Merge changes I61cf0918,I6ca243eb
* changes: Don't show 'Save for Review' button if refs/meta/config is not visible Check permissions on refs/meta/config on save of ACLs for review
This commit is contained in:
David Pursehouse
Gerrit Code Review
commit
264f090785
@ -19,7 +19,6 @@ import com.google.gerrit.common.data.AccessSection;
|
|||||||
import com.google.gerrit.common.data.ProjectAccess;
|
import com.google.gerrit.common.data.ProjectAccess;
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.reviewdb.client.RefNames;
|
import com.google.gerrit.reviewdb.client.RefNames;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.account.GroupBackend;
|
import com.google.gerrit.server.account.GroupBackend;
|
||||||
import com.google.gerrit.server.config.AllProjectsName;
|
import com.google.gerrit.server.config.AllProjectsName;
|
||||||
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
|
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
|
||||||
@ -76,13 +75,14 @@ class ChangeProjectAccess extends ProjectAccessHandler<ProjectAccess> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected ProjectAccess updateProjectConfig(CurrentUser user,
|
protected ProjectAccess updateProjectConfig(ProjectControl projectControl,
|
||||||
ProjectConfig config, MetaDataUpdate md, boolean parentProjectUpdate)
|
ProjectConfig config, MetaDataUpdate md, boolean parentProjectUpdate)
|
||||||
throws IOException, NoSuchProjectException, ConfigInvalidException {
|
throws IOException, NoSuchProjectException, ConfigInvalidException {
|
||||||
RevCommit commit = config.commit(md);
|
RevCommit commit = config.commit(md);
|
||||||
|
|
||||||
gitRefUpdated.fire(config.getProject().getNameKey(), RefNames.REFS_CONFIG,
|
gitRefUpdated.fire(config.getProject().getNameKey(), RefNames.REFS_CONFIG,
|
||||||
base, commit.getId(), user.asIdentifiedUser().getAccount());
|
base, commit.getId(),
|
||||||
|
projectControl.getUser().asIdentifiedUser().getAccount());
|
||||||
|
|
||||||
projectCache.evict(config.getProject());
|
projectCache.evict(config.getProject());
|
||||||
return projectAccessFactory.create(projectName).call();
|
return projectAccessFactory.create(projectName).call();
|
||||||
|
|||||||
@ -206,8 +206,8 @@ class ProjectAccessFactory extends Handler<ProjectAccess> {
|
|||||||
|
|
||||||
detail.setLocal(local);
|
detail.setLocal(local);
|
||||||
detail.setOwnerOf(ownerOf);
|
detail.setOwnerOf(ownerOf);
|
||||||
detail.setCanUpload(pc.isOwner()
|
detail.setCanUpload(metaConfigControl.isVisible()
|
||||||
|| (metaConfigControl.isVisible() && metaConfigControl.canUpload()));
|
&& (pc.isOwner() || metaConfigControl.canUpload()));
|
||||||
detail.setConfigVisible(pc.isOwner() || metaConfigControl.isVisible());
|
detail.setConfigVisible(pc.isOwner() || metaConfigControl.isVisible());
|
||||||
detail.setGroupInfo(buildGroupInfo(local));
|
detail.setGroupInfo(buildGroupInfo(local));
|
||||||
detail.setLabelTypes(pc.getLabelTypes());
|
detail.setLabelTypes(pc.getLabelTypes());
|
||||||
|
|||||||
@ -31,7 +31,6 @@ import com.google.gerrit.extensions.restapi.ResourceConflictException;
|
|||||||
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
|
import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
|
||||||
import com.google.gerrit.httpd.rpc.Handler;
|
import com.google.gerrit.httpd.rpc.Handler;
|
||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.account.GroupBackend;
|
import com.google.gerrit.server.account.GroupBackend;
|
||||||
import com.google.gerrit.server.account.GroupBackends;
|
import com.google.gerrit.server.account.GroupBackends;
|
||||||
import com.google.gerrit.server.config.AllProjectsName;
|
import com.google.gerrit.server.config.AllProjectsName;
|
||||||
@ -163,17 +162,17 @@ public abstract class ProjectAccessHandler<T> extends Handler<T> {
|
|||||||
md.setMessage("Modify access rules\n");
|
md.setMessage("Modify access rules\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
return updateProjectConfig(projectControl.getUser(), config, md,
|
return updateProjectConfig(projectControl, config, md,
|
||||||
parentProjectUpdate);
|
parentProjectUpdate);
|
||||||
} catch (RepositoryNotFoundException notFound) {
|
} catch (RepositoryNotFoundException notFound) {
|
||||||
throw new NoSuchProjectException(projectName);
|
throw new NoSuchProjectException(projectName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected abstract T updateProjectConfig(CurrentUser user,
|
protected abstract T updateProjectConfig(ProjectControl projectControl,
|
||||||
ProjectConfig config, MetaDataUpdate md, boolean parentProjectUpdate)
|
ProjectConfig config, MetaDataUpdate md, boolean parentProjectUpdate)
|
||||||
throws IOException, NoSuchProjectException, ConfigInvalidException,
|
throws IOException, NoSuchProjectException, ConfigInvalidException,
|
||||||
OrmException;
|
OrmException, PermissionDeniedException;
|
||||||
|
|
