opendev/gerrit
Code Issues Proposed changes

Move system groups into their own backend

Browse Source 
Delete 'Anonymous Users', 'Registered Users', 'Project Owners' and
'Change Owner' from the database and account_groups table.  Define
them inside of a specialized SystemGroupBackend class.

Change-Id: Ia67add4630579f3d0ce25edcfd662bbcf918dc8f
This commit is contained in:
Shawn Pearce 2013-12-02 11:26:13 -08:00
parent 7f1bb28e9a
commit f43e915c5d
41 changed files with 409 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/account/CapabilitiesIT.java
View File

@ -16,6 +16,7 @@ package com.google.gerrit.acceptance.rest.account;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import com.google.gerrit.acceptance.AbstractDaemonTest;
@ -27,11 +28,10 @@ import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.account.GroupCache;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
@ -54,9 +54,6 @@ public class CapabilitiesIT extends AbstractDaemonTest {
@Inject
private MetaDataUpdate.Server metaDataUpdateFactory;
@Inject
private GroupCache groupCache;
@Inject
private ProjectCache projectCache;
@ -113,6 +110,7 @@ public class CapabilitiesIT extends AbstractDaemonTest {
if (GlobalCapability.PRIORITY.equals(c)) {
assertFalse(info.priority);
} else if (GlobalCapability.QUERY_LIMIT.equals(c)) {
assertNotNull("missing queryLimit", info.queryLimit);
assertEquals(0, info.queryLimit.min);
assertEquals(500, info.queryLimit.max);
} else if (GlobalCapability.ACCESS_DATABASE.equals(c)) {
@ -138,11 +136,9 @@ public class CapabilitiesIT extends AbstractDaemonTest {
continue;
}
Permission p = s.getPermission(c, true);
AccountGroup projectOwnersGroup = groupCache.get(
new AccountGroup.NameKey("Registered Users"));
PermissionRule rule = new PermissionRule(
config.resolve(projectOwnersGroup));
p.add(rule);
p.add(new PermissionRule(
config.resolve(SystemGroupBackend.getGroup(
SystemGroupBackend.REGISTERED_USERS))));
}
config.commit(md);
projectCache.evict(config.getProject());

10
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/change/ChangeOwnerIT.java
View File

@ -31,12 +31,11 @@ import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.extensions.api.changes.ReviewInput;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.account.GroupCache;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gwtorm.server.OrmException;
import com.google.gwtorm.server.SchemaFactory;
@ -69,9 +68,6 @@ public class ChangeOwnerIT extends AbstractDaemonTest {
@Inject
private ProjectCache projectCache;
@Inject
private GroupCache groupCache;
private TestAccount owner;
private TestAccount dev;
@ -138,10 +134,8 @@ public class ChangeOwnerIT extends AbstractDaemonTest {
ProjectConfig config = ProjectConfig.read(md);
AccessSection s = config.getAccessSection("refs/heads/*", true);
Permission p = s.getPermission(LABEL + "Code-Review", true);
AccountGroup changeOwnerGroup = groupCache
.get(new AccountGroup.NameKey("Change Owner"));
PermissionRule rule = new PermissionRule(config
.resolve(changeOwnerGroup));
.resolve(SystemGroupBackend.getGroup(SystemGroupBackend.CHANGE_OWNER)));
rule.setMin(-2);
rule.setMax(+2);
p.add(rule);

22
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/group/SystemGroupsIT.java → gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/group/DefaultGroupsIT.java
View File

