VisibleRefFilter: Check visibility of refs/users/ branches

The user branch of a user was always advertised to that user even if READ permissions had been denied or blocked. Doing a visibility check for the user branches means that by default they are now no longer visible to the owning users, but the default will be changed by a follow-up change. The next change implements a parameter variable for ref patterns that can be expanded to the sharded account ID. This new parameter variable will then be used to assign the default permissions for the user branches. Leave an exception for change edit refs since the inline edit feature depends on the change edit refs being always visible to the owning user. Change-Id: If836518de4e4d6b084b675b050bb992fec5fb1e6 Signed-off-by: Edwin Kempin <ekempin@google.com>
2016-05-04 18:13:33 +02:00
parent 88fcd6bcfa
commit adb1ed4c77
5 changed files with 122 additions and 19 deletions
--- a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java
+++ b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java
@@ -620,9 +620,14 @@ public abstract class AbstractDaemonTest {

  protected void deny(String permission, AccountGroup.UUID id, String ref)
      throws Exception {
-    ProjectConfig cfg = projectCache.checkedGet(project).getConfig();
+    deny(project, permission, id, ref);
+  }
+
+  protected void deny(Project.NameKey p, String permission,
+      AccountGroup.UUID id, String ref) throws Exception {
+    ProjectConfig cfg = projectCache.checkedGet(p).getConfig();
    Util.deny(cfg, permission, id, ref);
-    saveProjectConfig(project, cfg);
+    saveProjectConfig(p, cfg);
  }

  protected PermissionRule block(String permission, AccountGroup.UUID id, String ref)
@@ -652,14 +657,22 @@ public abstract class AbstractDaemonTest {

  protected void grant(String permission, Project.NameKey project, String ref,
      boolean force) throws RepositoryNotFoundException, IOException,
-      ConfigInvalidException {
+          ConfigInvalidException {
+    AccountGroup adminGroup =
+        groupCache.get(new AccountGroup.NameKey("Administrators"));
+    grant(permission, project, ref, force, adminGroup.getGroupUUID());
+  }
+
+  protected void grant(String permission, Project.NameKey project, String ref,
+      boolean force, AccountGroup.UUID groupUUID)
+          throws RepositoryNotFoundException, IOException,
+          ConfigInvalidException {
    try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
      md.setMessage(String.format("Grant %s on %s", permission, ref));
      ProjectConfig config = ProjectConfig.read(md);
      AccessSection s = config.getAccessSection(ref, true);
      Permission p = s.getPermission(permission, true);
-      AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
-      PermissionRule rule = new PermissionRule(config.resolve(adminGroup));
+      PermissionRule rule = Util.newRule(config, groupUUID);
      rule.setForce(force);
      p.add(rule);
      config.commit(md);