opendev/gerrit
Code Issues Proposed changes

Merge "GrantRevertPermission only adds the permisions once" into stable-3.2

Browse Source
This commit is contained in:
David Pursehouse
2020-05-08 13:47:03 +00:00
committed by Gerrit Code Review
parent 635f7b0a82 d3b8c32d81
commit e668cbd94d
2 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/com/google/gerrit/server/schema/GrantRevertPermission.java
View File

@@ -18,6 +18,7 @@ import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS
import static com.google.gerrit.server.schema.AclUtil.grant; import static com.google.gerrit.server.schema.AclUtil.grant;
import com.google.gerrit.common.data.AccessSection; import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.common.data.Permission; import com.google.gerrit.common.data.Permission;
import com.google.gerrit.entities.Project; import com.google.gerrit.entities.Project;
import com.google.gerrit.server.GerritPersonIdent; import com.google.gerrit.server.GerritPersonIdent;
@@ -57,12 +58,18 @@ public class GrantRevertPermission {
} }
public void execute(Project.NameKey projectName) throws IOException, ConfigInvalidException { public void execute(Project.NameKey projectName) throws IOException, ConfigInvalidException {
GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS);
try (Repository repo = repoManager.openRepository(projectName)) { try (Repository repo = repoManager.openRepository(projectName)) {
MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, projectName, repo); MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, projectName, repo);
ProjectConfig projectConfig = projectConfigFactory.read(md); ProjectConfig projectConfig = projectConfigFactory.read(md);
AccessSection heads = projectConfig.getAccessSection(AccessSection.HEADS, true); AccessSection heads = projectConfig.getAccessSection(AccessSection.HEADS, true);
grant(projectConfig, heads, Permission.REVERT, systemGroupBackend.getGroup(REGISTERED_USERS)); Permission permission = heads.getPermission(Permission.REVERT);
if (permission != null && permission.getRule(registeredUsers) != null) {
// permission already exists, don't do anything.
return;
}
grant(projectConfig, heads, Permission.REVERT, registeredUsers);
md.getCommitBuilder().setAuthor(serverUser); md.getCommitBuilder().setAuthor(serverUser);
md.getCommitBuilder().setCommitter(serverUser); md.getCommitBuilder().setCommitter(serverUser);

23
javatests/com/google/gerrit/acceptance/rest/project/AccessIT.java
View File

@@ -52,6 +52,8 @@ import com.google.gerrit.extensions.restapi.BadRequestException;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException; import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.webui.FileHistoryWebLink; import com.google.gerrit.extensions.webui.FileHistoryWebLink;
import com.google.gerrit.server.config.AllProjectsNameProvider; import com.google.gerrit.server.config.AllProjectsNameProvider;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.meta.MetaDataUpdate;
import com.google.gerrit.server.group.SystemGroupBackend; import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectConfig; import com.google.gerrit.server.project.ProjectConfig;
import com.google.gerrit.server.schema.GrantRevertPermission; import com.google.gerrit.server.schema.GrantRevertPermission;
@@ -91,20 +93,35 @@ public class AccessIT extends AbstractDaemonTest {
@Test @Test
public void grantRevertPermission() throws Exception { public void grantRevertPermission() throws Exception {
String ref = "refs/heads/*"; String ref = "refs/heads/*";
String permissionName = "revert";
String groupId = "global:Registered-Users"; String groupId = "global:Registered-Users";
grantRevertPermission.execute(newProjectName); grantRevertPermission.execute(newProjectName);
ProjectAccessInfo info = pApi().access(); ProjectAccessInfo info = pApi().access();
assertThat(info.local.containsKey(ref)).isTrue(); assertThat(info.local.containsKey(ref)).isTrue();
AccessSectionInfo accessSectionInfo = info.local.get(ref); AccessSectionInfo accessSectionInfo = info.local.get(ref);
assertThat(accessSectionInfo.permissions.containsKey(permissionName)).isTrue(); assertThat(accessSectionInfo.permissions.containsKey(Permission.REVERT)).isTrue();
PermissionInfo permissionInfo = accessSectionInfo.permissions.get(permissionName); PermissionInfo permissionInfo = accessSectionInfo.permissions.get(Permission.REVERT);
assertThat(permissionInfo.rules.containsKey(groupId)).isTrue(); assertThat(permissionInfo.rules.containsKey(groupId)).isTrue();
PermissionRuleInfo permissionRuleInfo = permissionInfo.rules.get(groupId); PermissionRuleInfo permissionRuleInfo = permissionInfo.rules.get(groupId);
assertThat(permissionRuleInfo.action).isEqualTo(PermissionRuleInfo.Action.ALLOW); assertThat(permissionRuleInfo.action).isEqualTo(PermissionRuleInfo.Action.ALLOW);
} }
@Test
public void grantRevertPermissionOnlyWorksOnce() throws Exception {
grantRevertPermission.execute(newProjectName);
grantRevertPermission.execute(newProjectName);
try (Repository repo = repoManager.openRepository(newProjectName)) {
MetaDataUpdate md = new MetaDataUpdate(GitReferenceUpdated.DISABLED, newProjectName, repo);
ProjectConfig projectConfig = projectConfigFactory.read(md);
AccessSection heads = projectConfig.getAccessSection(AccessSection.HEADS, true);
Permission permission = heads.getPermission(Permission.REVERT);
assertThat(permission.getRules()).hasSize(1);
}
}
@Test @Test
public void getDefaultInheritance() throws Exception { public void getDefaultInheritance() throws Exception {
String inheritedName = pApi().access().inheritsFrom.name; String inheritedName = pApi().access().inheritsFrom.name;