opendev/gerrit
Code Issues Proposed changes

Move "ref_rights" table into Git

Browse Source 
Permissions are stored in the project.config file within the
refs/meta/config branch of each project.  This makes the rules
more flexible in the future, as well as adds version control.

For example:

  [access "refs/*"]
    owner = group tools-owners

  [access "refs/heads/*"]
    label-Verified = -1..+1 group tools-dev
    label-Verified = -1..+1 group tools-owners
    label-Code-Review = -2..+2 group tools-owners
    submit = group tools-dev
    submit = group tools-owners

  [access "refs/heads/stable"]
    exclusiveGroupPermissions = read create push
    read = group Anonymous Users
    push = group tools-repo-maintainer

To enable easy remote editing of the configuration rules, the
following access block is added by default to -- All Projects --
and is thus inherited throughout the entire site:

  [access "refs/meta/config"]
    read = group Project Owners
    push = group Project Owners

This configuration section permits any project owner or site
administrator (as they are indirectly always a project owner of
any project) to push changes to the project.config file within
the refs/meta/config branch, updating access (and other project
information) remotely without using the web UI.

Change-Id: Idb56f657a4bf88108ad40bbb19d831e6806b68c5
Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
2011-01-05 12:46:21 -08:00
parent 83f6cc14af
commit 6a765190df
48 changed files with 2181 additions and 1628 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
gerrit-server/src/test/java/com/google/gerrit/server/git/ProjectConfigTest.java Normal file
View File

