Standardize ordering of AbstractDaemonTest#block/deny/allow arguments
The new standard ordering is (project, ref, permission, [force], ID) Change-Id: I20387e5349218322ecd8fd5529532d9a9ae57b0d
This commit is contained in:
Han-Wen Nienhuys
committed by
David Pursehouse
David Pursehouse
parent
d4f898d405
commit
ae0c04cf5c
@@ -811,24 +811,24 @@ public abstract class AbstractDaemonTest {
|
||||
}
|
||||
}
|
||||
|
||||
protected void deny(String permission, AccountGroup.UUID id, String ref) throws Exception {
|
||||
deny(project, permission, id, ref);
|
||||
protected void deny(String ref, String permission, AccountGroup.UUID id) throws Exception {
|
||||
deny(project, ref, permission, id);
|
||||
}
|
||||
|
||||
protected void deny(Project.NameKey p, String permission, AccountGroup.UUID id, String ref)
|
||||
protected void deny(Project.NameKey p, String ref, String permission, AccountGroup.UUID id)
|
||||
throws Exception {
|
||||
ProjectConfig cfg = projectCache.checkedGet(p).getConfig();
|
||||
Util.deny(cfg, permission, id, ref);
|
||||
saveProjectConfig(p, cfg);
|
||||
}
|
||||
|
||||
protected PermissionRule block(String permission, AccountGroup.UUID id, String ref)
|
||||
protected PermissionRule block(String ref, String permission, AccountGroup.UUID id)
|
||||
throws Exception {
|
||||
return block(permission, id, ref, project);
|
||||
return block(project, ref, permission, id);
|
||||
}
|
||||
|
||||
protected PermissionRule block(
|
||||
String permission, AccountGroup.UUID id, String ref, Project.NameKey project)
|
||||
Project.NameKey project, String ref, String permission, AccountGroup.UUID id)
|
||||
throws Exception {
|
||||
ProjectConfig cfg = projectCache.checkedGet(project).getConfig();
|
||||
PermissionRule rule = Util.block(cfg, permission, id, ref);
|
||||
@@ -848,21 +848,21 @@ public abstract class AbstractDaemonTest {
|
||||
saveProjectConfig(project, cfg);
|
||||
}
|
||||
|
||||
protected void grant(String permission, Project.NameKey project, String ref)
|
||||
protected void grant(Project.NameKey project, String ref, String permission)
|
||||
throws RepositoryNotFoundException, IOException, ConfigInvalidException {
|
||||
grant(permission, project, ref, false);
|
||||
grant(project, ref, permission, false);
|
||||
}
|
||||
|
||||
protected void grant(String permission, Project.NameKey project, String ref, boolean force)
|
||||
protected void grant(Project.NameKey project, String ref, String permission, boolean force)
|
||||
throws RepositoryNotFoundException, IOException, ConfigInvalidException {
|
||||
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Administrators"));
|
||||
grant(permission, project, ref, force, adminGroup.getGroupUUID());
|
||||
grant(project, ref, permission, force, adminGroup.getGroupUUID());
|
||||
}
|
||||
|
||||
protected void grant(
|
||||
String permission,
|
||||
Project.NameKey project,
|
||||
String ref,
|
||||
String permission,
|
||||
boolean force,
|
||||
AccountGroup.UUID groupUUID)
|
||||
throws RepositoryNotFoundException, IOException, ConfigInvalidException {
|
||||
@@ -879,7 +879,7 @@ public abstract class AbstractDaemonTest {
|
||||
}
|
||||
}
|
||||
|
||||
protected void removePermission(String permission, Project.NameKey project, String ref)
|
||||
protected void removePermission(Project.NameKey project, String ref, String permission)
|
||||
throws IOException, ConfigInvalidException {
|
||||
try (MetaDataUpdate md = metaDataUpdateFactory.create(project)) {
|
||||
md.setMessage(String.format("Remove %s on %s", permission, ref));
|
||||
@@ -893,7 +893,7 @@ public abstract class AbstractDaemonTest {
|
||||
}
|
||||
|
||||
protected void blockRead(String ref) throws Exception {
|
||||
block(Permission.READ, REGISTERED_USERS, ref);
|
||||
block(ref, Permission.READ, REGISTERED_USERS);
|
||||
}
|
||||
|
||||
protected void blockForgeCommitter(Project.NameKey project, String ref) throws Exception {
|
||||
@@ -1007,10 +1007,10 @@ public abstract class AbstractDaemonTest {
|
||||
}
|
||||
|
||||
protected void grantTagPermissions() throws Exception {
|
||||
grant(Permission.CREATE, project, R_TAGS + "*");
|
||||
grant(Permission.DELETE, project, R_TAGS + "");
|
||||
grant(Permission.CREATE_TAG, project, R_TAGS + "*");
|
||||
grant(Permission.CREATE_SIGNED_TAG, project, R_TAGS + "*");
|
||||
grant(project, R_TAGS + "*", Permission.CREATE);
|
||||
grant(project, R_TAGS + "", Permission.DELETE);
|
||||
grant(project, R_TAGS + "*", Permission.CREATE_TAG);
|
||||
grant(project, R_TAGS + "*", Permission.CREATE_SIGNED_TAG);
|
||||
}
|
||||
|
||||
protected void assertMailReplyTo(Message message, String email) throws Exception {
|
||||
@@ -1178,8 +1178,8 @@ public abstract class AbstractDaemonTest {
|
||||
protected TestRepository<?> createProjectWithPush(
|
||||
String name, @Nullable Project.NameKey parent, SubmitType submitType) throws Exception {
|
||||
Project.NameKey project = createProject(name, parent, true, submitType);