@ -41,13 +41,13 @@ import java.util.Map;
import java.util.Set;
/**
* An example test that tests presence of system groups in a newly initialized
* An example test that tests presence of default groups in a newly initialized
* review site.
*
* The test shows how to perform these checks via SSH, REST or using Gerrit
* internals.
*/
public class SystemGroupsIT extends AbstractDaemonTest {
public class DefaultGroupsIT extends AbstractDaemonTest {
@Inject
private SchemaFactory<ReviewDb> reviewDbProvider;
@ -64,20 +64,16 @@ public class SystemGroupsIT extends AbstractDaemonTest {
}
@Test
public void systemGroupsCreated_ssh() throws JSchException, IOException {
public void defaultGroupsCreated_ssh() throws JSchException, IOException {
SshSession session = new SshSession(server, admin);
String result = session.exec("gerrit ls-groups");
assertTrue(result.contains("Administrators"));
assertTrue(result.contains("Anonymous Users"));
assertTrue(result.contains("Change Owner"));
assertTrue(result.contains("Non-Interactive Users"));
assertTrue(result.contains("Project Owners"));
assertTrue(result.contains("Registered Users"));
session.close();
}
@Test
public void systemGroupsCreated_rest() throws IOException {
public void defaultGroupsCreated_rest() throws IOException {
RestSession session = new RestSession(server, admin);
RestResponse r = session.get("/groups/");
Gson gson = new Gson();
@ -85,15 +81,11 @@ public class SystemGroupsIT extends AbstractDaemonTest {
gson.fromJson(r.getReader(), new TypeToken<Map<String, GroupInfo>>() {}.getType());
Set<String> names = result.keySet();
assertTrue(names.contains("Administrators"));
assertTrue(names.contains("Anonymous Users"));
assertTrue(names.contains("Change Owner"));
assertTrue(names.contains("Non-Interactive Users"));
assertTrue(names.contains("Project Owners"));
assertTrue(names.contains("Registered Users"));
}
@Test
public void systemGroupsCreated_internals() throws OrmException {
public void defaultGroupsCreated_internals() throws OrmException {
ReviewDb db = reviewDbProvider.open();
try {
Set<String> names = Sets.newHashSet();
@ -101,11 +93,7 @@ public class SystemGroupsIT extends AbstractDaemonTest {
names.add(g.getName());
}
assertTrue(names.contains("Administrators"));
assertTrue(names.contains("Anonymous Users"));
assertTrue(names.contains("Change Owner"));
assertTrue(names.contains("Non-Interactive Users"));
assertTrue(names.contains("Project Owners"));
assertTrue(names.contains("Registered Users"));
} finally {
db.close();
}

19
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/group/GroupPropertiesIT.java
View File

@ -14,9 +14,8 @@
package com.google.gerrit.acceptance.rest.group;
import static com.google.gerrit.acceptance.rest.group.GroupAssert.toBoolean;
import static com.google.gerrit.acceptance.rest.group.GroupAssert.assertGroupInfo;
import static com.google.gerrit.acceptance.rest.group.GroupAssert.toBoolean;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@ -26,8 +25,10 @@ import com.google.gerrit.acceptance.AccountCreator;
import com.google.gerrit.acceptance.RestResponse;
import com.google.gerrit.acceptance.RestSession;
import com.google.gerrit.acceptance.TestAccount;
import com.google.gerrit.extensions.restapi.Url;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.account.GroupCache;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import com.google.inject.Inject;
@ -69,8 +70,12 @@ public class GroupPropertiesIT extends AbstractDaemonTest {
r.consume();
// set name with name conflict
String newGroupName = "newGroup";
r = session.put("/groups/" + newGroupName);
r.consume();
assertEquals(HttpStatus.SC_CREATED, r.getStatusCode());
GroupNameInput in = new GroupNameInput();
in.name = "Registered Users";
in.name = newGroupName;
r = session.put(url, in);
assertEquals(HttpStatus.SC_CONFLICT, r.getStatusCode());
r.consume();
@ -178,8 +183,12 @@ public class GroupPropertiesIT extends AbstractDaemonTest {
GroupInfo newOwner = (new Gson()).fromJson(r.getReader(), new TypeToken<GroupInfo>() {}.getType());
assertEquals(HttpStatus.SC_OK, r.getStatusCode());
assertEquals(in.owner, newOwner.name);
adminGroup = groupCache.get(adminGroupName);
assertGroupInfo(groupCache.get(adminGroup.getOwnerGroupUUID()), newOwner);
assertEquals(
SystemGroupBackend.getGroup(SystemGroupBackend.REGISTERED_USERS).getName(),
newOwner.name);
assertEquals(
SystemGroupBackend.REGISTERED_USERS.get(),
Url.decode(newOwner.id));
r.consume();
// set owner by UUID

