Revert "Prevent mutation of permissions on refs/groups through pushes"

As discussed in change Id18851f503 group owners are no longer defined by permissions on refs/groups and hence we don't need to prevent modifications to permissions on this namespace. This reverts commit 22f6c58aa0. Change-Id: I2e7d4450c9db14e789e8e9a0d795ae8a66ee83b6 Signed-off-by: Edwin Kempin <ekempin@google.com>
2017-11-13 11:38:59 +01:00
parent 0a9b72de6a
commit 36f971b004
6 changed files with 9 additions and 136 deletions
--- a/java/com/google/gerrit/server/git/validators/CommitValidators.java
+++ b/java/com/google/gerrit/server/git/validators/CommitValidators.java
@@ -21,11 +21,9 @@ import static java.util.stream.Collectors.toList;

 import com.google.common.base.CharMatcher;
 import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Sets;
 import com.google.gerrit.common.FooterConstants;
 import com.google.gerrit.common.Nullable;
 import com.google.gerrit.common.PageLinks;
-import com.google.gerrit.common.data.AccessSection;
 import com.google.gerrit.extensions.api.config.ConsistencyCheckInfo.ConsistencyProblemInfo;
 import com.google.gerrit.extensions.registration.DynamicSet;
 import com.google.gerrit.extensions.restapi.AuthException;
@@ -60,9 +58,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.HashSet;
 import java.util.List;
-import java.util.Set;
 import java.util.regex.Pattern;
 import org.eclipse.jgit.errors.ConfigInvalidException;
 import org.eclipse.jgit.lib.Config;
@@ -137,7 +133,7 @@ public class CommitValidators {
              new SignedOffByValidator(user, perm, projectState),
              new ChangeIdValidator(
                  projectState, user, canonicalWebUrl, installCommitMsgHookCommand, sshInfo),
-              new ConfigValidator(branch, user, rw, allUsers, allProjects, projectState),
+              new ConfigValidator(branch, user, rw, allUsers, allProjects),
              new BannedCommitsValidator(rejectCommits),
              new PluginCommitValidationListener(pluginValidators),
              new ExternalIdUpdateListener(allUsers, externalIdsConsistencyChecker),
@@ -150,8 +146,7 @@ public class CommitValidators {
        Branch.NameKey branch,
        IdentifiedUser user,
        SshInfo sshInfo,
-        RevWalk rw,
-        ProjectState projectState)
+        RevWalk rw)
        throws IOException {
      return new CommitValidators(
          ImmutableList.of(
@@ -165,7 +160,7 @@ public class CommitValidators {
                  canonicalWebUrl,
                  installCommitMsgHookCommand,
                  sshInfo),
-              new ConfigValidator(branch, user, rw, allUsers, allProjects, projectState),
+              new ConfigValidator(branch, user, rw, allUsers, allProjects),
              new PluginCommitValidationListener(pluginValidators),
              new ExternalIdUpdateListener(allUsers, externalIdsConsistencyChecker),
              new AccountCommitValidator(allUsers, accountValidator),
@@ -371,21 +366,18 @@ public class CommitValidators {
    private final RevWalk rw;
    private final AllUsersName allUsers;
    private final AllProjectsName allProjects;
-    private final ProjectState projectState;

    public ConfigValidator(
        Branch.NameKey branch,
        IdentifiedUser user,
        RevWalk rw,
        AllUsersName allUsers,
-        AllProjectsName allProjects,
-        ProjectState projectState) {
+        AllProjectsName allProjects) {
      this.branch = branch;
      this.user = user;
      this.rw = rw;
-      this.allUsers = allUsers;
      this.allProjects = allProjects;
-      this.projectState = projectState;
+      this.allUsers = allUsers;
    }

    @Override
@@ -404,29 +396,6 @@ public class CommitValidators {
            }
            throw new ConfigInvalidException("invalid project configuration");
          }
-          if (allUsers.equals(receiveEvent.project.getNameKey())
-              || allProjects.equals(receiveEvent.project.getNameKey())) {
-            // Check if the new config modifies any access sections for refs/groups/. These are
-            // managed by Gerrit and modifications are not allowed.
-            Set<AccessSection> diff =
-                Sets.symmetricDifference(
-                    new HashSet<>(projectState.getConfig().getAccessSections()),
-                    new HashSet<>(cfg.getAccessSections()));
-            boolean modifiesGroupsAccessSection =
-                diff.stream()
-                    .filter(as -> as.getName().startsWith(RefNames.REFS_GROUPS))
-                    .findAny()
-                    .isPresent();
-            if (modifiesGroupsAccessSection) {
-              addError("Invalid project configuration:", messages);
-              addError(
-                  String.format(
-                      "  permissions on %s are managed by gerrit and cannot be modified",
-                      RefNames.REFS_GROUPS),
-                  messages);
-              throw new ConfigInvalidException("invalid project configuration");
-            }
-          }
          if (allUsers.equals(receiveEvent.project.getNameKey())
              && !allProjects.equals(cfg.getProject().getParent(allProjects))) {
            addError("Invalid project configuration:", messages);