||||||
private void replace(ProjectConfig config, Set<String> toDelete,
|
private void replace(ProjectConfig config, Set<String> toDelete,
|
||||||
AccessSection section) throws NoSuchGroupException {
|
AccessSection section) throws NoSuchGroupException {
|
||||||
|
|||||||
@ -19,6 +19,7 @@ import com.google.gerrit.common.TimeUtil;
|
|||||||
import com.google.gerrit.common.data.AccessSection;
|
import com.google.gerrit.common.data.AccessSection;
|
||||||
import com.google.gerrit.common.data.GlobalCapability;
|
import com.google.gerrit.common.data.GlobalCapability;
|
||||||
import com.google.gerrit.common.data.PermissionRule;
|
import com.google.gerrit.common.data.PermissionRule;
|
||||||
|
import com.google.gerrit.common.errors.PermissionDeniedException;
|
||||||
import com.google.gerrit.extensions.api.changes.AddReviewerInput;
|
import com.google.gerrit.extensions.api.changes.AddReviewerInput;
|
||||||
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
|
||||||
import com.google.gerrit.extensions.restapi.RestApiException;
|
import com.google.gerrit.extensions.restapi.RestApiException;
|
||||||
@ -27,7 +28,6 @@ import com.google.gerrit.reviewdb.client.PatchSet;
|
|||||||
import com.google.gerrit.reviewdb.client.Project;
|
import com.google.gerrit.reviewdb.client.Project;
|
||||||
import com.google.gerrit.reviewdb.client.RefNames;
|
import com.google.gerrit.reviewdb.client.RefNames;
|
||||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||||
import com.google.gerrit.server.CurrentUser;
|
|
||||||
import com.google.gerrit.server.Sequences;
|
import com.google.gerrit.server.Sequences;
|
||||||
import com.google.gerrit.server.account.GroupBackend;
|
import com.google.gerrit.server.account.GroupBackend;
|
||||||
import com.google.gerrit.server.change.ChangeInserter;
|
import com.google.gerrit.server.change.ChangeInserter;
|
||||||
@ -43,6 +43,7 @@ import com.google.gerrit.server.git.validators.CommitValidators;
|
|||||||
import com.google.gerrit.server.group.SystemGroupBackend;
|
import com.google.gerrit.server.group.SystemGroupBackend;
|
||||||
import com.google.gerrit.server.project.ProjectCache;
|
import com.google.gerrit.server.project.ProjectCache;
|
||||||
import com.google.gerrit.server.project.ProjectControl;
|
import com.google.gerrit.server.project.ProjectControl;
|
||||||
|
import com.google.gerrit.server.project.RefControl;
|
||||||
import com.google.gerrit.server.project.SetParent;
|
import com.google.gerrit.server.project.SetParent;
|
||||||
import com.google.gwtorm.server.OrmException;
|
import com.google.gwtorm.server.OrmException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
@ -106,9 +107,20 @@ public class ReviewProjectAccess extends ProjectAccessHandler<Change.Id> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Change.Id updateProjectConfig(CurrentUser user,
|
protected Change.Id updateProjectConfig(ProjectControl projectControl,
|
||||||
ProjectConfig config, MetaDataUpdate md, boolean parentProjectUpdate)
|
ProjectConfig config, MetaDataUpdate md, boolean parentProjectUpdate)
|
||||||
throws IOException, OrmException {
|
throws IOException, OrmException, PermissionDeniedException {
|
||||||
|
RefControl refsMetaConfigControl =
|
||||||
|
projectControl.controlForRef(RefNames.REFS_CONFIG);
|
||||||
|
if (!refsMetaConfigControl.isVisible()) {
|
||||||
|
throw new PermissionDeniedException(
|
||||||
|
RefNames.REFS_CONFIG + " not visible");
|
||||||
|
}
|
||||||
|
if (!projectControl.isOwner() && !refsMetaConfigControl.canUpload()) {
|
||||||
|
throw new PermissionDeniedException(
|
||||||
|
"cannot upload to " + RefNames.REFS_CONFIG);
|
||||||
|
}
|
||||||
|
|
||||||
md.setInsertChangeId(true);
|
md.setInsertChangeId(true);
|
||||||
Change.Id changeId = new Change.Id(seq.nextChangeId());
|
Change.Id changeId = new Change.Id(seq.nextChangeId());
|
||||||
RevCommit commit =
|
RevCommit commit =
|
||||||
@ -120,9 +132,9 @@ public class ReviewProjectAccess extends ProjectAccessHandler<Change.Id> {
|
|||||||
|
|
||||||
try (RevWalk rw = new RevWalk(md.getRepository());
|
try (RevWalk rw = new RevWalk(md.getRepository());
|
||||||
ObjectInserter objInserter = md.getRepository().newObjectInserter();
|
ObjectInserter objInserter = md.getRepository().newObjectInserter();
|
||||||
BatchUpdate bu = updateFactory.create(
|
BatchUpdate bu =
|
||||||
db, config.getProject().getNameKey(), user,
|
updateFactory.create(db, config.getProject().getNameKey(),
|
||||||
TimeUtil.nowTs())) {
|
projectControl.getUser(), TimeUtil.nowTs())) {
|
||||||
bu.setRepository(md.getRepository(), rw, objInserter);
|
bu.setRepository(md.getRepository(), rw, objInserter);
|
||||||
bu.insertChange(
|
bu.insertChange(
|
||||||
changeInserterFactory.create(changeId, commit, RefNames.REFS_CONFIG)
|
changeInserterFactory.create(changeId, commit, RefNames.REFS_CONFIG)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user