Move batch user priority to a capability
Instead of using a magical group, use a special capability to denote users that should get the batch priority behavior. Change-Id: I3e1f8f3ee39f5dcb2cdad2f9c71c46db25fc30b6
This commit is contained in:
Shawn O. Pearce
@@ -45,6 +45,9 @@ public class GlobalCapability {
|
||||
/** Can terminate any task using the kill command. */
|
||||
public static final String KILL_TASK = "killTask";
|
||||
|
||||
/** Queue a user can access to submit their tasks to. */
|
||||
public static final String PRIORITY = "priority";
|
||||
|
||||
/** Maximum result limit per executed query. */
|
||||
public static final String QUERY_LIMIT = "queryLimit";
|
||||
|
||||
@@ -70,6 +73,7 @@ public class GlobalCapability {
|
||||
NAMES_LC.add(CREATE_PROJECT.toLowerCase());
|
||||
NAMES_LC.add(FLUSH_CACHES.toLowerCase());
|
||||
NAMES_LC.add(KILL_TASK.toLowerCase());
|
||||
NAMES_LC.add(PRIORITY.toLowerCase());
|
||||
NAMES_LC.add(QUERY_LIMIT.toLowerCase());
|
||||
NAMES_LC.add(START_REPLICATION.toLowerCase());
|
||||
NAMES_LC.add(VIEW_CACHES.toLowerCase());
|
||||
|
||||
@@ -16,10 +16,12 @@ package com.google.gerrit.common.data;
|
||||
|
||||
public class PermissionRule implements Comparable<PermissionRule> {
|
||||
public static enum Action {
|
||||
ALLOW, DENY;
|
||||
ALLOW, DENY,
|
||||
|
||||
INTERACTIVE, BATCH;
|
||||
}
|
||||
|
||||
protected boolean deny;
|
||||
protected Action action = Action.ALLOW;
|
||||
protected boolean force;
|
||||
protected int min;
|
||||
protected int max;
|
||||
@@ -33,22 +35,22 @@ public class PermissionRule implements Comparable<PermissionRule> {
|
||||
}
|
||||
|
||||
public Action getAction() {
|
||||
return deny ? Action.DENY : Action.ALLOW;
|
||||
return action;
|
||||
}
|
||||
|
||||
public void setAction(Action action) {
|
||||
if (action == null) {
|
||||
throw new NullPointerException("action");
|
||||
}
|
||||
setDeny(action == Action.DENY);
|
||||
this.action = action;
|
||||
}
|
||||
|
||||
public boolean getDeny() {
|
||||
return deny;
|
||||
return action == Action.DENY;
|
||||
}
|
||||
|
||||
public void setDeny(boolean newDeny) {
|
||||
deny = newDeny;
|
||||
action = Action.DENY;
|
||||
}
|
||||
|
||||
public Boolean getForce() {
|
||||
@@ -94,21 +96,35 @@ public class PermissionRule implements Comparable<PermissionRule> {
|
||||
}
|
||||
|
||||
void mergeFrom(PermissionRule src) {
|
||||
setDeny(getDeny() || src.getDeny());
|
||||
if (getAction() != src.getAction()) {
|
||||
if (getAction() == Action.DENY || src.getAction() == Action.DENY) {
|
||||
setAction(Action.DENY);
|
||||
|
||||
} else if (getAction() == Action.BATCH || src.getAction() == Action.BATCH) {
|
||||
setAction(Action.BATCH);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
setForce(getForce() || src.getForce());
|
||||
setRange(Math.min(getMin(), src.getMin()), Math.max(getMax(), src.getMax()));
|
||||
}
|
||||
|
||||
@Override
|
||||
public int compareTo(PermissionRule o) {
|
||||
int cmp = deny(this) - deny(o);
|
||||
int cmp = action(this) - action(o);
|
||||
if (cmp == 0) cmp = range(o) - range(this);
|
||||
if (cmp == 0) cmp = group(this).compareTo(group(o));
|
||||
return cmp;
|
||||
}
|
||||
|
||||
private static int deny(PermissionRule a) {
|
||||
return a.getDeny() ? 1 : 0;
|
||||
private static int action(PermissionRule a) {
|
||||
switch (a.getAction()) {
|
||||
case DENY:
|
||||
return 0;
|
||||
default:
|
||||
return 1 + a.getAction().ordinal();
|
||||
}
|
||||
}
|
||||
|
||||
private static int range(PermissionRule a) {
|
||||
@@ -127,8 +143,21 @@ public class PermissionRule implements Comparable<PermissionRule> {
|
||||
public String asString(boolean canUseRange) {
|
||||