27
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/group/ListGroupsIT.java
View File

@ -16,6 +16,8 @@ package com.google.gerrit.acceptance.rest.group;
import static com.google.gerrit.acceptance.rest.group.GroupAssert.assertGroupInfo;
import static com.google.gerrit.acceptance.rest.group.GroupAssert.assertGroups;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import com.google.common.base.Function;
import com.google.common.collect.Iterables;
@ -35,6 +37,7 @@ import com.google.inject.Inject;
import com.jcraft.jsch.JSchException;
import org.apache.http.HttpStatus;
import org.junit.Before;
import org.junit.Test;
@ -79,13 +82,29 @@ public class ListGroupsIT extends AbstractDaemonTest {
@Test
public void testOnlyVisibleGroupsReturned() throws OrmException,
JSchException, IOException {
Set<String> expectedGroups = Sets.newHashSet();
expectedGroups.add("Anonymous Users");
expectedGroups.add("Registered Users");
TestAccount user = accounts.create("user", "user@example.com", "User");
RestResponse r = new RestSession(server, user).get("/groups/");
RestSession userSession = new RestSession(server, user);
String newGroupName = "newGroup";
GroupInput in = new GroupInput();
in.description = "a hidden group";
in.visible_to_all = false;
in.owner_id = groupCache.get(new AccountGroup.NameKey("Administrators"))
.getGroupUUID().get();
session.put("/groups/" + newGroupName, in).consume();
Set<String> expectedGroups = Sets.newHashSet(newGroupName);
RestResponse r = userSession.get("/groups/");
Map<String, GroupInfo> result =
(new Gson()).fromJson(r.getReader(), new TypeToken<Map<String, GroupInfo>>() {}.getType());
assertTrue("no groups visible", result.isEmpty());
assertEquals(HttpStatus.SC_CREATED, session.put(
String.format("/groups/%s/members/%s", newGroupName, user.username)
).getStatusCode());
r = userSession.get("/groups/");
result = (new Gson()).fromJson(r.getReader(), new TypeToken<Map<String, GroupInfo>>() {}.getType());
assertGroups(expectedGroups, result.keySet());
}

13
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/CreateProjectIT.java
View File

@ -34,6 +34,7 @@ import com.google.gerrit.reviewdb.client.Project.InheritableBoolean;
import com.google.gerrit.reviewdb.client.Project.SubmitType;
import com.google.gerrit.server.account.GroupCache;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
import com.google.gson.Gson;
@ -152,16 +153,16 @@ public class CreateProjectIT extends AbstractDaemonTest {
final String newProjectName = "newProject";
ProjectInput in = new ProjectInput();
in.owners = Lists.newArrayListWithCapacity(3);
in.owners.add("Administrators"); // by name
in.owners.add(groupUuid("Registered Users").get()); // by group UUID
in.owners.add(Integer.toString(groupCache.get(new AccountGroup.NameKey("Anonymous Users"))
.getId().get())); // by legacy group ID
in.owners.add("Anonymous Users"); // by name
in.owners.add(SystemGroupBackend.REGISTERED_USERS.get()); // by UUID
in.owners.add(Integer.toString(groupCache.get(
new AccountGroup.NameKey("Administrators")).getId().get())); // by ID
session.put("/projects/" + newProjectName, in);
ProjectState projectState = projectCache.get(new Project.NameKey(newProjectName));
Set<AccountGroup.UUID> expectedOwnerIds = Sets.newHashSetWithExpectedSize(3);
expectedOwnerIds.add(SystemGroupBackend.ANONYMOUS_USERS);
expectedOwnerIds.add(SystemGroupBackend.REGISTERED_USERS);
expectedOwnerIds.add(groupUuid("Administrators"));
expectedOwnerIds.add(groupUuid("Registered Users"));
expectedOwnerIds.add(groupUuid("Anonymous Users"));
assertProjectOwners(expectedOwnerIds, projectState);
}