|
||||
grant(Permission.PUSH, project, "refs/heads/*");
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/heads/*");
|
||||
grant(project, "refs/heads/*", Permission.PUSH);
|
||||
grant(project, "refs/for/refs/heads/*", Permission.SUBMIT);
|
||||
return cloneProject(project);
|
||||
}
|
||||
|
||||
|
||||
@@ -630,7 +630,7 @@ public class AccountIT extends AbstractDaemonTest {
|
||||
saveProjectConfig(allUsers, cfg);
|
||||
|
||||
// deny READ permission that is inherited from All-Projects
|
||||
deny(allUsers, Permission.READ, ANONYMOUS_USERS, RefNames.REFS + "*");
|
||||
deny(allUsers, RefNames.REFS + "*", Permission.READ, ANONYMOUS_USERS);
|
||||
|
||||
// fetching user branch without READ permission fails
|
||||
try {
|
||||
@@ -642,9 +642,9 @@ public class AccountIT extends AbstractDaemonTest {
|
||||
|
||||
// allow each user to read its own user branch
|
||||
grant(
|
||||
Permission.READ,
|
||||
allUsers,
|
||||
RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}",
|
||||
Permission.READ,
|
||||
false,
|
||||
REGISTERED_USERS);
|
||||
|
||||
@@ -752,9 +752,9 @@ public class AccountIT extends AbstractDaemonTest {
|
||||
@Sandboxed
|
||||
public void cannotDeleteUserBranch() throws Exception {
|
||||
grant(
|
||||
Permission.DELETE,
|
||||
allUsers,
|
||||
RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}",
|
||||
Permission.DELETE,
|
||||
true,
|
||||
REGISTERED_USERS);
|
||||
|
||||
@@ -775,9 +775,9 @@ public class AccountIT extends AbstractDaemonTest {
|
||||
public void deleteUserBranchWithAccessDatabaseCapability() throws Exception {
|
||||
allowGlobalCapabilities(REGISTERED_USERS, GlobalCapability.ACCESS_DATABASE);
|
||||
grant(
|
||||
Permission.DELETE,
|
||||
allUsers,
|
||||
RefNames.REFS_USERS + "${" + RefPattern.USERID_SHARDED + "}",
|
||||
Permission.DELETE,
|
||||
true,
|
||||
REGISTERED_USERS);
|
||||
|
||||
|
||||
@@ -514,7 +514,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
PushOneCommit.Result r = createChange();
|
||||
String changeId = r.getChangeId();
|
||||
assertThat(info(changeId).status).isEqualTo(ChangeStatus.NEW);
|
||||
grant(Permission.ABANDON, project, "refs/heads/master", false, REGISTERED_USERS);
|
||||
grant(project, "refs/heads/master", Permission.ABANDON, false, REGISTERED_USERS);
|
||||
setApiUser(user);
|
||||
gApi.changes().id(changeId).abandon();
|
||||
assertThat(info(changeId).status).isEqualTo(ChangeStatus.ABANDONED);
|
||||
@@ -671,7 +671,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
revision.review(ReviewInput.approve());
|
||||
revision.submit();
|
||||
|
||||
grant(Permission.REBASE, project, "refs/heads/master", false, REGISTERED_USERS);
|
||||
grant(project, "refs/heads/master", Permission.REBASE, false, REGISTERED_USERS);
|
||||
|
||||
// Rebase the second
|
||||
String changeId = r2.getChangeId();
|
||||
@@ -691,8 +691,8 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
revision.review(ReviewInput.approve());
|
||||
revision.submit();
|
||||
|
||||
grant(Permission.REBASE, project, "refs/heads/master", false, REGISTERED_USERS);
|
||||
block(Permission.PUSH, REGISTERED_USERS, "refs/for/*");
|
||||
grant(project, "refs/heads/master", Permission.REBASE, false, REGISTERED_USERS);
|
||||
block("refs/for/*", Permission.PUSH, REGISTERED_USERS);
|
||||
|
||||
// Rebase the second
|
||||
String changeId = r2.getChangeId();
|
||||
@@ -714,7 +714,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
revision.review(ReviewInput.approve());
|
||||
revision.submit();
|
||||
|
||||
block(Permission.PUSH, REGISTERED_USERS, "refs/for/*");
|
||||
block("refs/for/*", Permission.PUSH, REGISTERED_USERS);
|
||||
|
||||
// Rebase the second
|
||||
String changeId = r2.getChangeId();
|
||||
@@ -783,7 +783,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
String ref = new Change.Id(id).toRefPrefix() + "1";
|
||||
eventRecorder.assertRefUpdatedEvents(project.get(), ref, null, commit, commit, null);
|
||||
} finally {
|
||||
removePermission(Permission.DELETE_OWN_CHANGES, project, "refs/*");
|
||||
removePermission(project, "refs/*", Permission.DELETE_OWN_CHANGES);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -814,7 +814,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
exception.expectMessage("delete not permitted");
|
||||
gApi.changes().id(changeId).delete();
|
||||
} finally {
|
||||
removePermission(Permission.DELETE_OWN_CHANGES, project, "refs/*");
|
||||
removePermission(project, "refs/*", Permission.DELETE_OWN_CHANGES);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -887,7 +887,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
exception.expectMessage("delete not permitted");
|
||||
gApi.changes().id(changeId).delete();
|
||||
} finally {
|
||||
removePermission(Permission.DELETE_OWN_CHANGES, project, "refs/*");
|
||||
removePermission(project, "refs/*", Permission.DELETE_OWN_CHANGES);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1973,7 +1973,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
