Disallow projects to inherit from All-Users

There are exactly zero cases where a project inheriting from All-Users
is a meaningful configuration. It's better to deny attempts to make such
a setting with a clear error message.

Change-Id: Id5a94a26c3816e6ddde8e2b2bd3362977aea5911
Signed-off-by: Edwin Kempin <ekempin@google.com>

java/com/google/gerrit/server/restapi/project/CreateProject.java

@@ -47,6 +47,7 @@ import com.google.gerrit.server.GerritPersonIdent;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.GroupBackend;
 import com.google.gerrit.server.config.AllProjectsName;
+import com.google.gerrit.server.config.AllUsersName;
 import com.google.gerrit.server.config.ProjectOwnerGroupsProvider;
 import com.google.gerrit.server.config.RepositoryConfig;
 import com.google.gerrit.server.extensions.events.AbstractNoNotifyEvent;
@@ -110,6 +111,7 @@ public class CreateProject implements RestModifyView<TopLevelResource, ProjectIn
   private final Provider<IdentifiedUser> identifiedUser;
   private final Provider<PutConfig> putConfig;
   private final AllProjectsName allProjects;
+  private final AllUsersName allUsers;
   private final DynamicItem<ProjectNameLockManager> lockManager;
   private final String name;
 
@@ -131,6 +133,7 @@ public class CreateProject implements RestModifyView<TopLevelResource, ProjectIn
       Provider<IdentifiedUser> identifiedUser,
       Provider<PutConfig> putConfig,
       AllProjectsName allProjects,
+      AllUsersName allUsers,
       DynamicItem<ProjectNameLockManager> lockManager,
       @Assisted String name) {
     this.projectsCollection = projectsCollection;
@@ -149,6 +152,7 @@ public class CreateProject implements RestModifyView<TopLevelResource, ProjectIn
     this.identifiedUser = identifiedUser;
     this.putConfig = putConfig;
     this.allProjects = allProjects;
+    this.allUsers = allUsers;
     this.lockManager = lockManager;
     this.name = name;
   }
@@ -169,6 +173,10 @@ public class CreateProject implements RestModifyView<TopLevelResource, ProjectIn
     String parentName =
         MoreObjects.firstNonNull(Strings.emptyToNull(input.parent), allProjects.get());
     args.newParent = projectsCollection.get().parse(parentName, false).getNameKey();
+    if (args.newParent.equals(allUsers)) {
+      throw new ResourceConflictException(
+          String.format("Cannot inherit from '%s' project", allUsers.get()));
+    }
     args.createEmptyCommit = input.createEmptyCommit;
     args.permissionsOnly = input.permissionsOnly;
     args.projectDescription = Strings.emptyToNull(input.description);

java/com/google/gerrit/server/restapi/project/SetParent.java

@@ -126,6 +126,11 @@ public class SetParent implements RestModifyView<ProjectResource, ParentInput> {
       throw new ResourceConflictException("cannot set parent of " + allProjects.get());
     }
 
+    if (allUsers.get().equals(newParent)) {
+      throw new ResourceConflictException(
+          String.format("Cannot inherit from '%s' project", allUsers.get()));
+    }
+
     newParent = Strings.emptyToNull(newParent);
     if (newParent != null) {
       ProjectState parent = cache.get(new Project.NameKey(newParent));