Move "ref_rights" table into Git
Permissions are stored in the project.config file within the
refs/meta/config branch of each project. This makes the rules
more flexible in the future, as well as adds version control.
For example:
[access "refs/*"]
owner = group tools-owners
[access "refs/heads/*"]
label-Verified = -1..+1 group tools-dev
label-Verified = -1..+1 group tools-owners
label-Code-Review = -2..+2 group tools-owners
submit = group tools-dev
submit = group tools-owners
[access "refs/heads/stable"]
exclusiveGroupPermissions = read create push
read = group Anonymous Users
push = group tools-repo-maintainer
To enable easy remote editing of the configuration rules, the
following access block is added by default to -- All Projects --
and is thus inherited throughout the entire site:
[access "refs/meta/config"]
read = group Project Owners
push = group Project Owners
This configuration section permits any project owner or site
administrator (as they are indirectly always a project owner of
any project) to push changes to the project.config file within
the refs/meta/config branch, updating access (and other project
information) remotely without using the web UI.
Change-Id: Idb56f657a4bf88108ad40bbb19d831e6806b68c5
Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
@@ -14,9 +14,7 @@
|
||||
|
||||
package com.google.gerrit.server.project;
|
||||
|
||||
import com.google.gerrit.reviewdb.AccountGroup;
|
||||
import com.google.gerrit.reviewdb.Project;
|
||||
import com.google.gerrit.reviewdb.RefRight;
|
||||
import com.google.gerrit.reviewdb.ReviewDb;
|
||||
import com.google.gerrit.server.cache.Cache;
|
||||
import com.google.gerrit.server.cache.CacheModule;
|
||||
@@ -33,13 +31,9 @@ import com.google.inject.name.Named;
|
||||
import org.eclipse.jgit.errors.RepositoryNotFoundException;
|
||||
import org.eclipse.jgit.lib.Repository;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
import java.util.NoSuchElementException;
|
||||
import java.util.Set;
|
||||
import java.util.SortedSet;
|
||||
import java.util.TreeSet;
|
||||
import java.util.concurrent.locks.Lock;
|
||||
@@ -99,11 +93,6 @@ public class ProjectCacheImpl implements ProjectCache {
|
||||
}
|
||||
}
|
||||
|
||||
/** Invalidate the cached information about all projects. */
|
||||
public void evictAll() {
|
||||
byName.removeAll();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onCreateProject(Project.NameKey newProjectName) {
|
||||
listLock.lock();
|
||||
@@ -193,30 +182,7 @@ public class ProjectCacheImpl implements ProjectCache {
|
||||
try {
|
||||
final ProjectConfig cfg = new ProjectConfig(key);
|
||||
cfg.load(git);
|
||||
|
||||
final Project p = cfg.getProject();
|
||||
|
||||
Collection<RefRight> rights = db.refRights().byProject(key).toList();
|
||||
|
||||
Set<AccountGroup.Id> groupIds = new HashSet<AccountGroup.Id>();
|
||||
for (RefRight r : rights) {
|
||||
groupIds.add(r.getAccountGroupId());
|
||||
}
|
||||
Map<AccountGroup.Id, AccountGroup> groupsById =
|
||||
db.accountGroups().toMap(db.accountGroups().get(groupIds));
|
||||
|
||||
for (RefRight r : rights) {
|
||||
AccountGroup group = groupsById.get(r.getAccountGroupId());
|
||||
if (group != null) {
|
||||
r.setAccountGroupUUID(group.getGroupUUID());
|
||||
} else {
|
||||
r.setAccountGroupUUID(new AccountGroup.UUID("DELETED_GROUP_"
|
||||
+ r.getAccountGroupId().get()));
|
||||
}
|
||||
}
|
||||
rights = Collections.unmodifiableCollection(rights);
|
||||
|
||||
return projectStateFactory.create(p, rights);
|
||||
return projectStateFactory.create(cfg);
|
||||
} finally {
|
||||
git.close();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user