public void editTopicWithPermissionAllowed() throws Exception {
|
||||
PushOneCommit.Result r = createChange();
|
||||
assertThat(gApi.changes().id(r.getChangeId()).topic()).isEqualTo("");
|
||||
grant(Permission.EDIT_TOPIC_NAME, project, "refs/heads/master", false, REGISTERED_USERS);
|
||||
grant(project, "refs/heads/master", Permission.EDIT_TOPIC_NAME, false, REGISTERED_USERS);
|
||||
setApiUser(user);
|
||||
gApi.changes().id(r.getChangeId()).topic("mytopic");
|
||||
assertThat(gApi.changes().id(r.getChangeId()).topic()).isEqualTo("mytopic");
|
||||
@@ -2019,7 +2019,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
public void submitAllowedWithPermission() throws Exception {
|
||||
PushOneCommit.Result r = createChange();
|
||||
gApi.changes().id(r.getChangeId()).revision(r.getCommit().name()).review(ReviewInput.approve());
|
||||
grant(Permission.SUBMIT, project, "refs/heads/master", false, REGISTERED_USERS);
|
||||
grant(project, "refs/heads/master", Permission.SUBMIT, false, REGISTERED_USERS);
|
||||
setApiUser(user);
|
||||
gApi.changes().id(r.getChangeId()).revision(r.getCommit().name()).submit();
|
||||
assertThat(gApi.changes().id(r.getChangeId()).info().status).isEqualTo(ChangeStatus.MERGED);
|
||||
@@ -2368,7 +2368,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
TestRepository<InMemoryRepository> userTestRepo = cloneProject(p, user);
|
||||
|
||||
// Block default permission
|
||||
block(Permission.ADD_PATCH_SET, REGISTERED_USERS, "refs/for/*", p);
|
||||
block(p, "refs/for/*", Permission.ADD_PATCH_SET, REGISTERED_USERS);
|
||||
|
||||
// Create change as admin
|
||||
PushOneCommit push = pushFactory.create(db, admin.getIdent(), adminTestRepo);
|
||||
@@ -2412,7 +2412,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
TestRepository<?> adminTestRepo = cloneProject(project, admin);
|
||||
|
||||
// Block default permission
|
||||
block(Permission.ADD_PATCH_SET, REGISTERED_USERS, "refs/for/*", p);
|
||||
block(p, "refs/for/*", Permission.ADD_PATCH_SET, REGISTERED_USERS);
|
||||
|
||||
// Create change as admin
|
||||
PushOneCommit push = pushFactory.create(db, admin.getIdent(), adminTestRepo);
|
||||
@@ -2463,7 +2463,7 @@ public class ChangeIT extends AbstractDaemonTest {
|
||||
TestRepository<?> userTestRepo = cloneProject(p, user);
|
||||
|
||||
// Block default permission
|
||||
block(Permission.ADD_PATCH_SET, REGISTERED_USERS, "refs/for/*", p);
|
||||
block(p, "refs/for/*", Permission.ADD_PATCH_SET, REGISTERED_USERS);
|
||||
|
||||
// Create change as admin
|
||||
PushOneCommit push = pushFactory.create(db, admin.getIdent(), adminTestRepo);
|
||||
|
||||
@@ -788,7 +788,7 @@ public class RevisionIT extends AbstractDaemonTest {
|
||||
public void setDescriptionAllowedWithPermission() throws Exception {
|
||||
PushOneCommit.Result r = createChange();
|
||||
assertDescription(r, "");
|
||||
grant(Permission.OWNER, project, "refs/heads/master", false, REGISTERED_USERS);
|
||||
grant(project, "refs/heads/master", Permission.OWNER, false, REGISTERED_USERS);
|
||||
setApiUser(user);
|
||||
gApi.changes().id(r.getChangeId()).revision(r.getCommit().name()).description("test");
|
||||
assertDescription(r, "test");
|
||||
|
||||
@@ -671,7 +671,7 @@ public class ChangeEditIT extends AbstractDaemonTest {
|
||||
TestRepository<InMemoryRepository> userTestRepo = cloneProject(p, user);
|
||||
|
||||
// Block default permission
|
||||
block(Permission.ADD_PATCH_SET, REGISTERED_USERS, "refs/for/*", p);
|
||||
block(p, "refs/for/*", Permission.ADD_PATCH_SET, REGISTERED_USERS);
|
||||
|
||||
// Create change as user
|
||||
PushOneCommit push = pushFactory.create(db, user.getIdent(), userTestRepo);
|
||||
|
||||
@@ -119,7 +119,7 @@ public abstract class AbstractPushForReview extends AbstractDaemonTest {
|
||||
Util.allow(
|
||||
cfg, Permission.forLabel(patchSetLock.getName()), 0, 1, anonymousUsers, "refs/heads/*");
|
||||
saveProjectConfig(cfg);
|
||||
grant(Permission.LABEL + "Patch-Set-Lock", project, "refs/heads/*");
|
||||
grant(project, "refs/heads/*", Permission.LABEL + "Patch-Set-Lock");
|
||||
}
|
||||
|
||||
@After
|
||||
@@ -932,7 +932,7 @@ public abstract class AbstractPushForReview extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void pushSameCommitTwiceUsingMagicBranchBaseOption() throws Exception {
|
||||
grant(Permission.PUSH, project, "refs/heads/master");
|
||||
grant(project, "refs/heads/master", Permission.PUSH);
|
||||
PushOneCommit.Result rBase = pushTo("refs/heads/master");
|
||||
rBase.assertOkStatus();
|
||||
|
||||
@@ -1356,7 +1356,7 @@ public abstract class AbstractPushForReview extends AbstractDaemonTest {
|
||||
@Test
|
||||
public void createChangeForMergedCommit() throws Exception {
|
||||
String master = "refs/heads/master";
|
||||
grant(Permission.PUSH, project, master, true);
|
||||
grant(project, master, Permission.PUSH, true);
|
||||
|
||||
// Update master with a direct push.
