diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java b/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java new file mode 100644 index 0000000000..7d40634446 --- /dev/null +++ b/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java @@ -0,0 +1,199 @@ +// Copyright (C) 2013 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.google.gerrit.server.schema; + +import com.google.common.collect.ImmutableList; +import com.google.gerrit.common.Version; +import com.google.gerrit.common.data.AccessSection; +import com.google.gerrit.common.data.GlobalCapability; +import com.google.gerrit.common.data.GroupReference; +import com.google.gerrit.common.data.LabelType; +import com.google.gerrit.common.data.LabelValue; +import com.google.gerrit.common.data.Permission; +import com.google.gerrit.common.data.PermissionRule; +import com.google.gerrit.reviewdb.client.AccountGroup; +import com.google.gerrit.reviewdb.client.Project; +import com.google.gerrit.reviewdb.client.Project.InheritableBoolean; +import com.google.gerrit.server.GerritPersonIdent; +import com.google.gerrit.server.config.AllProjectsName; +import com.google.gerrit.server.extensions.events.GitReferenceUpdated; +import com.google.gerrit.server.git.GitRepositoryManager; +import com.google.gerrit.server.git.MetaDataUpdate; +import com.google.gerrit.server.git.ProjectConfig; +import com.google.inject.Inject; + +import org.eclipse.jgit.errors.ConfigInvalidException; +import org.eclipse.jgit.errors.RepositoryNotFoundException; +import org.eclipse.jgit.lib.Constants; +import org.eclipse.jgit.lib.PersonIdent; +import org.eclipse.jgit.lib.RefUpdate; +import org.eclipse.jgit.lib.Repository; + +import java.io.IOException; + +/** Creates the {@code All-Projects} repository and initial ACLs. */ +public class AllProjectsCreator { + private final GitRepositoryManager mgr; + private final AllProjectsName allProjectsName; + private final PersonIdent serverUser; + + private GroupReference admin; + private GroupReference anonymous; + private GroupReference registered; + private GroupReference owners; + + @Inject + AllProjectsCreator( + GitRepositoryManager mgr, + AllProjectsName allProjectsName, + @GerritPersonIdent PersonIdent serverUser) { + this.mgr = mgr; + this.allProjectsName = allProjectsName; + this.serverUser = serverUser; + + this.anonymous = new GroupReference( + AccountGroup.ANONYMOUS_USERS, + "Anonymous Users"); + this.anonymous = new GroupReference( + AccountGroup.REGISTERED_USERS, + "Registered Users"); + this.owners = new GroupReference( + AccountGroup.PROJECT_OWNERS, + "Project Owners"); + } + + public AllProjectsCreator setAdministrators(GroupReference admin) { + this.admin = admin; + return this; + } + + public void create() throws IOException, ConfigInvalidException { + Repository git = null; + try { + git = mgr.openRepository(allProjectsName); + initAllProjects(git); + } catch (RepositoryNotFoundException notFound) { + // A repository may be missing if this project existed only to store + // inheritable permissions. For example 'All-Projects'. + try { + git = mgr.createRepository(allProjectsName); + initAllProjects(git); + + RefUpdate u = git.updateRef(Constants.HEAD); + u.link(GitRepositoryManager.REF_CONFIG); + } catch (RepositoryNotFoundException err) { + String name = allProjectsName.get(); + throw new IOException("Cannot create repository " + name, err); + } + } finally { + if (git != null) { + git.close(); + } + } + } + + private void initAllProjects(Repository git) + throws IOException, ConfigInvalidException { + MetaDataUpdate md = new MetaDataUpdate( + GitReferenceUpdated.DISABLED, + allProjectsName, + git); + md.getCommitBuilder().setAuthor(serverUser); + md.getCommitBuilder().setCommitter(serverUser); + md.setMessage("Initialized Gerrit Code Review " + Version.getVersion()); + + ProjectConfig