@@ -0,0 +1,191 @@
// Copyright (C) 2011 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.git;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.reviewdb.AccountGroup;
import com.google.gerrit.reviewdb.Project;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.errors.IncorrectObjectTypeException;
import org.eclipse.jgit.errors.MissingObjectException;
import org.eclipse.jgit.junit.LocalDiskRepositoryTestCase;
import org.eclipse.jgit.junit.TestRepository;
import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.RefUpdate;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.revwalk.RevCommit;
import org.eclipse.jgit.revwalk.RevObject;
import org.eclipse.jgit.util.RawParseUtils;
import org.junit.Before;
import org.junit.Test;
import java.io.IOException;
public class ProjectConfigTest extends LocalDiskRepositoryTestCase {
private final GroupReference developers = new GroupReference(
new AccountGroup.UUID("X"), "Developers");
private final GroupReference staff = new GroupReference(
new AccountGroup.UUID("Y"), "Staff");
private Repository db;
private TestRepository<Repository> util;
@Override
@Before
public void setUp() throws Exception {
super.setUp();
db = createBareRepository();
util = new TestRepository<Repository>(db);
}
@Test
public void testReadConfig() throws Exception {
RevCommit rev = util.commit(util.tree( //
util.file("groups", util.blob(group(developers))), //
util.file("project.config", util.blob(""//
+ "[access \"refs/heads/*\"]\n" //
+ " exclusiveGroupPermissions = read submit create\n" //
+ " submit = group Developers\n" //
+ " push = group Developers\n" //
+ " read = group Developers\n")) //
));
ProjectConfig cfg = read(rev);
AccessSection section = cfg.getAccessSection("refs/heads/*");
assertNotNull("has refs/heads/*", section);
assertNull("no refs/*", cfg.getAccessSection("refs/*"));
Permission create = section.getPermission(Permission.CREATE);
Permission submit = section.getPermission(Permission.SUBMIT);
Permission read = section.getPermission(Permission.READ);
Permission push = section.getPermission(Permission.PUSH);
assertTrue(create.getExclusiveGroup());
assertTrue(submit.getExclusiveGroup());
assertTrue(read.getExclusiveGroup());
assertFalse(push.getExclusiveGroup());
}
@Test
public void testEditConfig() throws Exception {
RevCommit rev = util.commit(util.tree( //
util.file("groups", util.blob(group(developers))), //
util.file("project.config", util.blob(""//
+ "[access \"refs/heads/*\"]\n" //
+ " exclusiveGroupPermissions = read submit\n" //
+ " submit = group Developers\n" //
+ " upload = group Developers\n" //
+ " read = group Developers\n")) //
));
update(rev);
ProjectConfig cfg = read(rev);
AccessSection section = cfg.getAccessSection("refs/heads/*");
Permission submit = section.getPermission(Permission.SUBMIT);
submit.add(new PermissionRule(cfg.resolve(staff)));
rev = commit(cfg);
assertEquals(""//
+ "[access \"refs/heads/*\"]\n" //
+ " exclusiveGroupPermissions = read submit\n" //
+ " submit = group Developers\n" //
+ "\tsubmit = group Staff\n" //
+ " upload = group Developers\n" //
+ " read = group Developers\n", text(rev, "project.config"));
}
@Test
public void testEditConfigMissingGroupTableEntry() throws Exception {
RevCommit rev = util.commit(util.tree( //
util.file("groups", util.blob(group(developers))), //
util.file("project.config", util.blob(""//
+ "[access \"refs/heads/*\"]\n" //
+ " exclusiveGroupPermissions = read submit\n" //
+ " submit = group People Who Can Submit\n" //
+ " upload = group Developers\n" //
+ " read = group Developers\n")) //
));
update(rev);
ProjectConfig cfg = read(rev);
AccessSection section = cfg.getAccessSection("refs/heads/*");
Permission submit = section.getPermission(Permission.SUBMIT);
submit.add(new PermissionRule(cfg.resolve(staff)));
rev = commit(cfg);
assertEquals(""//
+ "[access \"refs/heads/*\"]\n" //
+ " exclusiveGroupPermissions = read submit\n" //
+ " submit = group People Who Can Submit\n" //
+ "\tsubmit = group Staff\n" //
+ " upload = group Developers\n" //
+ " read = group Developers\n", text(rev, "project.config"));
}
private ProjectConfig read(RevCommit rev) throws IOException,
ConfigInvalidException {
ProjectConfig cfg = new ProjectConfig(new Project.NameKey("test"));
cfg.load(db, rev);
return cfg;
}
private RevCommit commit(ProjectConfig cfg) throws IOException,
MissingObjectException, IncorrectObjectTypeException {
MetaDataUpdate md = new MetaDataUpdate(new NoReplication(), //
cfg.getProject().getNameKey(), //
db);
util.tick(5);
util.setAuthorAndCommitter(md.getCommitBuilder());
md.setMessage("Edit\n");
assertTrue("commit finished", cfg.commit(md));
Ref ref = db.getRef(GitRepositoryManager.REF_CONFIG);
return util.getRevWalk().parseCommit(ref.getObjectId());
}
private void update(RevCommit rev) throws Exception {
RefUpdate u = db.updateRef(GitRepositoryManager.REF_CONFIG);
u.disableRefLog();
u.setNewObjectId(rev);
switch (u.forceUpdate()) {
case FAST_FORWARD:
case FORCED:
case NEW:
case NO_CHANGE:
break;
default:
fail("Cannot update ref for test: " + u.getResult());
}
}
private String text(RevCommit rev, String path) throws Exception {
RevObject blob = util.get(rev.getTree(), path);
byte[] data = db.open(blob).getCachedBytes(Integer.MAX_VALUE);
return RawParseUtils.decode(data);
}
private static String group(GroupReference g) {
return g.getUUID().get() + "\t" + g.getName() + "\n";
}
}