|
||||
RevCommit c1 = testRepo.commit().message("Non-change 1").create();
|
||||
@@ -1455,7 +1455,7 @@ public abstract class AbstractPushForReview extends AbstractDaemonTest {
|
||||
@Test
|
||||
public void mergedOptionWithExistingChangeInsertsPatchSet() throws Exception {
|
||||
String master = "refs/heads/master";
|
||||
grant(Permission.PUSH, project, master, true);
|
||||
grant(project, master, Permission.PUSH, true);
|
||||
|
||||
PushOneCommit.Result r = pushTo("refs/for/master");
|
||||
r.assertOkStatus();
|
||||
|
||||
@@ -87,8 +87,8 @@ public abstract class AbstractSubmoduleSubscription extends AbstractDaemonTest {
|
||||
SubmitType submitType)
|
||||
throws Exception {
|
||||
Project.NameKey project = createProject(name, parent, createEmptyCommit, submitType);
|
||||
grant(Permission.PUSH, project, "refs/heads/*");
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/heads/*");
|
||||
grant(project, "refs/heads/*", Permission.PUSH);
|
||||
grant(project, "refs/for/refs/heads/*", Permission.SUBMIT);
|
||||
return cloneProject(project);
|
||||
}
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ public class DraftChangeBlockedIT extends AbstractDaemonTest {
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
block(Permission.PUSH, ANONYMOUS_USERS, "refs/drafts/*");
|
||||
block("refs/drafts/*", Permission.PUSH, ANONYMOUS_USERS);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -49,7 +49,7 @@ public class ForcePushIT extends AbstractDaemonTest {
|
||||
@Test
|
||||
public void forcePushAllowed() throws Exception {
|
||||
ObjectId initial = repo().exactRef(HEAD).getLeaf().getObjectId();
|
||||
grant(Permission.PUSH, project, "refs/*", true);
|
||||
grant(project, "refs/*", Permission.PUSH, true);
|
||||
PushOneCommit push1 =
|
||||
pushFactory.create(db, admin.getIdent(), testRepo, "change1", "a.txt", "content");
|
||||
PushOneCommit.Result r1 = push1.to("refs/heads/master");
|
||||
|
||||
@@ -206,7 +206,7 @@ public class RefAdvertisementIT extends AbstractDaemonTest {
|
||||
@Test
|
||||
public void uploadPackSubsetOfBranchesVisibleIncludingHead() throws Exception {
|
||||
allow(Permission.READ, REGISTERED_USERS, "refs/heads/master");
|
||||
deny(Permission.READ, REGISTERED_USERS, "refs/heads/branch");
|
||||
deny("refs/heads/branch", Permission.READ, REGISTERED_USERS);
|
||||
|
||||
setApiUser(user);
|
||||
assertUploadPackRefs(
|
||||
@@ -221,7 +221,7 @@ public class RefAdvertisementIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void uploadPackSubsetOfBranchesVisibleNotIncludingHead() throws Exception {
|
||||
deny(Permission.READ, REGISTERED_USERS, "refs/heads/master");
|
||||
deny("refs/heads/master", Permission.READ, REGISTERED_USERS);
|
||||
allow(Permission.READ, REGISTERED_USERS, "refs/heads/branch");
|
||||
|
||||
setApiUser(user);
|
||||
@@ -300,7 +300,7 @@ public class RefAdvertisementIT extends AbstractDaemonTest {
|
||||
public void uploadPackSubsetOfRefsVisibleWithAccessDatabase() throws Exception {
|
||||
allowGlobalCapabilities(REGISTERED_USERS, GlobalCapability.ACCESS_DATABASE);
|
||||
try {
|
||||
deny(Permission.READ, REGISTERED_USERS, "refs/heads/master");
|
||||
deny("refs/heads/master", Permission.READ, REGISTERED_USERS);
|
||||
allow(Permission.READ, REGISTERED_USERS, "refs/heads/branch");
|
||||
|
||||
String changeId = c1.change().getKey().get();
|
||||
@@ -440,7 +440,7 @@ public class RefAdvertisementIT extends AbstractDaemonTest {
|
||||
@Test
|
||||
public void receivePackRespectsVisibilityOfOpenChanges() throws Exception {
|
||||
allow(Permission.READ, REGISTERED_USERS, "refs/heads/master");
|
||||
deny(Permission.READ, REGISTERED_USERS, "refs/heads/branch");
|
||||
deny("refs/heads/branch", Permission.READ, REGISTERED_USERS);
|
||||
setApiUser(user);
|
||||
|
||||
assertThat(getReceivePackRefs().additionalHaves()).containsExactly(obj(c3, 1));
|
||||
|
||||
@@ -49,7 +49,7 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void submitOnPush() throws Exception {
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/heads/master");
|
||||
grant(project, "refs/for/refs/heads/master", Permission.SUBMIT);
|
||||
PushOneCommit.Result r = pushTo("refs/for/master%submit");
|
||||
r.assertOkStatus();
|
||||
r.assertChange(Change.Status.MERGED, null, admin);
|
||||
@@ -59,9 +59,9 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void submitOnPushWithTag() throws Exception {
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/heads/master");
|
||||
grant(Permission.CREATE, project, "refs/tags/*");
|
||||
grant(Permission.PUSH, project, "refs/tags/*");
|
||||
grant(project, "refs/for/refs/heads/master", Permission.SUBMIT);
|
||||
grant(project, "refs/tags/*", Permission.CREATE);
|
||||
grant(project, "refs/tags/*", Permission.PUSH);