14
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/DeleteBranchIT.java
View File

@ -27,13 +27,12 @@ import com.google.gerrit.acceptance.TestAccount;
import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.account.GroupCache;
import com.google.gerrit.server.config.AllProjectsNameProvider;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.inject.Inject;
@ -55,9 +54,6 @@ public class DeleteBranchIT extends AbstractDaemonTest {
@Inject
private ProjectCache projectCache;
@Inject
private GroupCache groupCache;
@Inject
private AllProjectsNameProvider allProjects;
@ -164,8 +160,8 @@ public class DeleteBranchIT extends AbstractDaemonTest {
ProjectConfig config = ProjectConfig.read(md);
AccessSection s = config.getAccessSection("refs/heads/*", true);
Permission p = s.getPermission(Permission.PUSH, true);
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Anonymous Users"));
PermissionRule rule = new PermissionRule(config.resolve(adminGroup));
PermissionRule rule = new PermissionRule(config.resolve(
SystemGroupBackend.getGroup(SystemGroupBackend.ANONYMOUS_USERS)));
rule.setForce(true);
rule.setBlock();
p.add(rule);
@ -179,8 +175,8 @@ public class DeleteBranchIT extends AbstractDaemonTest {
ProjectConfig config = ProjectConfig.read(md);
AccessSection s = config.getAccessSection("refs/*", true);
Permission p = s.getPermission(Permission.OWNER, true);
AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Registered Users"));
PermissionRule rule = new PermissionRule(config.resolve(adminGroup));
PermissionRule rule = new PermissionRule(config.resolve(
SystemGroupBackend.getGroup(SystemGroupBackend.REGISTERED_USERS)));
p.add(rule);
config.commit(md);
projectCache.evict(config.getProject());

10
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/ListBranchesIT.java
View File

@ -31,12 +31,11 @@ import com.google.gerrit.acceptance.git.PushOneCommit;
import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.account.GroupCache;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
@ -70,9 +69,6 @@ public class ListBranchesIT extends AbstractDaemonTest {
@Inject
private ProjectCache projectCache;
@Inject
private GroupCache groupCache;
@Inject
private SchemaFactory<ReviewDb> reviewDbProvider;
@ -212,8 +208,8 @@ public class ListBranchesIT extends AbstractDaemonTest {
ProjectConfig config = ProjectConfig.read(md);
AccessSection s = config.getAccessSection(ref, true);
Permission p = s.getPermission(Permission.READ, true);
AccountGroup adminGroup = groupCache.get(AccountGroup.REGISTERED_USERS);
PermissionRule rule = new PermissionRule(config.resolve(adminGroup));
PermissionRule rule = new PermissionRule(config.resolve(
SystemGroupBackend.getGroup(SystemGroupBackend.REGISTERED_USERS)));
rule.setBlock();
p.add(rule);
config.commit(md);

3
gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java
View File

@ -803,8 +803,7 @@ public class Dispatcher {
// for external and system groups the members cannot be
// shown in the web UI).
//
if (AccountGroup.isInternalGroup(group.getGroupUUID())
&& !AccountGroup.isSystemGroup(group.getGroupUUID())) {
if (AccountGroup.isInternalGroup(group.getGroupUUID())) {
Gerrit.display(toGroup(group.getGroupId(), AccountGroupScreen.MEMBERS),
new AccountGroupMembersScreen(group, token));
} else {