165
gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java
View File

@@ -14,23 +14,24 @@
package com.google.gerrit.server.project;
import static com.google.gerrit.reviewdb.ApprovalCategory.OWN;
import static com.google.gerrit.reviewdb.ApprovalCategory.READ;
import static com.google.gerrit.reviewdb.ApprovalCategory.SUBMIT;
import static com.google.gerrit.common.data.Permission.OWNER;
import static com.google.gerrit.common.data.Permission.PUSH;
import static com.google.gerrit.common.data.Permission.READ;
import static com.google.gerrit.common.data.Permission.SUBMIT;
import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.reviewdb.AccountGroup;
import com.google.gerrit.reviewdb.AccountProjectWatch;
import com.google.gerrit.reviewdb.ApprovalCategory;
import com.google.gerrit.reviewdb.Change;
import com.google.gerrit.reviewdb.Project;
import com.google.gerrit.reviewdb.RefRight;
import com.google.gerrit.reviewdb.SystemConfig;
import com.google.gerrit.reviewdb.RefRight.RefPattern;
import com.google.gerrit.server.AccessPath;
import com.google.gerrit.server.AnonymousUser;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
@@ -41,19 +42,17 @@ import org.apache.commons.codec.binary.Base64;
import org.eclipse.jgit.lib.Config;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
public class RefControlTest extends TestCase {
public void testOwnerProject() {
grant(local, OWN, admin, "refs/*", 1);
grant(local, OWNER, admin, "refs/*");
ProjectControl uBlah = user(devs);
ProjectControl uAdmin = user(devs, admin);
@@ -63,8 +62,8 @@ public class RefControlTest extends TestCase {
}
public void testBranchDelegation1() {
grant(local, OWN, admin, "refs/*", 1);
grant(local, OWN, devs, "refs/heads/x/*", 1);
grant(local, OWNER, admin, "refs/*");
grant(local, OWNER, devs, "refs/heads/x/*");
ProjectControl uDev = user(devs);
assertFalse("not owner", uDev.isOwner());
@@ -79,9 +78,10 @@ public class RefControlTest extends TestCase {
}
public void testBranchDelegation2() {
grant(local, OWN, admin, "refs/*", 1);
grant(local, OWN, devs, "refs/heads/x/*", 1);
grant(local, OWN, fixers, "-refs/heads/x/y/*", 1);
grant(local, OWNER, admin, "refs/*");
grant(local, OWNER, devs, "refs/heads/x/*");
grant(local, OWNER, fixers, "refs/heads/x/y/*");
doNotInherit(local, OWNER, "refs/heads/x/y/*");
ProjectControl uDev = user(devs);
assertFalse("not owner", uDev.isOwner());
@@ -106,8 +106,11 @@ public class RefControlTest extends TestCase {
}
public void testInheritRead_SingleBranchDeniesUpload() {
grant(parent, READ, registered, "refs/*", 1, 2);
grant(local, READ, registered, "-refs/heads/foobar", 1);
grant(parent, READ, registered, "refs/*");
grant(parent, PUSH, registered, "refs/for/refs/*");
grant(local, READ, registered, "refs/heads/foobar");
doNotInherit(local, READ, "refs/heads/foobar");
doNotInherit(local, PUSH, "refs/for/refs/heads/foobar");
ProjectControl u = user();
assertTrue("can upload", u.canPushToAtLeastOneRef());
@@ -120,8 +123,9 @@ public class RefControlTest extends TestCase {
}
public void testInheritRead_SingleBranchDoesNotOverrideInherited() {
grant(parent, READ, registered, "refs/*", 1, 2);
grant(local, READ, registered, "refs/heads/foobar", 1);
grant(parent, READ, registered, "refs/*");
grant(parent, PUSH, registered, "refs/for/refs/*");
grant(local, READ, registered, "refs/heads/foobar");
ProjectControl u = user();
assertTrue("can upload", u.canPushToAtLeastOneRef());
