Add a Change Owner group

Add a new system 'CHANGE_OWNER' (the patch set owner) group to allow configuration of this group with gerrit label permissions. To keeps it consistent with how the existing system groups (Project Owner, Admin, etc..) are configured the Change Owner group's logic for existing change context permissions like Abandon, Rebase, View Drafts, etc. is untouched by this patch. In other words an Admin can only apply this groups to a label permission. Bug: issue 1993 Change-Id: Ibb35b8172ce50319cfc2fca3b661fdaf7e245e5d
2013-10-11 18:14:31 +02:00
parent 8ba03ff10b
commit 4245e6f8db
13 changed files with 391 additions and 16 deletions
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/AccountCreator.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/AccountCreator.java
@@ -122,6 +122,16 @@ public class AccountCreator {
      "Administrators");
  }

+  public TestAccount user()
+      throws UnsupportedEncodingException, OrmException, JSchException {
+    return create("user", "user@example.com", "User");
+  }
+
+  public TestAccount user2()
+      throws UnsupportedEncodingException, OrmException, JSchException {
+    return create("user2", "user2@example.com", "User2");
+  }
+
  private AccountExternalId.Key getEmailKey(String email) {
    return new AccountExternalId.Key(AccountExternalId.SCHEME_MAILTO, email);
  }
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/change/ChangeOwnerIT.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/change/ChangeOwnerIT.java
@@ -0,0 +1,167 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.acceptance.rest.change;
+
+import static com.google.gerrit.acceptance.git.GitUtil.cloneProject;
+import static com.google.gerrit.acceptance.git.GitUtil.createProject;
+import static com.google.gerrit.acceptance.git.GitUtil.initSsh;
+import static com.google.gerrit.common.data.Permission.LABEL;
+import static org.junit.Assert.assertEquals;
+
+import com.google.gerrit.acceptance.AbstractDaemonTest;
+import com.google.gerrit.acceptance.AccountCreator;
+import com.google.gerrit.acceptance.RestResponse;
+import com.google.gerrit.acceptance.RestSession;
+import com.google.gerrit.acceptance.SshSession;
+import com.google.gerrit.acceptance.TestAccount;
+import com.google.gerrit.acceptance.git.PushOneCommit;
+import com.google.gerrit.common.data.AccessSection;
+import com.google.gerrit.common.data.Permission;
+import com.google.gerrit.common.data.PermissionRule;
+import com.google.gerrit.extensions.api.changes.ReviewInput;
+import com.google.gerrit.reviewdb.client.AccountGroup;
+import com.google.gerrit.reviewdb.client.Project;
+import com.google.gerrit.reviewdb.server.ReviewDb;
+import com.google.gerrit.server.account.GroupCache;
+import com.google.gerrit.server.git.MetaDataUpdate;
+import com.google.gerrit.server.git.ProjectConfig;
+import com.google.gerrit.server.project.ProjectCache;
+import com.google.gwtorm.server.OrmException;
+import com.google.gwtorm.server.SchemaFactory;
+import com.google.inject.Inject;
+
+import com.jcraft.jsch.JSchException;
+
+import org.apache.http.HttpStatus;
+import org.eclipse.jgit.api.Git;
+import org.eclipse.jgit.api.errors.GitAPIException;
+import org.eclipse.jgit.errors.ConfigInvalidException;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+
+public class ChangeOwnerIT extends AbstractDaemonTest {
+
+  @Inject
+  private AccountCreator accounts;
+
+  @Inject
+  private SchemaFactory<ReviewDb> reviewDbProvider;
+
+  @Inject
+  private MetaDataUpdate.Server metaDataUpdateFactory;
+
+  @Inject
+  private ProjectCache projectCache;
+
+  @Inject
+  private GroupCache groupCache;
+
+  private TestAccount owner;
+  private TestAccount dev;
+
+  private RestSession sessionOwner;
+  private RestSession sessionDev;
+  private Git git;
+  private ReviewDb db;
+  private Project.NameKey project;
+
+  @Before
+  public void setUp() throws Exception {
+    newProject();
+    owner = accounts.user();
+    sessionOwner = new RestSession(server, owner);
+    SshSession sshSession = new SshSession(server, owner);
+    initSsh(owner);
+    // need to initialize intern session
