Allow per-branch OWN +1 to delegate branch ownership

We now correctly honor OWN +1 on reference names other than refs/* to delegate ownership (aka access control management) to a subnamespace within the larger reference namespace of the project. This permits a project owner to hand out control over a particular namespace to another group, e.g. refs/heads/qa/* can be delegated fully to the QA group, allowing its members to manage the Submit and Push Branch access control rules only within that subspace. The client UI is still really crude here. For example, it allows you to try to change global project settings, but then throws back the server exception when the server rejects your edit. It also allows you to try to delete access rights which you can't delete, and again just throws back the server error message. We really could be smarter here in the future, but the client doesn't have the RefControl processing logic required to understand which rows it can change, and which it cannot. Change-Id: I83c607eaea92d9fd7e40ed93f38b2c4478ec842f Signed-off-by: Shawn O. Pearce <sop@google.com> Reviewed-by: Nico Sallembien <nsallembien@google.com>
2010-01-27 15:55:09 -08:00
parent 5aa47fee31
commit d9d7fe02b0
9 changed files with 78 additions and 10 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/NoSuchRefException.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/NoSuchRefException.java
@@ -0,0 +1,28 @@
+// Copyright (C) 2010 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.server.project;
+
+/** Indicates the reference does not exist. */
+public class NoSuchRefException extends Exception {
+  private static final long serialVersionUID = 1L;
+
+  public NoSuchRefException(final String ref) {
+    this(ref, null);
+  }
+
+  public NoSuchRefException(final String ref, final Throwable why) {
+    super(ref, why);
+  }
+}
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
@@ -124,6 +124,12 @@ public class ProjectControl {
        || getCurrentUser().isAdministrator();
  }

+  /** Does this user have ownership on at least one reference name? */
+  public boolean isOwnerAnyRef() {
+    return canPerformOnAnyRef(ApprovalCategory.OWN, (short) 1)
+        || getCurrentUser().isAdministrator();
+  }
+
  /** @return true if the user can upload to at least one reference */
  public boolean canUploadToAtLeastOneRef() {
    return canPerformOnAnyRef(ApprovalCategory.READ, (short) 2);