3
gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java
View File

@ -214,8 +214,7 @@ public class AccountGroupInfoScreen extends AccountGroupScreen {
ownerTxt.setText(group.owner() != null?group.owner():Util.M.deletedReference(group.getOwnerUUID().get()));
descTxt.setText(group.description());
visibleToAllCheckBox.setValue(group.options().isVisibleToAll());
setMembersTabVisible(AccountGroup.isInternalGroup(group.getGroupUUID())
&& !AccountGroup.isSystemGroup(group.getGroupUUID()));
setMembersTabVisible(AccountGroup.isInternalGroup(group.getGroupUUID()));
enableForm(canModify);
saveName.setVisible(canModify);

3
gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupMembersScreen.java
View File

@ -149,8 +149,7 @@ public class AccountGroupMembersScreen extends AccountGroupScreen {
@Override
protected void display(final GroupInfo group, final boolean canModify) {
if (AccountGroup.isInternalGroup(group.getGroupUUID())
&& !AccountGroup.isSystemGroup(group.getGroupUUID())) {
if (AccountGroup.isInternalGroup(group.getGroupUUID())) {
members.display(Natives.asList(group.members()));
includes.display(Natives.asList(group.includes()));
} else {

3
gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupScreen.java
View File

@ -37,8 +37,7 @@ public abstract class AccountGroupScreen extends MenuScreen {
link(Util.C.groupTabGeneral(), getTabToken(token, INFO));
link(Util.C.groupTabMembers(), membersTabToken,
AccountGroup.isInternalGroup(group.getGroupUUID())
&& !AccountGroup.isSystemGroup(group.getGroupUUID()));
AccountGroup.isInternalGroup(group.getGroupUUID()));
}
private String getTabToken(final String token, final String tab) {

4
gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ReviewProjectAccess.java
View File

@ -19,7 +19,6 @@ import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.PatchSet;
@ -37,6 +36,7 @@ import com.google.gerrit.server.config.AllProjectsNameProvider;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.index.ChangeIndexer;
import com.google.gerrit.server.mail.CreateChangeSender;
import com.google.gerrit.server.patch.PatchSetInfoFactory;
@ -187,7 +187,7 @@ public class ReviewProjectAccess extends ProjectAccessHandler<Change.Id> {
private void addProjectOwnersAsReviewers(Change change) {
final String projectOwners =
groupBackend.get(AccountGroup.PROJECT_OWNERS).getName();
groupBackend.get(SystemGroupBackend.PROJECT_OWNERS).getName();
try {
ChangeResource rsrc =
new ChangeResource(changeFactory.controlFor(change, user));

60
gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountGroup.java
View File

@ -81,13 +81,7 @@ public final class AccountGroup {
/** @return true if the UUID is for a group managed within Gerrit. */
public static boolean isInternalGroup(AccountGroup.UUID uuid) {
return uuid.get().startsWith("global:")
|| uuid.get().matches("^[0-9a-f]{40}$");
}
/** @return true if the UUID is for a system group managed within Gerrit. */
public static boolean isSystemGroup(AccountGroup.UUID uuid) {
return uuid.get().startsWith("global:");
return uuid.get().matches("^[0-9a-f]{40}$");
}
/** Synthetic key to link to within the database */
@ -122,45 +116,6 @@ public final class AccountGroup {
}
}
public static enum Type {
/**
* System defined and managed group, e.g. anonymous users.
* <p>
* These groups must be explicitly named by {@link SystemConfig} and are
* specially handled throughout the code. In UI contexts their membership is
* not displayed. When computing effective group membership for any given
* user account, these groups are automatically handled using specialized
* branch conditions.
*/
SYSTEM,
/**
* Group defined within our database.
* <p>
* An internal group has its membership fully enumerated in the database.
* The membership can be viewed and edited through the web UI by any user
* who is a member of the owner group. These groups are not treated special
* in the code.
*/
INTERNAL
}
/** Common UUID assigned to the "Project Owners" placeholder group. */
public static final AccountGroup.UUID PROJECT_OWNERS =
new AccountGroup.UUID("global:Project-Owners");
/** Common UUID assigned to the "Change Owner" placeholder group. */
public static final AccountGroup.UUID CHANGE_OWNER =
new AccountGroup.UUID("global:Change-Owner");
/** Common UUID assigned to the "Anonymous Users" group. */
public static final AccountGroup.UUID ANONYMOUS_USERS =
new AccountGroup.UUID("global:Anonymous-Users");
/** Common UUID assigned to the "Registered Users" group. */
public static final AccountGroup.UUID REGISTERED_USERS =
new AccountGroup.UUID("global:Registered-Users");
/** Unique name of this group within the system. */
@Column(id = 1)
protected NameKey name;
@ -173,10 +128,6 @@ public final class AccountGroup {
@Column(id = 4, length = Integer.MAX_VALUE, notNull = false)
protected String description;
/** Is the membership managed by some external means? */
@Column(id = 5, length = 8)
protected String groupType;
@Column(id = 7)
protected boolean visibleToAll;
@ -202,7 +153,6 @@ public final class AccountGroup {
visibleToAll = false;
groupUUID = uuid;
ownerGroupUUID = groupUUID;
setType(Type.INTERNAL);
}
public AccountGroup.Id getId() {
@ -237,14 +187,6 @@ public final class AccountGroup {
ownerGroupUUID = uuid;
}
public Type getType() {
return Type.valueOf(groupType);
}
public void setType(final Type t) {
groupType = t.name();
}
public void setVisibleToAll(final boolean visibleToAll) {
this.visibleToAll = visibleToAll;
}

