Merge changes I9243e16c,I29533337,Ifbbdbb46
* changes: Fix names of "refs/users/" constants Include refs/users/default branch when listing branches Grant admins read, push and create on refs/users/default
This commit is contained in:
David Pursehouse
@@ -27,7 +27,6 @@ import java.io.IOException;
|
||||
|
||||
/** Preferences for user accounts. */
|
||||
public class VersionedAccountPreferences extends VersionedMetaData {
|
||||
private static final String REFS_USER_DEFAULT = RefNames.REFS_USER + "default";
|
||||
private static final String PREFERENCES = "preferences.config";
|
||||
|
||||
public static VersionedAccountPreferences forUser(Account.Id id) {
|
||||
@@ -35,7 +34,7 @@ public class VersionedAccountPreferences extends VersionedMetaData {
|
||||
}
|
||||
|
||||
public static VersionedAccountPreferences forDefault() {
|
||||
return new VersionedAccountPreferences(REFS_USER_DEFAULT);
|
||||
return new VersionedAccountPreferences(RefNames.REFS_USERS_DEFAULT);
|
||||
}
|
||||
|
||||
private final String ref;
|
||||
@@ -46,7 +45,7 @@ public class VersionedAccountPreferences extends VersionedMetaData {
|
||||
}
|
||||
|
||||
public boolean isDefaults() {
|
||||
return REFS_USER_DEFAULT.equals(getRefName());
|
||||
return RefNames.REFS_USERS_DEFAULT.equals(getRefName());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -117,6 +117,7 @@ public class ListBranches implements RestReadView<ProjectResource> {
|
||||
refs.addAll(heads);
|
||||
addRef(db, refs, Constants.HEAD);
|
||||
addRef(db, refs, RefNames.REFS_CONFIG);
|
||||
addRef(db, refs, RefNames.REFS_USERS_DEFAULT);
|
||||
} catch (RepositoryNotFoundException noGitRepository) {
|
||||
throw new ResourceNotFoundException();
|
||||
}
|
||||
|
||||
@@ -0,0 +1,59 @@
|
||||
// Copyright (C) 2015 The Android Open Source Project
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package com.google.gerrit.server.schema;
|
||||
|
||||
import com.google.gerrit.common.data.AccessSection;
|
||||
import com.google.gerrit.common.data.GroupReference;
|
||||
import com.google.gerrit.common.data.LabelType;
|
||||
import com.google.gerrit.common.data.Permission;
|
||||
import com.google.gerrit.common.data.PermissionRule;
|
||||
import com.google.gerrit.server.git.ProjectConfig;
|
||||
|
||||
public class AclUtil {
|
||||
public static void grant(ProjectConfig config, AccessSection section,
|
||||
String permission, GroupReference... groupList) {
|
||||
grant(config, section, permission, false, groupList);
|
||||
}
|
||||
|
||||
public static void grant(ProjectConfig config, AccessSection section,
|
||||
String permission, boolean force, GroupReference... groupList) {
|
||||
Permission p = section.getPermission(permission, true);
|
||||
for (GroupReference group : groupList) {
|
||||
if (group != null) {
|
||||
PermissionRule r = rule(config, group);
|
||||
r.setForce(force);
|
||||
p.add(r);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static void grant(ProjectConfig config,
|
||||
AccessSection section, LabelType type,
|
||||
int min, int max, GroupReference... groupList) {
|
||||
String name = Permission.LABEL + type.getName();
|
||||
Permission p = section.getPermission(name, true);
|
||||
for (GroupReference group : groupList) {
|
||||
if (group != null) {
|
||||
PermissionRule r = rule(config, group);
|
||||
r.setRange(min, max);
|
||||
p.add(r);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static PermissionRule rule(ProjectConfig config, GroupReference group) {
|
||||
return new PermissionRule(config.resolve(group));
|
||||
}
|
||||
}
|
||||
@@ -17,6 +17,8 @@ package com.google.gerrit.server.schema;
|
||||
import static com.google.gerrit.server.group.SystemGroupBackend.ANONYMOUS_USERS;
|
||||
import static com.google.gerrit.server.group.SystemGroupBackend.PROJECT_OWNERS;
|
||||
import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS;
|
||||
import static com.google.gerrit.server.schema.AclUtil.grant;
|
||||
import static com.google.gerrit.server.schema.AclUtil.rule;
|
||||
|
||||
import com.google.common.base.MoreObjects;
|
||||
import com.google.common.base.Strings;
|
||||
