Merge "Merge branch 'stable-2.15' into stable-2.16" into stable-2.16
This commit is contained in:
commit
5937845746
@ -3093,6 +3093,19 @@ Directory and link:https://www.freeipa.org[FreeIPA].
|
||||
groupMemberPattern = (&(objectClass=group)(member=${dn}))
|
||||
----
|
||||
|
||||
[[ldap.guessRelevantGroups]]ldap.guessRelevantGroups::
|
||||
+
|
||||
Filter the groups found in LDAP by guessing the ones relevant to
|
||||
Gerrit and removing the others from list completions and ACL evaluations.
|
||||
The guess is based on two elements: the projects most recently
|
||||
accessed in the cache and the list of LDAP groups included in their ACLs.
|
||||
+
|
||||
Please note that projects rarely used and thus not cached may be
|
||||
temporarily inaccessible by users even with LDAP membership and grants
|
||||
referenced in the ACLs.
|
||||
+
|
||||
By default, true.
|
||||
|
||||
[[ldap.server]]ldap.server::
|
||||
+
|
||||
URL of the organization's LDAP server to query for user information
|
||||
|
@ -34,6 +34,7 @@ import com.google.gerrit.server.account.GroupBackend;
|
||||
import com.google.gerrit.server.account.GroupMembership;
|
||||
import com.google.gerrit.server.account.externalids.ExternalId;
|
||||
import com.google.gerrit.server.auth.ldap.Helper.LdapSchema;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.gerrit.server.project.ProjectState;
|
||||
import com.google.inject.Inject;
|
||||
@ -52,6 +53,7 @@ import javax.naming.directory.DirContext;
|
||||
import javax.naming.ldap.LdapName;
|
||||
import javax.naming.ldap.Rdn;
|
||||
import javax.security.auth.login.LoginException;
|
||||
import org.eclipse.jgit.lib.Config;
|
||||
|
||||
/** Implementation of GroupBackend for the LDAP group system. */
|
||||
public class LdapGroupBackend implements GroupBackend {
|
||||
@ -65,6 +67,7 @@ public class LdapGroupBackend implements GroupBackend {
|
||||
private final LoadingCache<String, Boolean> existsCache;
|
||||
private final ProjectCache projectCache;
|
||||
private final Provider<CurrentUser> userProvider;
|
||||
private final Config gerritConfig;
|
||||
|
||||
@Inject
|
||||
LdapGroupBackend(
|
||||
@ -72,12 +75,14 @@ public class LdapGroupBackend implements GroupBackend {
|
||||
@Named(GROUP_CACHE) LoadingCache<String, Set<AccountGroup.UUID>> membershipCache,
|
||||
@Named(GROUP_EXIST_CACHE) LoadingCache<String, Boolean> existsCache,
|
||||
ProjectCache projectCache,
|
||||
Provider<CurrentUser> userProvider) {
|
||||
Provider<CurrentUser> userProvider,
|
||||
@GerritServerConfig Config gerritConfig) {
|
||||
this.helper = helper;
|
||||
this.membershipCache = membershipCache;
|
||||
this.projectCache = projectCache;
|
||||
this.existsCache = existsCache;
|
||||
this.userProvider = userProvider;
|
||||
this.gerritConfig = gerritConfig;
|
||||
}
|
||||
|
||||
private boolean isLdapUUID(AccountGroup.UUID uuid) {
|
||||
@ -178,7 +183,7 @@ public class LdapGroupBackend implements GroupBackend {
|
||||
if (id == null) {
|
||||
return GroupMembership.EMPTY;
|
||||
}
|
||||
return new LdapGroupMembership(membershipCache, projectCache, id);
|
||||
return new LdapGroupMembership(membershipCache, projectCache, id, gerritConfig);
|
||||
}
|
||||
|
||||
private static String findId(Collection<ExternalId> extIds) {
|
||||
|
@ -22,20 +22,24 @@ import com.google.gerrit.server.project.ProjectCache;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
import org.eclipse.jgit.lib.Config;
|
||||
|
||||
class LdapGroupMembership implements GroupMembership {
|
||||
private final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache;
|
||||
private final ProjectCache projectCache;
|
||||
private final String id;
|
||||
private final boolean guessRelevantGroups;
|
||||
private GroupMembership membership;
|
||||
|
||||
LdapGroupMembership(
|
||||
LoadingCache<String, Set<AccountGroup.UUID>> membershipCache,
|
||||
ProjectCache projectCache,
|
||||
String id) {
|
||||
String id,
|
||||
Config gerritConfig) {
|
||||
this.membershipCache = membershipCache;
|
||||
this.projectCache = projectCache;
|
||||
this.id = id;
|
||||
this.guessRelevantGroups = gerritConfig.getBoolean("ldap", "guessRelevantGroups", true);
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -56,7 +60,9 @@ class LdapGroupMembership implements GroupMembership {
|
||||
@Override
|
||||
public Set<AccountGroup.UUID> getKnownGroups() {
|
||||
Set<AccountGroup.UUID> g = new HashSet<>(get().getKnownGroups());
|
||||
g.retainAll(projectCache.guessRelevantGroupUUIDs());
|
||||
if (guessRelevantGroups) {
|
||||
g.retainAll(projectCache.guessRelevantGroupUUIDs());
|
||||
}
|
||||
return g;
|
||||
}
|
||||
|
||||
|
@ -43,6 +43,9 @@
|
||||
<developer>
|
||||
<name>Edwin Kempin</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Han-Wen Nienhuys</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Hugo Arès</name>
|
||||
</developer>
|
||||
|
@ -43,6 +43,9 @@
|
||||
<developer>
|
||||
<name>Edwin Kempin</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Han-Wen Nienhuys</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Hugo Arès</name>
|
||||
</developer>
|
||||
|
@ -43,6 +43,9 @@
|
||||
<developer>
|
||||
<name>Edwin Kempin</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Han-Wen Nienhuys</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Hugo Arès</name>
|
||||
</developer>
|
||||
|
@ -43,6 +43,9 @@
|
||||
<developer>
|
||||
<name>Edwin Kempin</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Han-Wen Nienhuys</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Hugo Arès</name>
|
||||
</developer>
|
||||
|
@ -43,6 +43,9 @@
|
||||
<developer>
|
||||
<name>Edwin Kempin</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Han-Wen Nienhuys</name>
|
||||
</developer>
|
||||
<developer>
|
||||
<name>Hugo Arès</name>
|
||||
</developer>
|
||||
|
Loading…
Reference in New Issue
Block a user