@@ -134,16 +138,16 @@ public class RefControlTest extends TestCase {
}
public void testInheritRead_OverrideWithDeny() {
grant(parent, READ, registered, "refs/*", 1);
grant(local, READ, registered, "refs/*", 0);
grant(parent, READ, registered, "refs/*");
grant(local, READ, registered, "refs/*").setDeny(true);
ProjectControl u = user();
assertFalse("can't read", u.isVisible());
}
public void testInheritRead_AppendWithDenyOfRef() {
grant(parent, READ, registered, "refs/*", 1);
grant(local, READ, registered, "refs/heads/*", 0);
grant(parent, READ, registered, "refs/*");
grant(local, READ, registered, "refs/heads/*").setDeny(true);
ProjectControl u = user();
assertTrue("can read", u.isVisible());
@@ -153,9 +157,9 @@ public class RefControlTest extends TestCase {
}
public void testInheritRead_OverridesAndDeniesOfRef() {
grant(parent, READ, registered, "refs/*", 1);
grant(local, READ, registered, "refs/*", 0);
grant(local, READ, registered, "refs/heads/*", -1, 1);
grant(parent, READ, registered, "refs/*");
grant(local, READ, registered, "refs/*").setDeny(true);
grant(local, READ, registered, "refs/heads/*");
ProjectControl u = user();
assertTrue("can read", u.isVisible());
@@ -165,9 +169,9 @@ public class RefControlTest extends TestCase {
}
public void testInheritSubmit_OverridesAndDeniesOfRef() {
grant(parent, SUBMIT, registered, "refs/*", 1);
grant(local, SUBMIT, registered, "refs/*", 0);
grant(local, SUBMIT, registered, "refs/heads/*", -1, 1);
grant(parent, SUBMIT, registered, "refs/*");
grant(local, SUBMIT, registered, "refs/*").setDeny(true);
grant(local, SUBMIT, registered, "refs/heads/*");
ProjectControl u = user();
assertFalse("can't submit", u.controlForRef("refs/foobar").canSubmit());
@@ -176,8 +180,9 @@ public class RefControlTest extends TestCase {
}
public void testCannotUploadToAnyRef() {
grant(parent, READ, registered, "refs/*", 1);
grant(local, READ, devs, "refs/heads/*", 1, 2);
grant(parent, READ, registered, "refs/*");
grant(local, READ, devs, "refs/heads/*");
grant(local, PUSH, devs, "refs/for/refs/heads/*");
ProjectControl u = user();
assertFalse("cannot upload", u.canPushToAtLeastOneRef());
@@ -188,8 +193,8 @@ public class RefControlTest extends TestCase {
// -----------------------------------------------------------------------
private final Project.NameKey local = new Project.NameKey("test");
private final Project.NameKey parent = new Project.NameKey("parent");
private ProjectConfig local;
private ProjectConfig parent;
private final AccountGroup.UUID admin = new AccountGroup.UUID("test.admin");
private final AccountGroup.UUID anonymous = AccountGroup.ANONYMOUS_USERS;
private final AccountGroup.UUID registered = AccountGroup.REGISTERED_USERS;
@@ -201,9 +206,6 @@ public class RefControlTest extends TestCase {
private final AuthConfig authConfig;
private final AnonymousUser anonymousUser;
private final Map<AccountGroup.UUID, AccountGroup.Id> groupIds =
new HashMap<AccountGroup.UUID, AccountGroup.Id>();
public RefControlTest() {
systemConfig = SystemConfig.create();
systemConfig.adminGroupUUID = admin;
@@ -231,14 +233,16 @@ public class RefControlTest extends TestCase {
anonymousUser = injector.getInstance(AnonymousUser.class);
}
private List<RefRight> localRights;
private List<RefRight> inheritedRights;
@Override
protected void setUp() throws Exception {
public void setUp() throws Exception {
super.setUp();
localRights = new ArrayList<RefRight>();
inheritedRights = new ArrayList<RefRight>();
