Add automaticMembership flag to account groups

If set to true, the group's membership list will be hidden from view,
and cannot be accessed or modified.  Instead it is assumed that the
members are drawn from an external data source, and replicated into
Gerrit through some external means such as direct database updates.

The two standard groups for anonymous and registered users behaves
like this, in that their membership is derived on the fly, and is
not visible, or modifiable.

Signed-off-by: Shawn O. Pearce <sop@google.com>

src/main/java/com/google/gerrit/client/admin/AccountGroupDetail.java

@@ -46,7 +46,7 @@ public class AccountGroupDetail {
     } else {
       ownerGroup = db.accountGroups().get(group.getOwnerGroupId());
     }
-    autoGroup = isAuto;
+    autoGroup = isAuto || g.isAutomaticMembership();
 
     if (!autoGroup) {
       loadMembers(db, acc);

src/main/java/com/google/gerrit/client/reviewdb/AccountGroup.java

@@ -98,6 +98,10 @@ public final class AccountGroup {
   @Column(length = Integer.MAX_VALUE, notNull = false)
   protected String description;
 
+  /** Is the membership managed by some external means? */
+  @Column
+  protected boolean automaticMembership;
+
   protected AccountGroup() {
   }
 
@@ -139,4 +143,12 @@ public final class AccountGroup {
   public void setOwnerGroupId(final AccountGroup.Id id) {
     ownerGroupId = id;
   }
+
+  public boolean isAutomaticMembership() {
+    return automaticMembership;
+  }
+
+  public void setAutomaticMembership(final boolean auto) {
+    automaticMembership = auto;
+  }
 }

src/main/java/com/google/gerrit/server/GerritServer.java

@@ -433,6 +433,7 @@ public class GerritServer {
             new AccountGroup.Id(c.nextAccountGroupId()));
     anonymous.setDescription("Any user, signed-in or not");
     anonymous.setOwnerGroupId(admin.getId());
+    anonymous.setAutomaticMembership(true);
     c.accountGroups().insert(Collections.singleton(anonymous));
 
     final AccountGroup registered =
@@ -440,6 +441,7 @@ public class GerritServer {
             new AccountGroup.Id(c.nextAccountGroupId()));
     registered.setDescription("Any signed-in user");
     registered.setOwnerGroupId(admin.getId());
+    registered.setAutomaticMembership(true);
     c.accountGroups().insert(Collections.singleton(registered));
 
     final SystemConfig s = SystemConfig.create();

src/main/java/com/google/gerrit/server/GroupAdminServiceImpl.java

@@ -98,11 +98,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final AsyncCallback<AccountGroupDetail> callback) {
     run(callback, new Action<AccountGroupDetail>() {
       public AccountGroupDetail run(ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
         final AccountGroup group = db.accountGroups().get(groupId);
-        if (group == null) {
-          throw new Failure(new NoSuchEntityException());
-        }
+        assertAmGroupOwner(db, group);
 
         final AccountGroupDetail d = new AccountGroupDetail();
         final boolean auto = Common.getGroupCache().isAutoGroup(group.getId());
@@ -116,11 +113,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final String description, final AsyncCallback<VoidResult> callback) {
     run(callback, new Action<VoidResult>() {
       public VoidResult run(final ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
         final AccountGroup group = db.accountGroups().get(groupId);
-        if (group == null) {
-          throw new Failure(new NoSuchEntityException());
-        }
+        assertAmGroupOwner(db, group);
         group.setDescription(description);
         db.accountGroups().update(Collections.singleton(group));
         return VoidResult.INSTANCE;
@@ -132,11 +126,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final String newOwnerName, final AsyncCallback<VoidResult> callback) {
     run(callback, new Action<VoidResult>() {
       public VoidResult run(final ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
         final AccountGroup group = db.accountGroups().get(groupId);
-        if (group == null) {
-          throw new Failure(new NoSuchEntityException());
-        }
+        assertAmGroupOwner(db, group);
 
         final AccountGroup owner =
             db.accountGroups().get(new AccountGroup.NameKey(newOwnerName));
@@ -155,11 +146,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final AsyncCallback<VoidResult> callback) {
     run(callback, new Action<VoidResult>() {
       public VoidResult run(final ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
         final AccountGroup group = db.accountGroups().get(groupId);
-        if (group == null) {
-          throw new Failure(new NoSuchEntityException());
-        }
+        assertAmGroupOwner(db, group);
 
         final AccountGroup.NameKey nameKey = new AccountGroup.NameKey(newName);
         if (!nameKey.equals(group.getNameKey())) {
@@ -178,10 +166,13 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final String nameOrEmail, final AsyncCallback<AccountGroupDetail> callback) {
     run(callback, new Action<AccountGroupDetail>() {
       public AccountGroupDetail run(ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
-        if (Common.getGroupCache().isAutoGroup(groupId)) {
+        final AccountGroup group = db.accountGroups().get(groupId);
+        assertAmGroupOwner(db, group);
+        if (group.isAutomaticMembership()
+            || Common.getGroupCache().isAutoGroup(groupId)) {
           throw new Failure(new NameAlreadyUsedException());
         }
+
         final Account a = findAccount(db, nameOrEmail);
         final AccountGroupMember.Key key =
             new AccountGroupMember.Key(a.getId(), groupId);
@@ -255,9 +246,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
     });
   }
 
-  private void assertAmGroupOwner(final ReviewDb db,
-      final AccountGroup.Id groupId) throws OrmException, Failure {
-    final AccountGroup group = db.accountGroups().get(groupId);
+  private void assertAmGroupOwner(final ReviewDb db, final AccountGroup group)
+      throws Failure {
     if (group == null) {
       throw new Failure(new NoSuchEntityException());
     }

src/main/webapp/WEB-INF/sql/upgrade012_013_mysql.sql

@@ -11,4 +11,14 @@ CREATE TABLE account_group_members_audit
 ,PRIMARY KEY (account_id, group_id, added_on)
 );
 
+ALTER TABLE account_groups ADD automatic_membership CHAR(1);
+UPDATE account_groups SET automatic_membership = 'N';
+ALTER TABLE account_groups MODIFY automatic_membership CHAR(1) NOT NULL;
+
+UPDATE account_groups SET automatic_membership = 'Y'
+WHERE group_id = (SELECT anonymous_group_id FROM system_config);
+
+UPDATE account_groups SET automatic_membership = 'Y'
+WHERE group_id = (SELECT registered_group_id FROM system_config);
+
 UPDATE schema_version SET version_nbr = 13;

src/main/webapp/WEB-INF/sql/upgrade012_013_postgres.sql

@@ -11,6 +11,17 @@ CREATE TABLE account_group_members_audit
 ,PRIMARY KEY (account_id, group_id, added_on)
 );
 
+ALTER TABLE account_groups ADD automatic_membership CHAR(1);
+UPDATE account_groups SET automatic_membership = 'N';
+ALTER TABLE account_groups ALTER COLUMN automatic_membership SET DEFAULT 'N';
+ALTER TABLE account_groups ALTER COLUMN automatic_membership SET NOT NULL;
+
+UPDATE account_groups SET automatic_membership = 'Y'
+WHERE group_id = (SELECT anonymous_group_id FROM system_config);
+
+UPDATE account_groups SET automatic_membership = 'Y'
+WHERE group_id = (SELECT registered_group_id FROM system_config);
+
 ALTER TABLE account_group_members_audit OWNER TO gerrit2;
 
 UPDATE schema_version SET version_nbr = 13;