|
||||
PushOneCommit.Tag tag = new PushOneCommit.Tag("v1.0");
|
||||
PushOneCommit push = pushFactory.create(db, admin.getIdent(), testRepo);
|
||||
push.setTag(tag);
|
||||
@@ -75,8 +75,8 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void submitOnPushWithAnnotatedTag() throws Exception {
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/heads/master");
|
||||
grant(Permission.PUSH, project, "refs/tags/*");
|
||||
grant(project, "refs/for/refs/heads/master", Permission.SUBMIT);
|
||||
grant(project, "refs/tags/*", Permission.PUSH);
|
||||
PushOneCommit.AnnotatedTag tag =
|
||||
new PushOneCommit.AnnotatedTag("v1.0", "annotation", admin.getIdent());
|
||||
PushOneCommit push = pushFactory.create(db, admin.getIdent(), testRepo);
|
||||
@@ -91,7 +91,7 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void submitOnPushToRefsMetaConfig() throws Exception {
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/meta/config");
|
||||
grant(project, "refs/for/refs/meta/config", Permission.SUBMIT);
|
||||
|
||||
git().fetch().setRefSpecs(new RefSpec("refs/meta/config:refs/meta/config")).call();
|
||||
testRepo.reset(RefNames.REFS_CONFIG);
|
||||
@@ -109,7 +109,7 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
push("refs/heads/master", "one change", "a.txt", "some content");
|
||||
testRepo.reset(objectId);
|
||||
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/heads/master");
|
||||
grant(project, "refs/for/refs/heads/master", Permission.SUBMIT);
|
||||
PushOneCommit.Result r =
|
||||
push("refs/for/master%submit", "other change", "a.txt", "other content");
|
||||
r.assertErrorStatus();
|
||||
@@ -125,7 +125,7 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
push(master, "one change", "a.txt", "some content");
|
||||
testRepo.reset(objectId);
|
||||
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/heads/master");
|
||||
grant(project, "refs/for/refs/heads/master", Permission.SUBMIT);
|
||||
PushOneCommit.Result r =
|
||||
push("refs/for/master%submit", "other change", "b.txt", "other content");
|
||||
r.assertOkStatus();
|
||||
@@ -138,7 +138,7 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
PushOneCommit.Result r =
|
||||
push("refs/for/master", PushOneCommit.SUBJECT, "a.txt", "some content");
|
||||
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/heads/master");
|
||||
grant(project, "refs/for/refs/heads/master", Permission.SUBMIT);
|
||||
r =
|
||||
push(
|
||||
"refs/for/master%submit",
|
||||
@@ -184,7 +184,7 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void mergeOnPushToBranch() throws Exception {
|
||||
grant(Permission.PUSH, project, "refs/heads/master");
|
||||
grant(project, "refs/heads/master", Permission.PUSH);
|
||||
PushOneCommit.Result r =
|
||||
push("refs/for/master", PushOneCommit.SUBJECT, "a.txt", "some content");
|
||||
r.assertOkStatus();
|
||||
@@ -206,7 +206,7 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void mergeOnPushToBranchWithNewPatchset() throws Exception {
|
||||
grant(Permission.PUSH, project, "refs/heads/master");
|
||||
grant(project, "refs/heads/master", Permission.PUSH);
|
||||
PushOneCommit.Result r = pushTo("refs/for/master");
|
||||
r.assertOkStatus();
|
||||
RevCommit c1 = r.getCommit();
|
||||
@@ -241,7 +241,7 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void mergeOnPushToBranchWithOldPatchset() throws Exception {
|
||||
grant(Permission.PUSH, project, "refs/heads/master");
|
||||
grant(project, "refs/heads/master", Permission.PUSH);
|
||||
PushOneCommit.Result r = pushTo("refs/for/master");
|
||||
r.assertOkStatus();
|
||||
RevCommit c1 = r.getCommit();
|
||||
@@ -268,7 +268,7 @@ public class SubmitOnPushIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void mergeMultipleOnPushToBranchWithNewPatchset() throws Exception {
|
||||
grant(Permission.PUSH, project, "refs/heads/master");
|
||||
grant(project, "refs/heads/master", Permission.PUSH);
|
||||
|
||||
// Create 2 changes.
|
||||
ObjectId initialHead = getRemoteHead();
|
||||
|
||||
@@ -54,27 +54,26 @@ public class CheckAccessIT extends AbstractDaemonTest {
|
||||
assertThat(gApi.groups().id(privilegedGroup.getGroupUUID().get()).members().get(0).email)
|
||||
.contains("snowden");
|
||||
|
||||
// deny(secretProject, Permission.READ, SystemGroupBackend.REGISTERED_USERS, "refs/*");
|
||||
grant(Permission.READ, secretProject, "refs/*", false, privilegedGroup.getGroupUUID());
|
||||
block(Permission.READ, SystemGroupBackend.REGISTERED_USERS, "refs/*", secretProject);
|
||||
grant(secretProject, "refs/*", Permission.READ, false, privilegedGroup.getGroupUUID());
|
||||
block(secretProject, "refs/*", Permission.READ, SystemGroupBackend.REGISTERED_USERS);
|
||||
|
||||
// deny/grant/block arg ordering is screwy.