StringBuilder r = new StringBuilder();
|
||||
|
||||
if (getDeny()) {
|
||||
switch (getAction()) {
|
||||
case ALLOW:
|
||||
break;
|
||||
|
||||
case DENY:
|
||||
r.append("deny ");
|
||||
break;
|
||||
|
||||
case INTERACTIVE:
|
||||
r.append("interactive ");
|
||||
break;
|
||||
|
||||
case BATCH:
|
||||
r.append("batch ");
|
||||
break;
|
||||
}
|
||||
|
||||
if (getForce()) {
|
||||
@@ -157,8 +186,16 @@ public class PermissionRule implements Comparable<PermissionRule> {
|
||||
src = src.trim();
|
||||
|
||||
if (src.startsWith("deny ")) {
|
||||
rule.setDeny(true);
|
||||
src = src.substring(5).trim();
|
||||
rule.setAction(Action.DENY);
|
||||
src = src.substring("deny ".length()).trim();
|
||||
|
||||
} else if (src.startsWith("interactive ")) {
|
||||
rule.setAction(Action.INTERACTIVE);
|
||||
src = src.substring("interactive ".length()).trim();
|
||||
|
||||
} else if (src.startsWith("batch ")) {
|
||||
rule.setAction(Action.BATCH);
|
||||
src = src.substring("batch ".length()).trim();
|
||||
}
|
||||
|
||||
if (src.startsWith("+force ")) {
|
||||
|
||||
@@ -125,6 +125,7 @@ capabilityNames = \
|
||||
createProject, \
|
||||
flushCaches, \
|
||||
killTask, \
|
||||
priority, \
|
||||
queryLimit, \
|
||||
startReplication, \
|
||||
viewCaches, \
|
||||
@@ -136,6 +137,7 @@ createGroup = Create Group
|
||||
createProject = Create Project
|
||||
flushCaches = Flush Caches
|
||||
killTask = Kill Task
|
||||
priority = Priority
|
||||
queryLimit = Query Limit
|
||||
startReplication = Start Replication
|
||||
viewCaches = View Caches
|
||||
|
||||
@@ -207,7 +207,11 @@ public class PermissionEditor extends Composite implements Editor<Permission>,
|
||||
int min = validRange.getDefaultMin();
|
||||
int max = validRange.getDefaultMax();
|
||||
newRule.setRange(min, max);
|
||||
|
||||
} else if (GlobalCapability.PRIORITY.equals(value.getName())) {
|
||||
newRule.setAction(PermissionRule.Action.BATCH);
|
||||
}
|
||||
|
||||
rules.getList().add(newRule);
|
||||
}
|
||||
groupToAdd.setValue(null);
|
||||
|
||||
@@ -20,6 +20,7 @@ import static com.google.gerrit.common.data.Permission.PUSH_TAG;
|
||||
import com.google.gerrit.client.Dispatcher;
|
||||
import com.google.gerrit.client.ui.Hyperlink;
|
||||
import com.google.gerrit.common.data.AccessSection;
|
||||
import com.google.gerrit.common.data.GlobalCapability;
|
||||
import com.google.gerrit.common.data.GroupReference;
|
||||
import com.google.gerrit.common.data.Permission;
|
||||
import com.google.gerrit.common.data.PermissionRange;
|
||||
@@ -112,8 +113,19 @@ public class PermissionRuleEditor extends Composite implements
|
||||
} else {
|
||||
min = new RangeBox.Box();
|
||||
max = new RangeBox.Box();
|
||||
|
||||
if (GlobalCapability.PRIORITY.equals(permission.getName())) {
|
||||
action.setValue(PermissionRule.Action.INTERACTIVE);
|
||||
action.setAcceptableValues(Arrays.asList(
|
||||
PermissionRule.Action.INTERACTIVE,
|
||||
PermissionRule.Action.BATCH));
|
||||
|
||||
} else {
|
||||
action.setValue(PermissionRule.Action.ALLOW);
|
||||
action.setAcceptableValues(Arrays.asList(PermissionRule.Action.values()));
|
||||
action.setAcceptableValues(Arrays.asList(
|
||||
PermissionRule.Action.ALLOW,
|
||||
PermissionRule.Action.DENY));
|
||||
}
|
||||
}
|
||||
|
||||
initWidget(uiBinder.createAndBindUi(this));
|
||||
|
||||
@@ -27,10 +27,9 @@ import com.google.gerrit.reviewdb.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.AccountCache;
|
||||
import com.google.gerrit.server.account.GroupControl;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.account.GroupCache;
|
||||
import com.google.gerrit.server.account.GroupControl;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.project.NoSuchProjectException;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.gerrit.server.project.ProjectControl;