config = ProjectConfig.read(md); + Project p = config.getProject(); + p.setDescription("Access inherited by all other projects."); + p.setRequireChangeID(InheritableBoolean.TRUE); + p.setUseContentMerge(InheritableBoolean.TRUE); + p.setUseContributorAgreements(InheritableBoolean.FALSE); + p.setUseSignedOffBy(InheritableBoolean.FALSE); + + AccessSection cap = config.getAccessSection(AccessSection.GLOBAL_CAPABILITIES, true); + AccessSection all = config.getAccessSection(AccessSection.ALL, true); + AccessSection heads = config.getAccessSection(AccessSection.HEADS, true); + AccessSection tags = config.getAccessSection("refs/tags/*", true); + AccessSection meta = config.getAccessSection(GitRepositoryManager.REF_CONFIG, true); + AccessSection magic = config.getAccessSection("refs/for/" + AccessSection.ALL, true); + + grant(config, cap, GlobalCapability.ADMINISTRATE_SERVER, admin); + grant(config, all, Permission.READ, admin, anonymous); + + LabelType cr = initCodeReviewLabel(config); + grant(config, heads, cr, -1, 1, registered); + grant(config, heads, cr, -2, 2, admin, owners); + grant(config, heads, Permission.CREATE, admin, owners); + grant(config, heads, Permission.PUSH, admin, owners); + grant(config, heads, Permission.SUBMIT, admin, owners); + grant(config, heads, Permission.FORGE_AUTHOR, registered); + grant(config, heads, Permission.FORGE_COMMITTER, admin, owners); + + grant(config, tags, Permission.PUSH_TAG, admin, owners); + grant(config, tags, Permission.PUSH_SIGNED_TAG, admin, owners); + + grant(config, magic, Permission.PUSH, registered); + grant(config, magic, Permission.PUSH_MERGE, registered); + + meta.getPermission(Permission.READ, true).setExclusiveGroup(true); + grant(config, meta, Permission.READ, admin, owners); + grant(config, meta, cr, -2, 2, admin, owners); + grant(config, meta, Permission.PUSH, admin, owners); + grant(config, meta, Permission.SUBMIT, admin, owners); + + config.commit(md); + } + + private void grant(ProjectConfig config, AccessSection section, + String permission, GroupReference... groupList) { + Permission p = section.getPermission(permission, true); + for (GroupReference group : groupList) { + if (group != null) { + p.add(rule(config, group)); + } + } + } + + private void grant(ProjectConfig config, + AccessSection section, LabelType type, + int min, int max, GroupReference... groupList) { + String name = Permission.LABEL + type.getName(); + Permission p = section.getPermission(name, true); + for (GroupReference group : groupList) { + if (group != null) { + PermissionRule r = rule(config, group); + r.setRange(min, max); + p.add(r); + } + } + } + + private PermissionRule rule(ProjectConfig config, GroupReference group) { + return new PermissionRule(config.resolve(group)); + } + + public static LabelType initCodeReviewLabel(ProjectConfig c) { + LabelType type = new LabelType("Code-Review", ImmutableList.of( + new LabelValue((short) 2, "Looks good to me, approved"), + new LabelValue((short) 1, "Looks good to me, but someone else must approve"), + new LabelValue((short) 0, "No score"), + new LabelValue((short) -1, "I would prefer that you didn't submit this"), + new LabelValue((short) -2, "Do not submit"))); + type.setAbbreviatedName("CR"); + type.setCopyMinScore(true); + c.getLabelSections().put(type.getName(), type); + return type; + } +} diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java b/gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java index 766d673fd0..8e8995a615 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java @@ -14,41 +14,23 @@ package com.google.gerrit.server.schema; -import com.google.common.collect.ImmutableList; -import com.google.gerrit.common.Version; -import com.google.gerrit.common.data.AccessSection; -import com.google.gerrit.common.data.GlobalCapability; -import