parent = new ProjectConfig(new Project.NameKey("parent"));
parent.createInMemory();
local = new ProjectConfig(new Project.NameKey("local"));
local.createInMemory();
local.getProject().setParentName(parent.getProject().getName());
}
private static void assertOwner(String ref, ProjectControl u) {
@@ -249,33 +253,27 @@ public class RefControlTest extends TestCase {
assertFalse("NOT OWN " + ref, u.controlForRef(ref).isOwner());
}
private void grant(Project.NameKey project, ApprovalCategory.Id categoryId,
AccountGroup.UUID group, String ref, int maxValue) {
grant(project, categoryId, group, ref, maxValue, maxValue);
private PermissionRule grant(ProjectConfig project, String permissionName,
AccountGroup.UUID group, String ref) {
PermissionRule rule = newRule(project, group);
project.getAccessSection(ref, true) //
.getPermission(permissionName, true) //
.add(rule);
return rule;
}
private void grant(Project.NameKey project, ApprovalCategory.Id categoryId,
AccountGroup.UUID groupUUID, String ref, int minValue, int maxValue) {
AccountGroup.Id groupId = groupIds.get(groupUUID);
if (groupId == null) {
groupId = new AccountGroup.Id(groupIds.size() + 1);
groupIds.put(groupUUID, groupId);
}
private void doNotInherit(ProjectConfig project, String permissionName,
String ref) {
project.getAccessSection(ref, true) //
.getPermission(permissionName, true) //
.setExclusiveGroup(true);
}
RefRight right =
new RefRight(new RefRight.Key(project, new RefPattern(ref),
categoryId, groupId));
right.setAccountGroupUUID(groupUUID);
right.setMinValue((short) minValue);
right.setMaxValue((short) maxValue);
private PermissionRule newRule(ProjectConfig project, AccountGroup.UUID groupUUID) {
GroupReference group = new GroupReference(groupUUID, groupUUID.get());
group = project.resolve(group);
if (project == parent) {
inheritedRights.add(right);
} else if (project == local) {
localRights.add(right);
} else {
fail("Unknown project key: " + project);
}
return new PermissionRule(group);
}
private ProjectControl user(AccountGroup.UUID... memberOf) {
@@ -291,15 +289,40 @@ public class RefControlTest extends TestCase {
}
private ProjectState newProjectState() {
ProjectCache projectCache = null;
final Map<Project.NameKey, ProjectState> all =
new HashMap<Project.NameKey, ProjectState>();
final ProjectCache projectCache = new ProjectCache() {
@Override
public ProjectState get(Project.NameKey projectName) {
return all.get(projectName);
}
@Override
public void evict(Project p) {
}
@Override
public Iterable<Project.NameKey> all() {
return Collections.emptySet();
}
@Override
public Iterable<Project.NameKey> byName(String prefix) {
return Collections.emptySet();
}
@Override
public void onCreateProject(Project.NameKey newProjectName) {
}
};
Project.NameKey wildProject = new Project.NameKey("-- All Projects --");
ProjectControl.AssistedFactory projectControlFactory = null;
Project project = new Project(parent);
ProjectState ps =
new ProjectState(anonymousUser, projectCache, wildProject,
projectControlFactory, project, localRights);
ps.setInheritedRights(inheritedRights);
return ps;
all.put(local.getProject().getNameKey(), new ProjectState(anonymousUser,
projectCache, wildProject, projectControlFactory, local));
all.put(parent.getProject().getNameKey(), new ProjectState(anonymousUser,
projectCache, wildProject, projectControlFactory, parent));
return all.get(local.getProject().getNameKey());
}
private class MockUser extends CurrentUser {