|
||||
@@ -53,7 +52,6 @@ class SuggestServiceImpl extends BaseServiceImplementation implements
|
||||
SuggestService {
|
||||
private static final String MAX_SUFFIX = "\u9fa5";
|
||||
|
||||
private final AuthConfig authConfig;
|
||||
private final ProjectControl.Factory projectControlFactory;
|
||||
private final ProjectCache projectCache;
|
||||
private final AccountCache accountCache;
|
||||
@@ -65,7 +63,6 @@ class SuggestServiceImpl extends BaseServiceImplementation implements
|
||||
|
||||
@Inject
|
||||
SuggestServiceImpl(final Provider<ReviewDb> schema,
|
||||
final AuthConfig authConfig,
|
||||
final ProjectControl.Factory projectControlFactory,
|
||||
final ProjectCache projectCache, final AccountCache accountCache,
|
||||
final GroupControl.Factory groupControlFactory,
|
||||
@@ -74,7 +71,6 @@ class SuggestServiceImpl extends BaseServiceImplementation implements
|
||||
@GerritServerConfig final Config cfg,
|
||||
final GroupCache groupCache) {
|
||||
super(schema, currentUser);
|
||||
this.authConfig = authConfig;
|
||||
this.projectControlFactory = projectControlFactory;
|
||||
this.projectCache = projectCache;
|
||||
this.accountCache = accountCache;
|
||||
@@ -165,7 +161,6 @@ class SuggestServiceImpl extends BaseServiceImplementation implements
|
||||
Set<AccountGroup.UUID> usersGroups = groupsOf(account);
|
||||
usersGroups.remove(AccountGroup.ANONYMOUS_USERS);
|
||||
usersGroups.remove(AccountGroup.REGISTERED_USERS);
|
||||
usersGroups.remove(authConfig.getBatchUsersGroup());
|
||||
for (AccountGroup.UUID myGroup : currentUser.get().getEffectiveGroups()) {
|
||||
if (usersGroups.contains(myGroup)) {
|
||||
map.put(account.getId(), info);
|
||||
@@ -178,7 +173,6 @@ class SuggestServiceImpl extends BaseServiceImplementation implements
|
||||
Set<AccountGroup.UUID> usersGroups = groupsOf(account);
|
||||
usersGroups.remove(AccountGroup.ANONYMOUS_USERS);
|
||||
usersGroups.remove(AccountGroup.REGISTERED_USERS);
|
||||
usersGroups.remove(authConfig.getBatchUsersGroup());
|
||||
for (AccountGroup.UUID usersGroup : usersGroups) {
|
||||
try {
|
||||
if (groupControlFactory.controlFor(usersGroup).isVisible()) {
|
||||
|
||||
@@ -22,10 +22,10 @@ import static javax.servlet.http.HttpServletResponse.SC_SERVICE_UNAVAILABLE;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.git.QueueProvider;
|
||||
import com.google.gerrit.server.git.WorkQueue;
|
||||
import com.google.gerrit.server.git.WorkQueue.CancelableRunnable;
|
||||
import com.google.gerrit.sshd.CommandExecutorQueueProvider;
|
||||
import com.google.gerrit.sshd.QueueProvider;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import com.google.inject.Singleton;
|
||||
@@ -142,13 +142,7 @@ public class ProjectQoSFilter implements Filter {
|
||||
}
|
||||
|
||||
private WorkQueue.Executor getExecutor() {
|
||||
WorkQueue.Executor executor;
|
||||
if (userProvider.get().isBatchUser()) {
|
||||
executor = queue.getBatchQueue();
|
||||
} else {
|
||||
executor = queue.getInteractiveQueue();
|
||||
}
|
||||
return executor;
|
||||
return queue.getQueue(userProvider.get().getCapabilities().getQueueType());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -62,11 +62,6 @@ public final class SystemConfig {
|
||||
@Column(id = 3, notNull = false)
|
||||
public transient String sitePath;
|
||||
|
||||
@Column(id = 8)
|
||||
public AccountGroup.Id batchUsersGroupId;
|
||||
@Column(id = 11)
|
||||
public AccountGroup.UUID batchUsersGroupUUID;
|
||||
|
||||
|
||||
// DO NOT LOOK BELOW THIS LINE. These fields have all been deleted,
|
||||
// but survive to support schema upgrade code.