4
gerrit-server/src/main/java/com/google/gerrit/server/AnonymousUser.java
View File

@ -14,12 +14,12 @@
package com.google.gerrit.server;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.AccountProjectWatch;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.server.account.CapabilityControl;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.account.ListGroupMembership;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.inject.Inject;
import java.util.Collection;
@ -35,7 +35,7 @@ public class AnonymousUser extends CurrentUser {
@Override
public GroupMembership getEffectiveGroups() {
return new ListGroupMembership(Collections.singleton(AccountGroup.ANONYMOUS_USERS));
return new ListGroupMembership(Collections.singleton(SystemGroupBackend.ANONYMOUS_USERS));
}
@Override

6
gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java
View File

@ -20,7 +20,6 @@ import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.data.AccountInfo;
import com.google.gerrit.reviewdb.client.Account;
import com.google.gerrit.reviewdb.client.AccountDiffPreference;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.AccountProjectWatch;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.StarredChange;
@ -35,6 +34,7 @@ import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.config.AnonymousCowardName;
import com.google.gerrit.server.config.AuthConfig;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gwtorm.server.OrmException;
import com.google.gwtorm.server.ResultSet;
import com.google.inject.Inject;
@ -174,8 +174,8 @@ public class IdentifiedUser extends CurrentUser {
private static final GroupMembership registeredGroups =
new ListGroupMembership(ImmutableSet.of(
AccountGroup.ANONYMOUS_USERS,
AccountGroup.REGISTERED_USERS));
SystemGroupBackend.ANONYMOUS_USERS,
SystemGroupBackend.REGISTERED_USERS));
private final Provider<String> canonicalUrl;
private final AccountCache accountCache;

7
gerrit-server/src/main/java/com/google/gerrit/server/account/AccountCacheImpl.java
View File

@ -118,7 +118,7 @@ public class AccountCacheImpl implements AccountCache {
private static AccountState missing(Account.Id accountId) {
Account account = new Account(accountId, TimeUtil.nowTs());
Collection<AccountExternalId> ids = Collections.emptySet();
Set<AccountGroup.UUID> anon = ImmutableSet.of(AccountGroup.ANONYMOUS_USERS);
Set<AccountGroup.UUID> anon = ImmutableSet.of();
return new AccountState(account, anon, ids);
}
@ -167,13 +167,10 @@ public class AccountCacheImpl implements AccountCache {
for (AccountGroupMember g : db.accountGroupMembers().byAccount(who)) {
final AccountGroup.Id groupId = g.getAccountGroupId();
final AccountGroup group = groupCache.get(groupId);
if (group != null && group.getType() == AccountGroup.Type.INTERNAL) {
if (group != null) {
internalGroups.add(group.getGroupUUID());
}
}
internalGroups.add(AccountGroup.REGISTERED_USERS);
internalGroups.add(AccountGroup.ANONYMOUS_USERS);
internalGroups = Collections.unmodifiableSet(internalGroups);
return new AccountState(account, internalGroups, externalIds);