150
gerrit-server/src/test/java/com/google/gerrit/server/schema/SchemaCreatorTest.java
View File

@@ -17,11 +17,8 @@ package com.google.gerrit.server.schema;
import com.google.gerrit.reviewdb.AccountGroup;
import com.google.gerrit.reviewdb.ApprovalCategory;
import com.google.gerrit.reviewdb.ApprovalCategoryValue;
import com.google.gerrit.reviewdb.RefRight;
import com.google.gerrit.reviewdb.ReviewDb;
import com.google.gerrit.reviewdb.SystemConfig;
import com.google.gerrit.server.workflow.NoOpFunction;
import com.google.gerrit.server.workflow.SubmitFunction;
import com.google.gerrit.testutil.InMemoryDatabase;
import com.google.gwtorm.client.OrmException;
import com.google.gwtorm.jdbc.JdbcSchema;
@@ -163,7 +160,6 @@ public class SchemaCreatorTest extends TestCase {
assertEquals("R", cat.getAbbreviatedName());
assertEquals("MaxWithBlock", cat.getFunctionName());
assertTrue(cat.isCopyMinScore());
assertFalse(cat.isAction());
assertTrue(0 <= cat.getPosition());
} finally {
c.close();
@@ -171,101 +167,6 @@ public class SchemaCreatorTest extends TestCase {
assertValueRange(codeReview, -2, -1, 0, 1, 2);
}
public void testCreateSchema_ApprovalCategory_Read() throws OrmException {
final ReviewDb c = db.create().open();
try {
final ApprovalCategory cat;
cat = c.approvalCategories().get(ApprovalCategory.READ);
assertNotNull(cat);
assertEquals(ApprovalCategory.READ, cat.getId());
assertEquals("Read Access", cat.getName());
assertNull(cat.getAbbreviatedName());
assertEquals(NoOpFunction.NAME, cat.getFunctionName());
assertTrue(cat.isAction());
} finally {
c.close();
}
assertValueRange(ApprovalCategory.READ, -1, 1, 2, 3);
}
public void testCreateSchema_ApprovalCategory_Submit() throws OrmException {
final ReviewDb c = db.create().open();
try {
final ApprovalCategory cat;
cat = c.approvalCategories().get(ApprovalCategory.SUBMIT);
assertNotNull(cat);
assertEquals(ApprovalCategory.SUBMIT, cat.getId());
assertEquals("Submit", cat.getName());
assertNull(cat.getAbbreviatedName());
assertEquals(SubmitFunction.NAME, cat.getFunctionName());
assertTrue(cat.isAction());
} finally {
c.close();
}
assertValueRange(ApprovalCategory.SUBMIT, 1);
}
public void testCreateSchema_ApprovalCategory_PushTag() throws OrmException {
final ReviewDb c = db.create().open();
try {
final ApprovalCategory cat;
cat = c.approvalCategories().get(ApprovalCategory.PUSH_TAG);
assertNotNull(cat);
assertEquals(ApprovalCategory.PUSH_TAG, cat.getId());
assertEquals("Push Tag", cat.getName());
assertNull(cat.getAbbreviatedName());
assertEquals(NoOpFunction.NAME, cat.getFunctionName());
assertTrue(cat.isAction());
} finally {
c.close();
}
assertValueRange(ApprovalCategory.PUSH_TAG, //
ApprovalCategory.PUSH_TAG_SIGNED, //
ApprovalCategory.PUSH_TAG_ANNOTATED);
}
public void testCreateSchema_ApprovalCategory_PushHead() throws OrmException {
final ReviewDb c = db.create().open();
try {
final ApprovalCategory cat;
cat = c.approvalCategories().get(ApprovalCategory.PUSH_HEAD);
assertNotNull(cat);
assertEquals(ApprovalCategory.PUSH_HEAD, cat.getId());
assertEquals("Push Branch", cat.getName());
assertNull(cat.getAbbreviatedName());
assertEquals(NoOpFunction.NAME, cat.getFunctionName());
assertTrue(cat.isAction());
} finally {
c.close();
}
assertValueRange(ApprovalCategory.PUSH_HEAD, //
ApprovalCategory.PUSH_HEAD_UPDATE, //
ApprovalCategory.PUSH_HEAD_CREATE, //
ApprovalCategory.PUSH_HEAD_REPLACE);
}
public void testCreateSchema_ApprovalCategory_Owner() throws OrmException {
final ReviewDb c = db.create().open();
try {
final ApprovalCategory cat;
cat = c.approvalCategories().get(ApprovalCategory.OWN);
assertNotNull(cat);
assertEquals(ApprovalCategory.OWN, cat.getId());
assertEquals("Owner", cat.getName());
assertNull(cat.getAbbreviatedName());
assertEquals(NoOpFunction.NAME, cat.getFunctionName());
assertTrue(cat.isAction());
} finally {
c.close();
}
assertValueRange(ApprovalCategory.OWN, 1);
}
private void assertValueRange(ApprovalCategory.Id cat, int... range)
throws OrmException {
final HashSet<ApprovalCategoryValue.Id> act =
@@ -295,55 +196,4 @@ public class SchemaCreatorTest extends TestCase {
fail("Category " + cat + " has additional values: " + act);
}
}
public void testCreateSchema_DefaultAccess_AnonymousUsers()
throws OrmException {
db.create();
final SystemConfig config = db.getSystemConfig();
assertDefaultRight("refs/*", config.anonymousGroupId,
ApprovalCategory.READ, 1, 1);
}
public void testCreateSchema_DefaultAccess_RegisteredUsers()
throws OrmException {
db.create();
final SystemConfig config = db.getSystemConfig();
assertDefaultRight("refs/*", config.registeredGroupId,
ApprovalCategory.READ, 1, 2);
assertDefaultRight("refs/heads/*", config.registeredGroupId, codeReview,
-1, 1);
}
public void testCreateSchema_DefaultAccess_Administrators()
throws OrmException {
db.create();
final SystemConfig config = db.getSystemConfig();
assertDefaultRight("refs/*", config.adminGroupId, ApprovalCategory.READ, 1,
1);
}
private void assertDefaultRight(final String pattern,
final AccountGroup.Id group, final ApprovalCategory.Id category, int min,
int max) throws OrmException {
final ReviewDb c = db.open();
try {
final SystemConfig cfg;
final RefRight right;
cfg = c.systemConfig().get(new SystemConfig.Key());
right =
c.refRights().get(
new RefRight.Key(cfg.wildProjectName, new RefRight.RefPattern(
pattern), category, group));
assertNotNull(right);
assertEquals(cfg.wildProjectName, right.getProjectNameKey());
assertEquals(group, right.getAccountGroupId());
assertEquals(category, right.getApprovalCategoryId());
assertEquals(min, right.getMinValue());
assertEquals(max, right.getMaxValue());
} finally {
c.close();
}
}
}