com.google.gerrit.common.data.LabelType; -import com.google.gerrit.common.data.LabelValue; -import com.google.gerrit.common.data.Permission; -import com.google.gerrit.common.data.PermissionRule; +import com.google.gerrit.common.data.GroupReference; import com.google.gerrit.reviewdb.client.AccountGroup; import com.google.gerrit.reviewdb.client.AccountGroupName; import com.google.gerrit.reviewdb.client.CurrentSchemaVersion; -import com.google.gerrit.reviewdb.client.Project; -import com.google.gerrit.reviewdb.client.Project.InheritableBoolean; import com.google.gerrit.reviewdb.client.SystemConfig; import com.google.gerrit.reviewdb.server.ReviewDb; import com.google.gerrit.server.GerritPersonIdent; import com.google.gerrit.server.account.GroupUUID; -import com.google.gerrit.server.config.AllProjectsName; import com.google.gerrit.server.config.SitePath; import com.google.gerrit.server.config.SitePaths; -import com.google.gerrit.server.extensions.events.GitReferenceUpdated; -import com.google.gerrit.server.git.GitRepositoryManager; -import com.google.gerrit.server.git.MetaDataUpdate; -import com.google.gerrit.server.git.ProjectConfig; import com.google.gwtorm.jdbc.JdbcExecutor; import com.google.gwtorm.jdbc.JdbcSchema; import com.google.gwtorm.server.OrmException; import com.google.inject.Inject; import org.eclipse.jgit.errors.ConfigInvalidException; -import org.eclipse.jgit.errors.RepositoryNotFoundException; -import org.eclipse.jgit.lib.Constants; import org.eclipse.jgit.lib.PersonIdent; -import org.eclipse.jgit.lib.RefUpdate; -import org.eclipse.jgit.lib.Repository; import java.io.File; import java.io.IOException; @@ -59,8 +41,7 @@ public class SchemaCreator { private final @SitePath File site_path; - private final GitRepositoryManager mgr; - private final AllProjectsName allProjectsName; + private final AllProjectsCreator allProjectsCreator; private final PersonIdent serverUser; private final DataSourceType dataSourceType; @@ -74,22 +55,19 @@ public class SchemaCreator { @Inject public SchemaCreator(SitePaths site, @Current SchemaVersion version, - GitRepositoryManager mgr, - AllProjectsName allProjectsName, + AllProjectsCreator ap, @GerritPersonIdent PersonIdent au, DataSourceType dst) { - this(site.site_path, version, mgr, allProjectsName, au, dst); + this(site.site_path, version, ap, au, dst); } public SchemaCreator(@SitePath File site, @Current SchemaVersion version, - GitRepositoryManager gitMgr, - AllProjectsName ap, + AllProjectsCreator ap, @GerritPersonIdent PersonIdent au, DataSourceType dst) { site_path = site; - mgr = gitMgr; - allProjectsName = ap; + allProjectsCreator = ap; serverUser = au; dataSourceType = dst; versionNbr = version.getVersionNbr(); @@ -110,7 +88,9 @@ public class SchemaCreator { db.schemaVersion().insert(Collections.singleton(sVer)); initSystemConfig(db); - initAllProjects(); + allProjectsCreator + .setAdministrators(GroupReference.forGroup(admin)) + .create(); dataSourceType.getIndexScript().run(db); } @@ -176,118 +156,4 @@ public class SchemaCreator { c.systemConfig().insert(Collections.singleton(s)); return s; } - - private void initAllProjects() throws IOException, ConfigInvalidException { - Repository git = null; - try { - git = mgr.openRepository(allProjectsName); - initAllProjects(git); - } catch (RepositoryNotFoundException notFound) { - // A repository may be missing if this project existed only to store - // inheritable permissions. For example 'All-Projects'. - try { - git = mgr.createRepository(allProjectsName); - initAllProjects(git); - final RefUpdate u = git.updateRef(Constants.HEAD); - u.link(GitRepositoryManager.REF_CONFIG); - } catch (RepositoryNotFoundException err) { - final String name = allProjectsName.get(); - throw new IOException("Cannot create repository " + name, err); - } - } finally { - if (git != null) { - git.close(); - } - } - } - - private void initAllProjects(Repository git) throws IOException, - ConfigInvalidException { - MetaDataUpdate md = - new MetaDataUpdate(GitReferenceUpdated.DISABLED, allProjectsName, git); - md.getCommitBuilder().setAuthor(serverUser); - md.getCommitBuilder().setCommitter(serverUser); - - ProjectConfig config = ProjectConfig.read(md); - Project p = config.getProject(); - p.setDescription("Access inherited by all other projects."); - p.setRequireChangeID(InheritableBoolean.TRUE); - p.setUseContentMerge(InheritableBoolean.TRUE); - p.setUseContributorAgreements(InheritableBoolean.FALSE); - p.setUseSignedOffBy(InheritableBoolean.FALSE); - - AccessSection cap = config.getAccessSection(AccessSection.GLOBAL_CAPABILITIES, true); - AccessSection all = config.getAccessSection(AccessSection.ALL, true); - AccessSection heads = config.getAccessSection(AccessSection.HEADS, true); - AccessSection tags = config.getAccessSection("refs/tags/*", true); - AccessSection meta = config.getAccessSection(GitRepositoryManager.REF_CONFIG, true); - AccessSection magic = config.getAccessSection("refs/for/" + AccessSection.ALL, true); - - grant(config, cap, GlobalCapability.ADMINISTRATE_SERVER, admin); - grant(config, all, Permission.READ, admin, anonymous); - - LabelType cr = initCodeReviewLabel(config); - grant(config, heads, cr, -1, 1, registered); - grant(config, heads, cr, -2, 2, admin, owners); - grant(config, heads, Permission.CREATE, admin, owners); - grant(config, heads, Permission.PUSH, admin, owners); - grant(config, heads, Permission.SUBMIT, admin, owners); - grant(config, heads, Permission.FORGE_AUTHOR, registered); - grant(config, heads, Permission.FORGE_COMMITTER, admin, owners); - - grant(config, tags, Permission.PUSH_TAG, admin, owners); - grant(config, tags, Permission.PUSH_SIGNED_TAG, admin, owners); - - grant(config, magic, Permission.PUSH, registered); - grant(config, magic, Permission.PUSH_MERGE, registered); - - meta.getPermission(Permission.READ, true).setExclusiveGroup(true); - grant(config, meta, Permission.READ, admin, owners); - grant(config, meta, cr, -2, 2, admin, owners); - grant(config, meta, Permission.PUSH, admin, owners); - grant(config, meta, Permission.SUBMIT, admin, owners); - - md.setMessage("Initialized Gerrit Code Review " + Version.getVersion()); - config.commit(md); - } - - private PermissionRule grant(ProjectConfig config, AccessSection section, - String permission, AccountGroup group1, AccountGroup... groupList) { - Permission p = section.getPermission(permission, true); - PermissionRule rule = rule(config, group1); - p.add(rule); - for (AccountGroup group : groupList) { - p.add(rule(config, group)); - } - return rule; - } - - private void grant(ProjectConfig config, - AccessSection section, LabelType type, - int min, int max, AccountGroup... groupList) { - String name = Permission.LABEL + type.getName(); - Permission p = section.getPermission(name, true); - for (AccountGroup group : groupList) { - PermissionRule r = rule(config, group); - r.setRange(min, max); - p.add(r); - } - } - - private PermissionRule rule(ProjectConfig config, AccountGroup group) { - return new PermissionRule(config.resolve(group)); - } - - public static LabelType initCodeReviewLabel(ProjectConfig c) { - LabelType type = new LabelType("Code-Review", ImmutableList.of( - new LabelValue((short) 2, "Looks good to me, approved"), - new LabelValue((short) 1, "Looks good to me, but someone else must approve"), - new LabelValue((short) 0, "No score"), - new LabelValue((short) -1, "I would prefer that you didn't submit this"), - new LabelValue((short) -2, "Do not submit"))); - type.setAbbreviatedName("CR"); - type.setCopyMinScore(true); - c.getLabelSections().put(type.getName(), type); - return type; - } }