|
||||
@@ -89,6 +84,12 @@ public final class SystemConfig {
|
||||
/** DEPRECATED DO NOT USE */
|
||||
@Column(id = 9, notNull = false)
|
||||
public AccountGroup.Id ownerGroupId;
|
||||
/** DEPRECATED DO NOT USE */
|
||||
@Column(id = 8, notNull = false)
|
||||
public AccountGroup.Id batchUsersGroupId;
|
||||
/** DEPRECATED DO NOT USE */
|
||||
@Column(id = 11, notNull = false)
|
||||
public AccountGroup.UUID batchUsersGroupUUID;
|
||||
|
||||
protected SystemConfig() {
|
||||
}
|
||||
|
||||
@@ -18,7 +18,6 @@ import com.google.gerrit.reviewdb.AccountGroup;
|
||||
import com.google.gerrit.reviewdb.AccountProjectWatch;
|
||||
import com.google.gerrit.reviewdb.Change;
|
||||
import com.google.gerrit.server.account.CapabilityControl;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.inject.Inject;
|
||||
|
||||
import java.util.Collection;
|
||||
@@ -28,8 +27,8 @@ import java.util.Set;
|
||||
/** An anonymous user who has not yet authenticated. */
|
||||
public class AnonymousUser extends CurrentUser {
|
||||
@Inject
|
||||
AnonymousUser(CapabilityControl.Factory capabilityControlFactory, AuthConfig auth) {
|
||||
super(capabilityControlFactory, AccessPath.UNKNOWN, auth);
|
||||
AnonymousUser(CapabilityControl.Factory capabilityControlFactory) {
|
||||
super(capabilityControlFactory, AccessPath.UNKNOWN);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -18,7 +18,6 @@ import com.google.gerrit.reviewdb.AccountGroup;
|
||||
import com.google.gerrit.reviewdb.AccountProjectWatch;
|
||||
import com.google.gerrit.reviewdb.Change;
|
||||
import com.google.gerrit.server.account.CapabilityControl;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.inject.servlet.RequestScoped;
|
||||
|
||||
import java.util.Collection;
|
||||
@@ -35,17 +34,14 @@ import java.util.Set;
|
||||
public abstract class CurrentUser {
|
||||
private final CapabilityControl.Factory capabilityControlFactory;
|
||||
private final AccessPath accessPath;
|
||||
protected final AuthConfig authConfig;
|
||||
|
||||
private CapabilityControl capabilities;
|
||||
|
||||
protected CurrentUser(
|
||||
CapabilityControl.Factory capabilityControlFactory,
|
||||
AccessPath accessPath,
|
||||
AuthConfig authConfig) {
|
||||
AccessPath accessPath) {
|
||||
this.capabilityControlFactory = capabilityControlFactory;
|
||||
this.accessPath = accessPath;
|
||||
this.authConfig = authConfig;
|
||||
}
|
||||
|
||||
/** How this user is accessing the Gerrit Code Review application. */
|
||||
@@ -72,11 +68,6 @@ public abstract class CurrentUser {
|
||||
/** Filters selecting changes the user wants to monitor. */
|
||||
public abstract Collection<AccountProjectWatch> getNotificationFilters();
|
||||
|
||||
/** Is the user a non-interactive user? */
|
||||
public boolean isBatchUser() {
|
||||
return getEffectiveGroups().contains(authConfig.getBatchUsersGroup());
|
||||
}
|
||||
|
||||
/** Capabilities available to this user account. */
|
||||
public CapabilityControl getCapabilities() {
|
||||
CapabilityControl ctl = capabilities;
|
||||
|
||||
@@ -180,6 +180,7 @@ public class IdentifiedUser extends CurrentUser {
|
||||
private final Realm realm;
|
||||
private final AccountCache accountCache;
|
||||
private final GroupIncludeCache groupIncludeCache;
|
||||
private final AuthConfig authConfig;
|
||||
|
||||
@Nullable
|
||||
private final Provider<SocketAddress> remotePeerProvider;
|
||||
@@ -203,11 +204,12 @@ public class IdentifiedUser extends CurrentUser {
|
||||
final GroupIncludeCache groupIncludeCache,
|
||||
@Nullable final Provider<SocketAddress> remotePeerProvider,
|
||||
@Nullable final Provider<ReviewDb> dbProvider, final Account.Id id) {
|
||||
super(capabilityControlFactory, accessPath, authConfig);
