Disallow publish change edit when user has not signed CLA

Bug: issue 3504
Change-Id: I4b3b5607e8742c90ceb68e87c571df076cd82dad
This commit is contained in:
David Ostrovsky
2015-07-31 00:30:44 +02:00
committed by David Ostrovsky
parent 0573f65bff
commit d1a1699dd1
3 changed files with 35 additions and 0 deletions

View File

@@ -29,6 +29,7 @@ import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule; import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.extensions.api.GerritApi; import com.google.gerrit.extensions.api.GerritApi;
import com.google.gerrit.extensions.api.changes.RevisionApi; import com.google.gerrit.extensions.api.changes.RevisionApi;
import com.google.gerrit.extensions.client.InheritableBoolean;
import com.google.gerrit.extensions.client.ListChangesOption; import com.google.gerrit.extensions.client.ListChangesOption;
import com.google.gerrit.extensions.common.ChangeInfo; import com.google.gerrit.extensions.common.ChangeInfo;
import com.google.gerrit.extensions.common.EditInfo; import com.google.gerrit.extensions.common.EditInfo;
@@ -307,6 +308,15 @@ public abstract class AbstractDaemonTest {
saveProjectConfig(allProjects, cfg); saveProjectConfig(allProjects, cfg);
} }
protected void setUseContributorAgreements(InheritableBoolean value)
throws Exception {
MetaDataUpdate md = metaDataUpdateFactory.create(project);
ProjectConfig config = ProjectConfig.read(md);
config.getProject().setUseContributorAgreements(value);
config.commit(md);
projectCache.evict(config.getProject());
}
protected void deny(String permission, AccountGroup.UUID id, String ref) protected void deny(String permission, AccountGroup.UUID id, String ref)
throws Exception { throws Exception {
ProjectConfig cfg = projectCache.checkedGet(project).getConfig(); ProjectConfig cfg = projectCache.checkedGet(project).getConfig();

View File

@@ -21,6 +21,7 @@ import static com.google.gerrit.acceptance.GitUtil.createProject;
import static java.nio.charset.StandardCharsets.UTF_8; import static java.nio.charset.StandardCharsets.UTF_8;
import static java.util.concurrent.TimeUnit.MILLISECONDS; import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static java.util.concurrent.TimeUnit.SECONDS; import static java.util.concurrent.TimeUnit.SECONDS;
import static org.apache.http.HttpStatus.SC_FORBIDDEN;
import static org.apache.http.HttpStatus.SC_CONFLICT; import static org.apache.http.HttpStatus.SC_CONFLICT;
import static org.apache.http.HttpStatus.SC_NOT_FOUND; import static org.apache.http.HttpStatus.SC_NOT_FOUND;
import static org.apache.http.HttpStatus.SC_NO_CONTENT; import static org.apache.http.HttpStatus.SC_NO_CONTENT;
@@ -35,6 +36,7 @@ import com.google.gerrit.acceptance.PushOneCommit;
import com.google.gerrit.acceptance.RestResponse; import com.google.gerrit.acceptance.RestResponse;
import com.google.gerrit.acceptance.RestSession; import com.google.gerrit.acceptance.RestSession;
import com.google.gerrit.extensions.api.changes.ReviewInput; import com.google.gerrit.extensions.api.changes.ReviewInput;
import com.google.gerrit.extensions.client.InheritableBoolean;
import com.google.gerrit.extensions.client.ListChangesOption; import com.google.gerrit.extensions.client.ListChangesOption;
import com.google.gerrit.extensions.common.ApprovalInfo; import com.google.gerrit.extensions.common.ApprovalInfo;
import com.google.gerrit.extensions.common.ChangeInfo; import com.google.gerrit.extensions.common.ChangeInfo;
@@ -187,6 +189,22 @@ public class ChangeEditIT extends AbstractDaemonTest {
assertThat(edit.isPresent()).isFalse(); assertThat(edit.isPresent()).isFalse();
} }
@Test
public void publishEditRestWithoutCLA() throws Exception {
setUseContributorAgreements(InheritableBoolean.TRUE);
PatchSet oldCurrentPatchSet = getCurrentPatchSet(changeId);
assertThat(modifier.createEdit(change, oldCurrentPatchSet)).isEqualTo(
RefUpdate.Result.NEW);
assertThat(
modifier.modifyFile(editUtil.byChange(change).get(), FILE_NAME,
RestSession.newRawInput(CONTENT_NEW))).isEqualTo(RefUpdate.Result.FORCED);
RestResponse r = adminSession.post(urlPublish());
assertThat(r.getStatusCode()).isEqualTo(SC_FORBIDDEN);
setUseContributorAgreements(InheritableBoolean.FALSE);
r = adminSession.post(urlPublish());
assertThat(r.getStatusCode()).isEqualTo(SC_NO_CONTENT);
}
@Test @Test
public void rebaseEdit() throws Exception { public void rebaseEdit() throws Exception {
assertThat(modifier.createEdit(change, ps)).isEqualTo(RefUpdate.Result.NEW); assertThat(modifier.createEdit(change, ps)).isEqualTo(RefUpdate.Result.NEW);

View File

@@ -15,6 +15,7 @@
package com.google.gerrit.server.change; package com.google.gerrit.server.change;
import com.google.common.base.Optional; import com.google.common.base.Optional;
import com.google.gerrit.common.data.Capable;
import com.google.gerrit.extensions.registration.DynamicMap; import com.google.gerrit.extensions.registration.DynamicMap;
import com.google.gerrit.extensions.restapi.AcceptsPost; import com.google.gerrit.extensions.restapi.AcceptsPost;
import com.google.gerrit.extensions.restapi.AuthException; import com.google.gerrit.extensions.restapi.AuthException;
@@ -85,6 +86,12 @@ public class PublishChangeEdit implements
public Response<?> apply(ChangeResource rsrc, Publish.Input in) public Response<?> apply(ChangeResource rsrc, Publish.Input in)
throws AuthException, ResourceConflictException, NoSuchChangeException, throws AuthException, ResourceConflictException, NoSuchChangeException,
IOException, InvalidChangeOperationException, OrmException { IOException, InvalidChangeOperationException, OrmException {
Capable r =
rsrc.getControl().getProjectControl().canPushToAtLeastOneRef();
if (r != Capable.OK) {
throw new AuthException(r.getMessage());
}
Optional<ChangeEdit> edit = editUtil.byChange(rsrc.getChange()); Optional<ChangeEdit> edit = editUtil.byChange(rsrc.getChange());
if (!edit.isPresent()) { if (!edit.isPresent()) {
throw new ResourceConflictException(String.format( throw new ResourceConflictException(String.format(