17
gerrit-server/src/main/java/com/google/gerrit/server/account/AccountControl.java
View File

@ -14,6 +14,8 @@
package com.google.gerrit.server.account;
import com.google.common.base.Predicate;
import com.google.common.collect.Sets;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.common.errors.NoSuchGroupException;
import com.google.gerrit.reviewdb.client.Account;
@ -21,10 +23,12 @@ import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.git.AccountsSection;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.util.HashSet;
import java.util.Set;
/** Access control management for one account's access to other accounts. */
@ -106,8 +110,6 @@ public class AccountControl {
return true;
case SAME_GROUP: {
Set<AccountGroup.UUID> usersGroups = groupsOf(otherUser);
usersGroups.remove(AccountGroup.ANONYMOUS_USERS);
usersGroups.remove(AccountGroup.REGISTERED_USERS);
for (PermissionRule rule : accountsSection.getSameGroupVisibility()) {
if (rule.isBlock() || rule.isDeny()) {
usersGroups.remove(rule.getGroup().getUUID());
@ -121,8 +123,6 @@ public class AccountControl {
}
case VISIBLE_GROUP: {
Set<AccountGroup.UUID> usersGroups = groupsOf(otherUser);
usersGroups.remove(AccountGroup.ANONYMOUS_USERS);
usersGroups.remove(AccountGroup.REGISTERED_USERS);
for (AccountGroup.UUID usersGroup : usersGroups) {
try {
if (groupControlFactory.controlFor(usersGroup).isVisible()) {
@ -143,6 +143,13 @@ public class AccountControl {
}
private Set<AccountGroup.UUID> groupsOf(Account.Id account) {
return userFactory.create(account).getEffectiveGroups().getKnownGroups();
return new HashSet<>(Sets.filter(
userFactory.create(account).getEffectiveGroups().getKnownGroups(),
new Predicate<AccountGroup.UUID>() {
@Override
public boolean apply(AccountGroup.UUID in) {
return !SystemGroupBackend.isSystemGroup(in);
}
}));
}
}

7
gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityCollection.java
View File

@ -20,7 +20,7 @@ import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRange;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.group.SystemGroupBackend;
import java.util.ArrayList;
import java.util.Arrays;
@ -86,9 +86,8 @@ public class CapabilityCollection {
return r != null ? r : Collections.<PermissionRule> emptyList();
}
private static final GroupReference anonymous = new GroupReference(
AccountGroup.ANONYMOUS_USERS,
"Anonymous Users");
private static final GroupReference anonymous = SystemGroupBackend
.getGroup(SystemGroupBackend.ANONYMOUS_USERS);
private static void configureDefaults(Map<String, List<PermissionRule>> out,
AccessSection section) {

9
gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
View File

@ -19,7 +19,6 @@ import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Iterables;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.common.data.PermissionRange;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.common.data.PermissionRule.Action;
@ -27,6 +26,7 @@ import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.PeerDaemonUser;
import com.google.gerrit.server.git.QueueProvider;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectCache;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
@ -177,7 +177,7 @@ public class CapabilityControl {
if (match(groups, r)) {
switch (r.getAction()) {
case INTERACTIVE:
if (!isGenericGroup(r.getGroup())) {
if (!SystemGroupBackend.isAnonymousOrRegistered(r.getGroup())) {
return QueueProvider.QueueType.INTERACTIVE;
}
break;
@ -202,11 +202,6 @@ public class CapabilityControl {
}
}
private static boolean isGenericGroup(GroupReference group) {
return AccountGroup.ANONYMOUS_USERS.equals(group.getUUID())
|| AccountGroup.REGISTERED_USERS.equals(group.getUUID());
}
/** True if the user has this permission. Works only for non labels. */
public boolean canPerform(String permissionName) {
return !access(permissionName).isEmpty();