|
||||
super(capabilityControlFactory, accessPath);
|
||||
this.canonicalUrl = canonicalUrl;
|
||||
this.realm = realm;
|
||||
this.accountCache = accountCache;
|
||||
this.groupIncludeCache = groupIncludeCache;
|
||||
this.authConfig = authConfig;
|
||||
this.remotePeerProvider = remotePeerProvider;
|
||||
this.dbProvider = dbProvider;
|
||||
this.accountId = id;
|
||||
|
||||
@@ -18,7 +18,6 @@ import com.google.gerrit.reviewdb.AccountGroup;
|
||||
import com.google.gerrit.reviewdb.AccountProjectWatch;
|
||||
import com.google.gerrit.reviewdb.Change;
|
||||
import com.google.gerrit.server.account.CapabilityControl;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.assistedinject.Assisted;
|
||||
|
||||
@@ -40,8 +39,8 @@ public class PeerDaemonUser extends CurrentUser {
|
||||
|
||||
@Inject
|
||||
protected PeerDaemonUser(CapabilityControl.Factory capabilityControlFactory,
|
||||
AuthConfig authConfig, @Assisted SocketAddress peer) {
|
||||
super(capabilityControlFactory, AccessPath.SSH_COMMAND, authConfig);
|
||||
@Assisted SocketAddress peer) {
|
||||
super(capabilityControlFactory, AccessPath.SSH_COMMAND);
|
||||
this.peer = peer;
|
||||
}
|
||||
|
||||
|
||||
@@ -18,7 +18,6 @@ import com.google.gerrit.reviewdb.AccountGroup;
|
||||
import com.google.gerrit.reviewdb.AccountProjectWatch;
|
||||
import com.google.gerrit.reviewdb.Change;
|
||||
import com.google.gerrit.server.account.CapabilityControl;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.assistedinject.Assisted;
|
||||
|
||||
@@ -40,8 +39,8 @@ public class ReplicationUser extends CurrentUser {
|
||||
|
||||
@Inject
|
||||
protected ReplicationUser(CapabilityControl.Factory capabilityControlFactory,
|
||||
AuthConfig authConfig, @Assisted Set<AccountGroup.UUID> authGroups) {
|
||||
super(capabilityControlFactory, AccessPath.REPLICATION, authConfig);
|
||||
@Assisted Set<AccountGroup.UUID> authGroups) {
|
||||
super(capabilityControlFactory, AccessPath.REPLICATION);
|
||||
|
||||
if (authGroups == EVERYTHING_VISIBLE) {
|
||||
effectiveGroups = EVERYTHING_VISIBLE;
|
||||
|
||||
@@ -23,6 +23,7 @@ import com.google.gerrit.common.data.PermissionRule;
|
||||
import com.google.gerrit.reviewdb.AccountGroup;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.PeerDaemonUser;
|
||||
import com.google.gerrit.server.git.QueueProvider;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.gerrit.server.project.ProjectState;
|
||||
import com.google.inject.Inject;
|
||||
@@ -121,6 +122,44 @@ public class CapabilityControl {
|
||||
|| canAdministrateServer();
|
||||
}
|
||||
|
||||
/** @return which priority queue the user's tasks should be submitted to. */
|
||||
public QueueProvider.QueueType getQueueType() {
|
||||
// If a non-generic group (that is not Anonymous Users or Registered Users)
|
||||
// grants us INTERACTIVE permission, use the INTERACTIVE queue even if
|
||||
// BATCH was otherwise granted. This allows site administrators to grant
|
||||
// INTERACTIVE to Registered Users, and BATCH to 'CI Servers' and have
|
||||
// the 'CI Servers' actually use the BATCH queue while everyone else gets
|
||||
// to use the INTERACTIVE queue without additional grants.
|
||||
//
|
||||
List<PermissionRule> rules = access(GlobalCapability.PRIORITY);
|
||||
boolean batch = false;
|
||||
for (PermissionRule r : rules) {
|
||||
switch (r.getAction()) {
|
||||
case INTERACTIVE:
|
||||
if (!isGenericGroup(r.getGroup())) {
|
||||
return QueueProvider.QueueType.INTERACTIVE;
|
||||
}
|
||||
break;
|
||||
|
||||
case BATCH:
|
||||
batch = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (batch) {
|
||||
// If any of our groups matched to the BATCH queue, use it.
