectConfig) Project(com.google.gerrit.entities.Project) ResourceConflictException(com.google.gerrit.extensions.restapi.ResourceConflictException) ProjectState(com.google.gerrit.server.project.ProjectState) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate)

Example 48 with MetaDataUpdate

use of com.google.gerrit.server.git.meta.MetaDataUpdate in project gerrit by GerritCodeReview.

the class DeleteLabel method apply.

@Override
public Response<?> apply(LabelResource rsrc, InputWithCommitMessage input) throws AuthException, ResourceNotFoundException, PermissionBackendException, IOException, ConfigInvalidException {
    if (!user.get().isIdentifiedUser()) {
        throw new AuthException("Authentication required");
    }
    permissionBackend.currentUser().project(rsrc.getProject().getNameKey()).check(ProjectPermission.WRITE_CONFIG);
    if (input == null) {
        input = new InputWithCommitMessage();
    }
    try (MetaDataUpdate md = updateFactory.create(rsrc.getProject().getNameKey())) {
        ProjectConfig config = projectConfigFactory.read(md);
        if (!deleteLabel(config, rsrc.getLabelType().getName())) {
            throw new ResourceNotFoundException(IdString.fromDecoded(rsrc.getLabelType().getName()));
        }
        if (input.commitMessage != null) {
            md.setMessage(Strings.emptyToNull(input.commitMessage.trim()));
        } else {
            md.setMessage("Delete label");
        }
        config.commit(md);
    }
    projectCache.evictAndReindex(rsrc.getProject().getProjectState().getProject());
    return Response.none();
}
Also used : ProjectConfig(com.google.gerrit.server.project.ProjectConfig) AuthException(com.google.gerrit.extensions.restapi.AuthException) InputWithCommitMessage(com.google.gerrit.extensions.common.InputWithCommitMessage) ResourceNotFoundException(com.google.gerrit.extensions.restapi.ResourceNotFoundException) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate)

Example 49 with MetaDataUpdate

use of com.google.gerrit.server.git.meta.MetaDataUpdate in project gerrit by GerritCodeReview.

the class CreateAccessChange method apply.

@Override
public Response<ChangeInfo> apply(ProjectResource rsrc, ProjectAccessInput input) throws PermissionBackendException, AuthException, IOException, ConfigInvalidException, InvalidNameException, UpdateException, RestApiException {
    PermissionBackend.ForProject forProject = permissionBackend.user(rsrc.getUser()).project(rsrc.getNameKey());
    if (!check(forProject, ProjectPermission.READ_CONFIG)) {
        throw new AuthException(RefNames.REFS_CONFIG + " not visible");
    }
    if (!check(forProject, ProjectPermission.WRITE_CONFIG)) {
        try {
            forProject.ref(RefNames.REFS_CONFIG).check(RefPermission.CREATE_CHANGE);
        } catch (AuthException denied) {
            throw new AuthException("cannot create change for " + RefNames.REFS_CONFIG, denied);
        }
    }
    projectCache.get(rsrc.getNameKey()).orElseThrow(illegalState(rsrc.getNameKey())).checkStatePermitsWrite();
    MetaDataUpdate.User metaDataUpdateUser = metaDataUpdateFactory.get();
    ImmutableList<AccessSection> removals = setAccess.getAccessSections(input.remove);
    ImmutableList<AccessSection> additions = setAccess.getAccessSections(input.add);
    Project.NameKey newParentProjectName = input.parent == null ? null : Project.nameKey(input.parent);
    try (MetaDataUpdate md = metaDataUpdateUser.create(rsrc.getNameKey())) {
        ProjectConfig config = projectConfigFactory.read(md);
        ObjectId oldCommit = config.getRevision();
        String oldCommitSha1 = oldCommit == null ? null : oldCommit.getName();
        setAccess.validateChanges(config, removals, additions);
        setAccess.applyChanges(config, removals, additions);
        try {
            setAccess.setParentName(rsrc.getUser().asIdentifiedUser(), config, rsrc.getNameKey(), newParentProjectName, false);
        } catch (AuthException e) {
            throw new IllegalStateException(e);
        }
        md.setMessage("Review access change");
        md.setInsertChangeId(true);
        Change.Id changeId = Change.id(seq.nextChangeId());
        RevCommit commit = config.commitToNewRef(md, PatchSet.id(changeId, Change.INITIAL_PATCH_SET_ID).toRefName());
        if (commit.name().equals(oldCommitSha1)) {
            throw new BadRequestException("no change");
        }
        try (ObjectInserter objInserter = md.getRepository().newObjectInserter();
            ObjectReader objReader = objInserter.newReader();
            RevWalk rw = new RevWalk(objReader);
            BatchUpdate bu = updateFactory.create(rsrc.getNameKey(), rsrc.getUser(), TimeUtil.now())) {
            bu.setRepository(md.getRepository(), rw, objInserter);
            ChangeInserter ins = newInserter(changeId, commit);
            bu.insertChange(ins);
            bu.execute();
            return Response.created(jsonFactory.noOptions().format(ins.getChange()));
        }
    } catch (InvalidNameException e) {
        throw new BadRequestException(e.toString());
    }
}
Also used : PermissionBackend(com.google.gerrit.server.permissions.PermissionBackend) ObjectId(org.eclipse.jgit.lib.ObjectId) AuthException(com.google.gerrit.extensions.restapi.AuthException) Change(com.google.gerrit.entities.Change) RevWalk(org.eclipse.jgit.revwalk.RevWalk) AccessSection(com.google.gerrit.entities.AccessSection) BatchUpdate(com.google.gerrit.server.update.BatchUpdate) ProjectConfig(com.google.gerrit.server.project.ProjectConfig) Project(com.google.gerrit.entities.Project) ObjectInserter(org.eclipse.jgit.lib.ObjectInserter) InvalidNameException(com.google.gerrit.exceptions.InvalidNameException) BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException) ObjectReader(org.eclipse.jgit.lib.ObjectReader) ChangeInserter(com.google.gerrit.server.change.ChangeInserter) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate) RevCommit(org.eclipse.jgit.revwalk.RevCommit)