|
||||
deny(secretRefProject, Permission.READ, SystemGroupBackend.ANONYMOUS_USERS, "refs/*");
|
||||
deny(secretRefProject, "refs/*", Permission.READ, SystemGroupBackend.ANONYMOUS_USERS);
|
||||
grant(
|
||||
Permission.READ,
|
||||
secretRefProject,
|
||||
"refs/heads/secret/*",
|
||||
Permission.READ,
|
||||
false,
|
||||
privilegedGroup.getGroupUUID());
|
||||
block(
|
||||
Permission.READ,
|
||||
SystemGroupBackend.REGISTERED_USERS,
|
||||
secretRefProject,
|
||||
"refs/heads/secret/*",
|
||||
secretRefProject);
|
||||
grant(
|
||||
Permission.READ,
|
||||
SystemGroupBackend.REGISTERED_USERS);
|
||||
grant(
|
||||
secretRefProject,
|
||||
"refs/heads/*",
|
||||
Permission.READ,
|
||||
false,
|
||||
SystemGroupBackend.REGISTERED_USERS);
|
||||
}
|
||||
|
||||
@@ -788,8 +788,8 @@ public class ExternalIdIT extends AbstractDaemonTest {
|
||||
}
|
||||
|
||||
private void allowPushOfExternalIds() throws IOException, ConfigInvalidException {
|
||||
grant(Permission.READ, allUsers, RefNames.REFS_EXTERNAL_IDS);
|
||||
grant(Permission.PUSH, allUsers, RefNames.REFS_EXTERNAL_IDS);
|
||||
grant(allUsers, RefNames.REFS_EXTERNAL_IDS, Permission.READ);
|
||||
grant(allUsers, RefNames.REFS_EXTERNAL_IDS, Permission.PUSH);
|
||||
}
|
||||
|
||||
private void assertRefUpdateFailure(RemoteRefUpdate update, String msg) {
|
||||
|
||||
@@ -306,7 +306,7 @@ public abstract class AbstractSubmit extends AbstractDaemonTest {
|
||||
public void submitNoPermission() throws Exception {
|
||||
// create project where submit is blocked
|
||||
Project.NameKey p = createProject("p");
|
||||
block(Permission.SUBMIT, REGISTERED_USERS, "refs/*", p);
|
||||
block(p, "refs/*", Permission.SUBMIT, REGISTERED_USERS);
|
||||
|
||||
TestRepository<InMemoryRepository> repo = cloneProject(p, admin);
|
||||
PushOneCommit push = pushFactory.create(db, admin.getIdent(), repo);
|
||||
|
||||
@@ -163,7 +163,7 @@ public class AssigneeIT extends AbstractDaemonTest {
|
||||
@Test
|
||||
public void setAssigneeAllowedWithPermission() throws Exception {
|
||||
PushOneCommit.Result r = createChange();
|
||||
grant(Permission.EDIT_ASSIGNEE, project, "refs/heads/master", false, REGISTERED_USERS);
|
||||
grant(project, "refs/heads/master", Permission.EDIT_ASSIGNEE, false, REGISTERED_USERS);
|
||||
setApiUser(user);
|
||||
assertThat(setAssignee(r, user.email)._accountId).isEqualTo(user.getId().get());
|
||||
}
|
||||
|
||||
@@ -179,7 +179,7 @@ public class CreateChangeIT extends AbstractDaemonTest {
|
||||
public void createChangeWithoutAccessToParentCommitFails() throws Exception {
|
||||
Map<String, PushOneCommit.Result> results =
|
||||
changeInTwoBranches("invisible-branch", "a.txt", "visible-branch", "b.txt");
|
||||
block(READ, REGISTERED_USERS, "refs/heads/invisible-branch", project);
|
||||
block(project, "refs/heads/invisible-branch", READ, REGISTERED_USERS);
|
||||
|
||||
ChangeInput in = newChangeInput(ChangeStatus.NEW);
|
||||
in.branch = "visible-branch";
|
||||
@@ -191,7 +191,7 @@ public class CreateChangeIT extends AbstractDaemonTest {
|
||||
@Test
|
||||
public void createChangeOnInvisibleBranchFails() throws Exception {
|
||||
changeInTwoBranches("invisible-branch", "a.txt", "branchB", "b.txt");
|
||||
block(READ, REGISTERED_USERS, "refs/heads/invisible-branch", project);
|
||||
block(project, "refs/heads/invisible-branch", READ, REGISTERED_USERS);
|
||||
|
||||
ChangeInput in = newChangeInput(ChangeStatus.NEW);
|
||||
in.branch = "invisible-branch";
|
||||
|
||||
@@ -126,15 +126,15 @@ public class DraftChangeIT extends AbstractDaemonTest {
|
||||
String changeId = changeResult.getChangeId();
|
||||
|
||||
// Grant those permissions to admins.