+    createProject(sshSession, "foo");
+    git = cloneProject(sshSession.getUrl() + "/" + project.get());
+    sshSession.close();
+    dev = accounts.user2();
+    sessionDev = new RestSession(server, dev);
+    db = reviewDbProvider.open();
+  }
+
+  @After
+  public void cleanup() {
+    db.close();
+  }
+
+  @Test
+  public void testChangeOwner_OwnerACLNotGranted() throws GitAPIException,
+      IOException, OrmException, ConfigInvalidException {
+    approve(sessionOwner, createChange(), HttpStatus.SC_FORBIDDEN);
+  }
+
+  @Test
+  public void testChangeOwner_OwnerACLGranted() throws GitAPIException,
+      IOException, OrmException, ConfigInvalidException {
+    grantApproveToChangeOwner();
+    approve(sessionOwner, createChange(), HttpStatus.SC_OK);
+  }
+
+  @Test
+  public void testChangeOwner_NotOwnerACLGranted() throws GitAPIException,
+      IOException, OrmException, ConfigInvalidException {
+    grantApproveToChangeOwner();
+    approve(sessionDev, createChange(), HttpStatus.SC_FORBIDDEN);
+  }
+
+  private void approve(RestSession s, String changeId, int expected)
+      throws IOException {
+    RestResponse r =
+        s.post("/changes/" + changeId + "/revisions/current/review",
+            new ReviewInput().label("Code-Review", 2));
+    assertEquals(expected, r.getStatusCode());
+    r.consume();
+  }
+
+  private void grantApproveToChangeOwner() throws IOException,
+      ConfigInvalidException {
+    MetaDataUpdate md = metaDataUpdateFactory.create(project);
+    md.setMessage(String.format("Grant approve to change owner"));
+    ProjectConfig config = ProjectConfig.read(md);
+    AccessSection s = config.getAccessSection("refs/heads/*", true);
+    Permission p = s.getPermission(LABEL + "Code-Review", true);
+    AccountGroup changeOwnerGroup = groupCache
+        .get(new AccountGroup.NameKey("Change Owner"));
+    PermissionRule rule = new PermissionRule(config
+        .resolve(changeOwnerGroup));
+    rule.setMin(-2);
+    rule.setMax(+2);
+    p.add(rule);
+    config.commit(md);
+    projectCache.evict(config.getProject());
+  }
+
+  private String createChange() throws GitAPIException,
+      IOException {
+    PushOneCommit push = new PushOneCommit(db, owner.getIdent());
+    return push.to(git, "refs/for/master").getChangeId();
+  }
+
+  private void newProject() throws UnsupportedEncodingException,
+      OrmException, JSchException, IOException {
+    TestAccount admin = accounts.admin();
+    initSsh(admin);
+    project = new Project.NameKey("p");
+    SshSession sshSession = new SshSession(server, admin);
+    createProject(sshSession, project.get());
+    sshSession.close();
+  }
+}
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/group/SystemGroupsIT.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/group/SystemGroupsIT.java
@@ -69,6 +69,7 @@ public class SystemGroupsIT extends AbstractDaemonTest {
    String result = session.exec("gerrit ls-groups");
    assertTrue(result.contains("Administrators"));
    assertTrue(result.contains("Anonymous Users"));
+    assertTrue(result.contains("Change Owner"));
    assertTrue(result.contains("Non-Interactive Users"));
    assertTrue(result.contains("Project Owners"));
    assertTrue(result.contains("Registered Users"));
@@ -85,6 +86,7 @@ public class SystemGroupsIT extends AbstractDaemonTest {
    Set<String> names = result.keySet();
    assertTrue(names.contains("Administrators"));
    assertTrue(names.contains("Anonymous Users"));
+    assertTrue(names.contains("Change Owner"));
    assertTrue(names.contains("Non-Interactive Users"));
    assertTrue(names.contains("Project Owners"));
    assertTrue(names.contains("Registered Users"));
@@ -100,6 +102,7 @@ public class SystemGroupsIT extends AbstractDaemonTest {
      }
      assertTrue(names.contains("Administrators"));
      assertTrue(names.contains("Anonymous Users"));
+      assertTrue(names.contains("Change Owner"));
      assertTrue(names.contains("Non-Interactive Users"));
      assertTrue(names.contains("Project Owners"));
      assertTrue(names.contains("Registered Users"));