|
||||
return QueueProvider.QueueType.BATCH;
|
||||
} else {
|
||||
return QueueProvider.QueueType.INTERACTIVE;
|
||||
}
|
||||
}
|
||||
|
||||
private static boolean isGenericGroup(GroupReference group) {
|
||||
return AccountGroup.ANONYMOUS_USERS.equals(group.getUUID())
|
||||
|| AccountGroup.REGISTERED_USERS.equals(group.getUUID());
|
||||
}
|
||||
|
||||
/** True if the user has this permission. Works only for non labels. */
|
||||
public boolean canPerform(String permissionName) {
|
||||
return !access(permissionName).isEmpty();
|
||||
@@ -172,7 +211,7 @@ public class CapabilityControl {
|
||||
for (Permission permission : section.getPermissions()) {
|
||||
for (PermissionRule rule : permission.getRules()) {
|
||||
if (matchGroup(rule.getGroup().getUUID())) {
|
||||
if (!rule.getDeny()) {
|
||||
if (rule.getAction() != PermissionRule.Action.DENY) {
|
||||
List<PermissionRule> r = res.get(permission.getName());
|
||||
if (r == null) {
|
||||
r = new ArrayList<PermissionRule>(2);
|
||||
|
||||
@@ -16,7 +16,6 @@ package com.google.gerrit.server.config;
|
||||
|
||||
import com.google.gerrit.common.auth.openid.OpenIdProviderPattern;
|
||||
import com.google.gerrit.reviewdb.AccountExternalId;
|
||||
import com.google.gerrit.reviewdb.AccountGroup;
|
||||
import com.google.gerrit.reviewdb.AuthType;
|
||||
import com.google.gerrit.reviewdb.SystemConfig;
|
||||
import com.google.gwtjsonrpc.server.SignedToken;
|
||||
@@ -43,8 +42,6 @@ public class AuthConfig {
|
||||
private final boolean cookieSecure;
|
||||
private final SignedToken emailReg;
|
||||
|
||||
private final AccountGroup.UUID batchUsersGroup;
|
||||
|
||||
private final boolean allowGoogleAccountUpgrade;
|
||||
|
||||
@Inject
|
||||
@@ -59,8 +56,6 @@ public class AuthConfig {
|
||||
cookieSecure = cfg.getBoolean("auth", "cookiesecure", false);
|
||||
emailReg = new SignedToken(5 * 24 * 60 * 60, s.registerEmailPrivateKey);
|
||||
|
||||
batchUsersGroup = s.batchUsersGroupUUID;
|
||||
|
||||
if (authType == AuthType.OPENID) {
|
||||
allowGoogleAccountUpgrade =
|
||||
cfg.getBoolean("auth", "allowgoogleaccountupgrade", false);
|
||||
@@ -115,11 +110,6 @@ public class AuthConfig {
|
||||
return allowGoogleAccountUpgrade;
|
||||
}
|
||||
|
||||
/** Identity of the group whose service is degraded to lower priority. */
|
||||
public AccountGroup.UUID getBatchUsersGroup() {
|
||||
return batchUsersGroup;
|
||||
}
|
||||
|
||||
/** OpenID identities which the server permits for authentication. */
|
||||
public List<OpenIdProviderPattern> getAllowedOpenIDs() {
|
||||
return allowedOpenIDs;
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
// Copyright (C) 2011 The Android Open Source Project
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package com.google.gerrit.server.git;
|
||||
|
||||
public interface QueueProvider {
|
||||
public static enum QueueType {
|
||||
INTERACTIVE, BATCH;
|
||||
}
|
||||
|
||||
public WorkQueue.Executor getQueue(QueueType type);
|
||||
}
|
||||
@@ -35,7 +35,7 @@ final class SingleGroupUser extends CurrentUser {
|
||||
|
||||
SingleGroupUser(CapabilityControl.Factory capabilityControlFactory,
|
||||
Set<AccountGroup.UUID> groups) {
|
||||
super(capabilityControlFactory, AccessPath.UNKNOWN, null);
|
||||
super(capabilityControlFactory, AccessPath.UNKNOWN);
|
||||
this.groups = groups;
|
||||
}
|
||||
|
||||
@@ -53,9 +53,4 @@ final class SingleGroupUser extends CurrentUser {
|
||||
public Collection<AccountProjectWatch> getNotificationFilters() {
|
||||
return Collections.emptySet();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isBatchUser() {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -194,9 +194,6 @@ public class SchemaCreator {
|
||||
final SystemConfig s = SystemConfig.create();
|
||||
s.registerEmailPrivateKey = SignedToken.generateRandomKey();
|
||||
|
||||
s.batchUsersGroupId = batchUsers.getId();
|
||||
s.batchUsersGroupUUID = batchUsers.getGroupUUID();
|
||||
|
||||
try {
|
||||