|
||||
grant(Permission.VIEW_DRAFTS, project, "refs/*");
|
||||
grant(Permission.DELETE_DRAFTS, project, "refs/*");
|
||||
grant(project, "refs/*", Permission.VIEW_DRAFTS);
|
||||
grant(project, "refs/*", Permission.DELETE_DRAFTS);
|
||||
|
||||
try {
|
||||
setApiUser(admin);
|
||||
gApi.changes().id(changeId).delete();
|
||||
} finally {
|
||||
removePermission(Permission.DELETE_DRAFTS, project, "refs/*");
|
||||
removePermission(Permission.VIEW_DRAFTS, project, "refs/*");
|
||||
removePermission(project, "refs/*", Permission.DELETE_DRAFTS);
|
||||
removePermission(project, "refs/*", Permission.VIEW_DRAFTS);
|
||||
}
|
||||
|
||||
setApiUser(user);
|
||||
|
||||
@@ -259,7 +259,7 @@ public class HashtagsIT extends AbstractDaemonTest {
|
||||
@Test
|
||||
public void addHashtagWithPermissionAllowed() throws Exception {
|
||||
PushOneCommit.Result r = createChange();
|
||||
grant(Permission.EDIT_HASHTAGS, project, "refs/heads/master", false, REGISTERED_USERS);
|
||||
grant(project, "refs/heads/master", Permission.EDIT_HASHTAGS, false, REGISTERED_USERS);
|
||||
setApiUser(user);
|
||||
addHashtags(r, "MyHashtag");
|
||||
assertThatGet(r).containsExactly("MyHashtag");
|
||||
|
||||
@@ -159,9 +159,9 @@ public class MoveChangeIT extends AbstractDaemonTest {
|
||||
new Branch.NameKey(r.getChange().change().getProject(), "blocked_branch");
|
||||
createBranch(newBranch);
|
||||
block(
|
||||
"refs/for/" + newBranch.get(),
|
||||
Permission.PUSH,
|
||||
systemGroupBackend.getGroup(REGISTERED_USERS).getUUID(),
|
||||
"refs/for/" + newBranch.get());
|
||||
systemGroupBackend.getGroup(REGISTERED_USERS).getUUID());
|
||||
exception.expect(AuthException.class);
|
||||
exception.expectMessage("move not permitted");
|
||||
move(r.getChangeId(), newBranch.get());
|
||||
@@ -174,9 +174,9 @@ public class MoveChangeIT extends AbstractDaemonTest {
|
||||
Branch.NameKey newBranch = new Branch.NameKey(r.getChange().change().getProject(), "moveTest");
|
||||
createBranch(newBranch);
|
||||
block(
|
||||
r.getChange().change().getDest().get(),
|
||||
Permission.ABANDON,
|
||||
systemGroupBackend.getGroup(REGISTERED_USERS).getUUID(),
|
||||
r.getChange().change().getDest().get());
|
||||
systemGroupBackend.getGroup(REGISTERED_USERS).getUUID());
|
||||
setApiUser(user);
|
||||
exception.expect(AuthException.class);
|
||||
exception.expectMessage("move not permitted");
|
||||
@@ -219,7 +219,7 @@ public class MoveChangeIT extends AbstractDaemonTest {
|
||||
Util.allow(
|
||||
cfg, Permission.forLabel(patchSetLock.getName()), 0, 1, registeredUsers, "refs/heads/*");
|
||||
saveProjectConfig(cfg);
|
||||
grant(Permission.LABEL + "Patch-Set-Lock", project, "refs/heads/*");
|
||||
grant(project, "refs/heads/*", Permission.LABEL + "Patch-Set-Lock");
|
||||
revision(r).review(new ReviewInput().label("Patch-Set-Lock", 1));
|
||||
|
||||
exception.expect(AuthException.class);
|
||||
|
||||
@@ -193,8 +193,8 @@ public class SubmitByFastForwardIT extends AbstractSubmit {
|
||||
public void submitSameCommitsAsInExperimentalBranch() throws Exception {
|
||||
RevCommit initialHead = getRemoteHead();
|
||||
|
||||
grant(Permission.CREATE, project, "refs/heads/*");
|
||||
grant(Permission.PUSH, project, "refs/heads/experimental");
|
||||
grant(project, "refs/heads/*", Permission.CREATE);
|
||||
grant(project, "refs/heads/experimental", Permission.PUSH);
|
||||
|
||||
RevCommit c1 = commitBuilder().add("b.txt", "1").message("commit at tip").create();
|
||||
String id1 = GitUtil.getChangeId(testRepo, c1).get();
|
||||
|
||||
@@ -144,7 +144,7 @@ public class SuggestReviewersIT extends AbstractDaemonTest {
|
||||
List<SuggestedReviewerInfo> reviewers;
|
||||
|
||||
setApiUser(user3);
|
||||
block("read", ANONYMOUS_USERS, "refs/*");
|
||||
block("refs/*", "read", ANONYMOUS_USERS);
|
||||
allow("read", group1.getGroupUUID(), "refs/*");
|
||||
reviewers = suggestReviewers(changeId, user2.username, 2);
|
||||
assertThat(reviewers).isEmpty();
|
||||
|
||||
@@ -80,7 +80,7 @@ public class CreateBranchIT extends AbstractDaemonTest {
|
||||
}
|
||||
|
||||
private void blockCreateReference() throws Exception {
|
||||
block(Permission.CREATE, ANONYMOUS_USERS, "refs/*");
|
||||
block("refs/*", Permission.CREATE, ANONYMOUS_USERS);
|
||||
}
|
||||
|
||||
private void grantOwner() throws Exception {
|
||||
|
||||
@@ -87,11 +87,11 @@ public class DeleteBranchIT extends AbstractDaemonTest {
|
||||
}
|
||||
|
||||
private void blockForcePush() throws Exception {
|
||||
block(Permission.PUSH, ANONYMOUS_USERS, "refs/heads/*").setForce(true);
|
||||