Example 50 with MetaDataUpdate

use of com.google.gerrit.server.git.meta.MetaDataUpdate in project gerrit by GerritCodeReview.

the class CreateLabel method apply.

@Override
public Response<LabelDefinitionInfo> apply(ProjectResource rsrc, IdString id, LabelDefinitionInput input) throws AuthException, BadRequestException, ResourceConflictException, PermissionBackendException, IOException, ConfigInvalidException {
    if (!user.get().isIdentifiedUser()) {
        throw new AuthException("Authentication required");
    }
    permissionBackend.currentUser().project(rsrc.getNameKey()).check(ProjectPermission.WRITE_CONFIG);
    if (input == null) {
        input = new LabelDefinitionInput();
    }
    if (input.name != null && !input.name.equals(id.get())) {
        throw new BadRequestException("name in input must match name in URL");
    }
    try (MetaDataUpdate md = updateFactory.create(rsrc.getNameKey())) {
        ProjectConfig config = projectConfigFactory.read(md);
        LabelType labelType = createLabel(config, id.get(), input);
        if (input.commitMessage != null) {
            md.setMessage(Strings.emptyToNull(input.commitMessage.trim()));
        } else {
            md.setMessage("Update label");
        }
        config.commit(md);
        projectCache.evictAndReindex(rsrc.getProjectState().getProject());
        return Response.created(LabelDefinitionJson.format(rsrc.getNameKey(), labelType));
    }
}
Also used : ProjectConfig(com.google.gerrit.server.project.ProjectConfig) LabelType(com.google.gerrit.entities.LabelType) AuthException(com.google.gerrit.extensions.restapi.AuthException) BadRequestException(com.google.gerrit.extensions.restapi.BadRequestException) LabelDefinitionInput(com.google.gerrit.extensions.common.LabelDefinitionInput) MetaDataUpdate(com.google.gerrit.server.git.meta.MetaDataUpdate)

Aggregations

MetaDataUpdate (com.google.gerrit.server.git.meta.MetaDataUpdate)84 Test (org.junit.Test)39 Repository (org.eclipse.jgit.lib.Repository)36 ExternalIdNotes (com.google.gerrit.server.account.externalids.ExternalIdNotes)28 ProjectConfig (com.google.gerrit.server.project.ProjectConfig)26 AbstractDaemonTest (com.google.gerrit.acceptance.AbstractDaemonTest)22 TestRepository (org.eclipse.jgit.junit.TestRepository)17 GerritConfig (com.google.gerrit.acceptance.config.GerritConfig)15 InMemoryRepository (org.eclipse.jgit.internal.storage.dfs.InMemoryRepository)15 ConfigInvalidException (org.eclipse.jgit.errors.ConfigInvalidException)14 Account (com.google.gerrit.entities.Account)13 ExternalId (com.google.gerrit.server.account.externalids.ExternalId)12 PersonIdent (org.eclipse.jgit.lib.PersonIdent)11 RepositoryNotFoundException (org.eclipse.jgit.errors.RepositoryNotFoundException)7 Project (com.google.gerrit.entities.Project)6 LightweightPluginDaemonTest (com.google.gerrit.acceptance.LightweightPluginDaemonTest)5 TestAccount (com.google.gerrit.acceptance.TestAccount)5 AccessSection (com.google.gerrit.entities.AccessSection)5 GroupReference (com.google.gerrit.entities.GroupReference)5 LabelType (com.google.gerrit.entities.LabelType)5