s.sitePath = site_path.getCanonicalPath();
|
||||
} catch (IOException e) {
|
||||
@@ -269,13 +266,6 @@ public class SchemaCreator {
|
||||
return new PermissionRule(config.resolve(group));
|
||||
}
|
||||
|
||||
private PermissionRule rule(ProjectConfig config, AccountGroup group,
|
||||
int min, int max) {
|
||||
PermissionRule rule = new PermissionRule(config.resolve(group));
|
||||
rule.setRange(min, max);
|
||||
return rule;
|
||||
}
|
||||
|
||||
private void initVerifiedCategory(final ReviewDb c) throws OrmException {
|
||||
final ApprovalCategory cat;
|
||||
final ArrayList<ApprovalCategoryValue> vals;
|
||||
|
||||
@@ -17,6 +17,7 @@ package com.google.gerrit.server.schema;
|
||||
import com.google.gerrit.common.data.AccessSection;
|
||||
import com.google.gerrit.common.data.GlobalCapability;
|
||||
import com.google.gerrit.common.data.PermissionRule;
|
||||
import com.google.gerrit.common.data.PermissionRule.Action;
|
||||
import com.google.gerrit.reviewdb.AccountGroup;
|
||||
import com.google.gerrit.reviewdb.AccountGroupName;
|
||||
import com.google.gerrit.reviewdb.Project;
|
||||
@@ -115,20 +116,21 @@ public class Schema_57 extends SchemaVersion {
|
||||
}
|
||||
|
||||
AccountGroup batch = db.accountGroups().get(sc.batchUsersGroupId);
|
||||
if (db.accountGroupMembers().byGroup(sc.batchUsersGroupId).toList().isEmpty() &&
|
||||
db.accountGroupIncludes().byGroup(sc.batchUsersGroupId).toList().isEmpty()) {
|
||||
if (batch != null
|
||||
&& db.accountGroupMembers().byGroup(sc.batchUsersGroupId).toList().isEmpty()
|
||||
&& db.accountGroupIncludes().byGroup(sc.batchUsersGroupId).toList().isEmpty()) {
|
||||
// If the batch user group is not used, delete it.
|
||||
//
|
||||
if (batch != null) {
|
||||
db.accountGroups().delete(Collections.singleton(batch));
|
||||
|
||||
AccountGroupName name = db.accountGroupNames().get(batch.getNameKey());
|
||||
if (name != null) {
|
||||
db.accountGroupNames().delete(Collections.singleton(name));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// FIXME Assign low priority to this group.
|
||||
} else if (batch != null) {
|
||||
cap.getPermission(GlobalCapability.PRIORITY, true)
|
||||
.getRule(config.resolve(batch), true)
|
||||
.setAction(Action.BATCH);
|
||||
}
|
||||
|
||||
md.setMessage("Upgrade to Gerrit Code Review schema 57\n");
|
||||
@@ -159,6 +161,8 @@ public class Schema_57 extends SchemaVersion {
|
||||
sc.registeredGroupId = new AccountGroup.Id(0);
|
||||
sc.wildProjectName = new Project.NameKey("DELETED");
|
||||
sc.ownerGroupId = new AccountGroup.Id(0);
|
||||
sc.batchUsersGroupId = new AccountGroup.Id(0);
|
||||
sc.batchUsersGroupUUID = new AccountGroup.UUID("DELETED");
|
||||
|
||||
db.systemConfig().update(Collections.singleton(sc));
|
||||
}
|
||||
|
||||
@@ -25,13 +25,11 @@ import com.google.gerrit.reviewdb.AccountGroup;
|
||||
import com.google.gerrit.reviewdb.AccountProjectWatch;
|
||||
import com.google.gerrit.reviewdb.Change;
|
||||
import com.google.gerrit.reviewdb.Project;
|
||||
import com.google.gerrit.reviewdb.SystemConfig;
|
||||
import com.google.gerrit.rules.PrologEnvironment;
|
||||
import com.google.gerrit.server.AccessPath;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.account.CapabilityControl;
|
||||
import com.google.gerrit.server.config.AllProjectsName;
|
||||
import com.google.gerrit.server.config.AuthConfig;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.git.GitRepositoryManager;
|
||||
import com.google.gerrit.server.git.ProjectConfig;
|
||||
@@ -42,10 +40,8 @@ import com.google.inject.assistedinject.FactoryProvider;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.eclipse.jgit.lib.Config;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
@@ -210,20 +206,9 @@ public class RefControlTest extends TestCase {
|
||||
private final AccountGroup.UUID devs = new AccountGroup.UUID("test.devs");
|
||||
private final AccountGroup.UUID fixers = new AccountGroup.UUID("test.fixers");
|
||||
|
||||
private final SystemConfig systemConfig;