block("refs/heads/*", Permission.PUSH, ANONYMOUS_USERS).setForce(true);
|
||||
}
|
||||
|
||||
private void grantForcePush() throws Exception {
|
||||
grant(Permission.PUSH, project, "refs/heads/*", true, ANONYMOUS_USERS);
|
||||
grant(project, "refs/heads/*", Permission.PUSH, true, ANONYMOUS_USERS);
|
||||
}
|
||||
|
||||
private void grantDelete() throws Exception {
|
||||
|
||||
@@ -83,11 +83,11 @@ public class DeleteTagIT extends AbstractDaemonTest {
|
||||
}
|
||||
|
||||
private void blockForcePush() throws Exception {
|
||||
block(Permission.PUSH, ANONYMOUS_USERS, "refs/tags/*").setForce(true);
|
||||
block("refs/tags/*", Permission.PUSH, ANONYMOUS_USERS).setForce(true);
|
||||
}
|
||||
|
||||
private void grantForcePush() throws Exception {
|
||||
grant(Permission.PUSH, project, "refs/tags/*", true, ANONYMOUS_USERS);
|
||||
grant(project, "refs/tags/*", Permission.PUSH, true, ANONYMOUS_USERS);
|
||||
}
|
||||
|
||||
private void grantDelete() throws Exception {
|
||||
|
||||
@@ -220,7 +220,7 @@ public class PushTagIT extends AbstractDaemonTest {
|
||||
}
|
||||
|
||||
if (!newCommit) {
|
||||
grant(Permission.SUBMIT, project, "refs/for/refs/heads/master", false, REGISTERED_USERS);
|
||||
grant(project, "refs/for/refs/heads/master", Permission.SUBMIT, false, REGISTERED_USERS);
|
||||
pushHead(testRepo, "refs/for/master%submit");
|
||||
}
|
||||
|
||||
@@ -243,26 +243,26 @@ public class PushTagIT extends AbstractDaemonTest {
|
||||
}
|
||||
|
||||
private void allowTagCreation(TagType tagType) throws Exception {
|
||||
grant(tagType.createPermission, project, "refs/tags/*", false, REGISTERED_USERS);
|
||||
grant(project, "refs/tags/*", tagType.createPermission, false, REGISTERED_USERS);
|
||||
}
|
||||
|
||||
private void allowPushOnRefsTags() throws Exception {
|
||||
removePushFromRefsTags();
|
||||
grant(Permission.PUSH, project, "refs/tags/*", false, REGISTERED_USERS);
|
||||
grant(project, "refs/tags/*", Permission.PUSH, false, REGISTERED_USERS);
|
||||
}
|
||||
|
||||
private void allowForcePushOnRefsTags() throws Exception {
|
||||
removePushFromRefsTags();
|
||||
grant(Permission.PUSH, project, "refs/tags/*", true, REGISTERED_USERS);
|
||||
grant(project, "refs/tags/*", Permission.PUSH, true, REGISTERED_USERS);
|
||||
}
|
||||
|
||||
private void allowTagDeletion() throws Exception {
|
||||
removePushFromRefsTags();
|
||||
grant(Permission.DELETE, project, "refs/tags/*", true, REGISTERED_USERS);
|
||||
grant(project, "refs/tags/*", Permission.DELETE, true, REGISTERED_USERS);
|
||||
}
|
||||
|
||||
private void removePushFromRefsTags() throws Exception {
|
||||
removePermission(Permission.PUSH, project, "refs/tags/*");
|
||||
removePermission(project, "refs/tags/*", Permission.PUSH);
|
||||
}
|
||||
|
||||
private void commit(PersonIdent ident, String subject) throws Exception {
|
||||
|
||||
@@ -239,7 +239,7 @@ public class TagsIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void createTagNotAllowed() throws Exception {
|
||||
block(Permission.CREATE, REGISTERED_USERS, R_TAGS + "*");
|
||||
block(R_TAGS + "*", Permission.CREATE, REGISTERED_USERS);
|
||||
TagInput input = new TagInput();
|
||||
input.ref = "test";
|
||||
exception.expect(AuthException.class);
|
||||
@@ -249,7 +249,7 @@ public class TagsIT extends AbstractDaemonTest {
|
||||
|
||||
@Test
|
||||
public void createAnnotatedTagNotAllowed() throws Exception {
|
||||
block(Permission.CREATE_TAG, REGISTERED_USERS, R_TAGS + "*");
|
||||
block(R_TAGS + "*", Permission.CREATE_TAG, REGISTERED_USERS);
|
||||
TagInput input = new TagInput();
|
||||
input.ref = "test";
|
||||
input.message = "annotation";
|
||||
|
||||
@@ -556,9 +556,9 @@ public class ProjectWatchIT extends AbstractDaemonTest {
|
||||
// create group that can view all drafts
|
||||
GroupInfo groupThatCanViewDrafts = gApi.groups().create("groupThatCanViewDrafts").get();
|
||||
grant(
|
||||
Permission.VIEW_DRAFTS,
|
||||
new Project.NameKey(watchedProject),
|
||||
"refs/*",
|
||||
Permission.VIEW_DRAFTS,
|
||||
false,
|
||||
new AccountGroup.UUID(groupThatCanViewDrafts.id));
|
||||
|
||||
@@ -682,9 +682,9 @@ public class ProjectWatchIT extends AbstractDaemonTest {
|
||||
GroupInfo groupThatCanViewPrivateChanges =
|
||||
gApi.groups().create("groupThatCanViewPrivateChanges").get();
|
||||
grant(
|
||||
Permission.VIEW_PRIVATE_CHANGES,
|
||||
new Project.NameKey(watchedProject),
|
||||
"refs/*",
|
||||
Permission.VIEW_PRIVATE_CHANGES,
|
||||
false,
|
||||
new AccountGroup.UUID(groupThatCanViewPrivateChanges.id));
|
||||
|
||||
|
||||
Reference in New Issue
Block a user