@@ -183,41 +185,6 @@ public class AllProjectsCreator {
|
||||
config.commitToNewRef(md, RefNames.REFS_CONFIG);
|
||||
}
|
||||
|
||||
private void grant(ProjectConfig config, AccessSection section,
|
||||
String permission, GroupReference... groupList) {
|
||||
grant(config, section, permission, false, groupList);
|
||||
}
|
||||
|
||||
private void grant(ProjectConfig config, AccessSection section,
|
||||
String permission, boolean force, GroupReference... groupList) {
|
||||
Permission p = section.getPermission(permission, true);
|
||||
for (GroupReference group : groupList) {
|
||||
if (group != null) {
|
||||
PermissionRule r = rule(config, group);
|
||||
r.setForce(force);
|
||||
p.add(r);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void grant(ProjectConfig config,
|
||||
AccessSection section, LabelType type,
|
||||
int min, int max, GroupReference... groupList) {
|
||||
String name = Permission.LABEL + type.getName();
|
||||
Permission p = section.getPermission(name, true);
|
||||
for (GroupReference group : groupList) {
|
||||
if (group != null) {
|
||||
PermissionRule r = rule(config, group);
|
||||
r.setRange(min, max);
|
||||
p.add(r);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private PermissionRule rule(ProjectConfig config, GroupReference group) {
|
||||
return new PermissionRule(config.resolve(group));
|
||||
}
|
||||
|
||||
public static LabelType initCodeReviewLabel(ProjectConfig c) {
|
||||
LabelType type = new LabelType("Code-Review", ImmutableList.of(
|
||||
new LabelValue((short) 2, "Looks good to me, approved"),
|
||||
|
||||
@@ -14,8 +14,11 @@
|
||||
|
||||
package com.google.gerrit.server.schema;
|
||||
|
||||
import static com.google.gerrit.server.schema.AclUtil.grant;
|
||||
|
||||
import com.google.gerrit.common.Version;
|
||||
import com.google.gerrit.common.data.AccessSection;
|
||||
import com.google.gerrit.common.data.GroupReference;
|
||||
import com.google.gerrit.common.data.Permission;
|
||||
import com.google.gerrit.reviewdb.client.Project;
|
||||
import com.google.gerrit.reviewdb.client.RefNames;
|
||||
@@ -40,6 +43,8 @@ public class AllUsersCreator {
|
||||
private final AllUsersName allUsersName;
|
||||
private final PersonIdent serverUser;
|
||||
|
||||
private GroupReference admin;
|
||||
|
||||
@Inject
|
||||
AllUsersCreator(
|
||||
GitRepositoryManager mgr,
|
||||
@@ -50,6 +55,11 @@ public class AllUsersCreator {
|
||||
this.serverUser = serverUser;
|
||||
}
|
||||
|
||||
public AllUsersCreator setAdministrators(GroupReference admin) {
|
||||
this.admin = admin;
|
||||
return this;
|
||||
}
|
||||
|
||||
public void create() throws IOException, ConfigInvalidException {
|
||||
Repository git = null;
|
||||
try {
|
||||
@@ -84,8 +94,17 @@ public class AllUsersCreator {
|
||||
Project project = config.getProject();
|
||||
project.setDescription("Individual user settings and preferences.");
|
||||
|
||||
AccessSection all = config.getAccessSection(RefNames.REFS_USER + "*", true);
|
||||
AccessSection all = config.getAccessSection(RefNames.REFS_USERS + "*", true);
|
||||
all.getPermission(Permission.READ, true).setExclusiveGroup(true);
|
||||
|
||||
AccessSection defaults = config.getAccessSection(RefNames.REFS_USERS_DEFAULT, true);
|
||||
defaults.getPermission(Permission.READ, true).setExclusiveGroup(true);
|
||||
grant(config, defaults, Permission.READ, admin);
|
||||
defaults.getPermission(Permission.PUSH, true).setExclusiveGroup(true);
|
||||
grant(config, defaults, Permission.PUSH, admin);
|
||||
defaults.getPermission(Permission.CREATE, true).setExclusiveGroup(true);
|
||||
grant(config, defaults, Permission.CREATE, admin);
|
||||
|
||||
config.commit(md);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -87,7 +87,9 @@ public class SchemaCreator {
|
||||
.setAdministrators(GroupReference.forGroup(admin))
|
||||
.setBatchUsers(GroupReference.forGroup(batch))
|
||||
.create();
|
||||
allUsersCreator.create();
|
||||
allUsersCreator
|
||||
.setAdministrators(GroupReference.forGroup(admin))
|
||||
.create();
|
||||
dataSourceType.getIndexScript().run(db);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user