|
||||
private final AuthConfig authConfig;
|
||||
private final CapabilityControl.Factory capabilityControlFactory;
|
||||
|
||||
public RefControlTest() {
|
||||
systemConfig = SystemConfig.create();
|
||||
systemConfig.batchUsersGroupUUID = anonymous;
|
||||
try {
|
||||
byte[] bin = "abcdefghijklmnopqrstuvwxyz".getBytes("UTF-8");
|
||||
systemConfig.registerEmailPrivateKey = Base64.encodeBase64String(bin);
|
||||
} catch (UnsupportedEncodingException err) {
|
||||
throw new RuntimeException("Cannot encode key", err);
|
||||
}
|
||||
|
||||
all = new HashMap<Project.NameKey, ProjectState>();
|
||||
projectCache = new ProjectCache() {
|
||||
@Override
|
||||
@@ -268,11 +253,8 @@ public class RefControlTest extends TestCase {
|
||||
CapabilityControl.class));
|
||||
|
||||
bind(ProjectCache.class).toInstance(projectCache);
|
||||
bind(SystemConfig.class).toInstance(systemConfig);
|
||||
bind(AuthConfig.class);
|
||||
}
|
||||
});
|
||||
authConfig = injector.getInstance(AuthConfig.class);
|
||||
capabilityControlFactory = injector.getInstance(CapabilityControl.Factory.class);
|
||||
}
|
||||
|
||||
@@ -348,9 +330,7 @@ public class RefControlTest extends TestCase {
|
||||
private final Set<AccountGroup.UUID> groups;
|
||||
|
||||
MockUser(AccountGroup.UUID[] groupId) {
|
||||
super(RefControlTest.this.capabilityControlFactory,
|
||||
AccessPath.UNKNOWN,
|
||||
RefControlTest.this.authConfig);
|
||||
super(RefControlTest.this.capabilityControlFactory, AccessPath.UNKNOWN);
|
||||
groups = new HashSet<AccountGroup.UUID>(Arrays.asList(groupId));
|
||||
groups.add(registered);
|
||||
groups.add(anonymous);
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
package com.google.gerrit.sshd;
|
||||
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.git.QueueProvider;
|
||||
import com.google.gerrit.server.git.WorkQueue;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
@@ -33,12 +34,6 @@ class CommandExecutorProvider implements Provider<WorkQueue.Executor> {
|
||||
|
||||
@Override
|
||||
public WorkQueue.Executor get() {
|
||||
WorkQueue.Executor executor;
|
||||
if (user.isBatchUser()) {
|
||||
executor = queues.getBatchQueue();
|
||||
} else {
|
||||
executor = queues.getInteractiveQueue();
|
||||
}
|
||||
return executor;
|
||||
return queues.getQueue(user.getCapabilities().getQueueType());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
package com.google.gerrit.sshd;
|
||||
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.git.QueueProvider;
|
||||
import com.google.gerrit.server.git.WorkQueue;
|
||||
import com.google.inject.Inject;
|
||||
|
||||
@@ -64,13 +65,13 @@ public class CommandExecutorQueueProvider implements QueueProvider {
|
||||
}
|
||||
|
||||
@Override
|
||||
public WorkQueue.Executor getInteractiveQueue() {
|
||||
public WorkQueue.Executor getQueue(QueueType type) {
|
||||
switch (type) {
|
||||
case INTERACTIVE:
|
||||
return interactiveExecutor;
|
||||
}
|
||||
|
||||
@Override
|
||||
public WorkQueue.Executor getBatchQueue() {
|
||||
case BATCH:
|
||||
default:
|
||||
return batchExecutor;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
package com.google.gerrit.sshd;
|
||||
|
||||
import com.google.gerrit.server.git.WorkQueue;
|
||||
|
||||
public interface QueueProvider {
|
||||
|
||||
public WorkQueue.Executor getInteractiveQueue();
|
||||
|
||||
public WorkQueue.Executor getBatchQueue();
|
||||
|
||||
}
|
||||
@@ -28,6 +28,7 @@ import com.google.gerrit.server.account.AccountManager;
|
||||
import com.google.gerrit.server.account.ChangeUserName;
|
||||
import com.google.gerrit.server.config.FactoryModule;
|
||||
import com.google.gerrit.server.config.GerritRequestModule;
|
||||
import com.google.gerrit.server.git.QueueProvider;
|
||||
import com.google.gerrit.server.git.WorkQueue;
|
||||
import com.google.gerrit.server.project.ProjectControl;
|
||||
import com.google.gerrit.server.ssh.SshInfo;
|
||||
|
||||
Reference in New Issue
Block a user