4
gerrit-server/src/main/java/com/google/gerrit/server/account/GroupCacheImpl.java
View File

@ -172,9 +172,7 @@ public class GroupCacheImpl implements GroupCache {
private static AccountGroup missing(AccountGroup.Id key) {
AccountGroup.NameKey name = new AccountGroup.NameKey("Deleted Group" + key);
AccountGroup g = new AccountGroup(name, key, null);
g.setType(AccountGroup.Type.SYSTEM);
return g;
return new AccountGroup(name, key, null);
}
static class ByIdLoader extends

10
gerrit-server/src/main/java/com/google/gerrit/server/account/GroupDetailFactory.java
View File

@ -75,14 +75,8 @@ public class GroupDetailFactory implements Callable<GroupDetail> {
if (ownerGroup != null) {
detail.setOwnerGroup(GroupReference.forGroup(ownerGroup));
}
switch (group.getType()) {
case INTERNAL:
detail.setMembers(loadMembers());
detail.setIncludes(loadIncludes());
break;
case SYSTEM:
break;
}
detail.setMembers(loadMembers());
detail.setIncludes(loadIncludes());
detail.setAccounts(aic.create());
detail.setCanModify(control.isOwner());
return detail;

5
gerrit-server/src/main/java/com/google/gerrit/server/account/GroupMembers.java
View File

@ -22,6 +22,7 @@ import com.google.gerrit.reviewdb.client.AccountGroupById;
import com.google.gerrit.reviewdb.client.AccountGroupMember;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.gerrit.server.project.ProjectControl;
import com.google.gwtorm.server.OrmException;
@ -66,7 +67,7 @@ public class GroupMembers {
private Set<Account> listAccounts(final AccountGroup.UUID groupUUID,
final Project.NameKey project, final Set<AccountGroup.UUID> seen)
throws NoSuchGroupException, OrmException, NoSuchProjectException, IOException {
if (AccountGroup.PROJECT_OWNERS.equals(groupUUID)) {
if (SystemGroupBackend.PROJECT_OWNERS.equals(groupUUID)) {
return getProjectOwners(project, seen);
} else {
AccountGroup group = groupCache.get(groupUUID);
@ -81,7 +82,7 @@ public class GroupMembers {
private Set<Account> getProjectOwners(final Project.NameKey project,
final Set<AccountGroup.UUID> seen) throws NoSuchProjectException,
NoSuchGroupException, OrmException, IOException {
seen.add(AccountGroup.PROJECT_OWNERS);
seen.add(SystemGroupBackend.PROJECT_OWNERS);
if (project == null) {
return Collections.emptySet();
}

4
gerrit-server/src/main/java/com/google/gerrit/server/change/PostReviewers.java
View File

@ -48,6 +48,7 @@ import com.google.gerrit.server.change.ReviewerJson.PostResult;
import com.google.gerrit.server.change.ReviewerJson.ReviewerInfo;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.group.GroupsCollection;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.index.ChangeIndexer;
import com.google.gerrit.server.mail.AddReviewerSender;
import com.google.gerrit.server.project.ChangeControl;
@ -305,8 +306,7 @@ public class PostReviewers implements RestModifyView<ChangeResource, Input> {
}
public static boolean isLegalReviewerGroup(AccountGroup.UUID groupUUID) {
return !(AccountGroup.ANONYMOUS_USERS.equals(groupUUID)
|| AccountGroup.REGISTERED_USERS.equals(groupUUID));
return !SystemGroupBackend.isSystemGroup(groupUUID);
}
private PatchSetApproval dummyApproval(ChangeControl ctl,

2
gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java
View File

@ -87,6 +87,7 @@ import com.google.gerrit.server.git.validators.CommitValidators;
import com.google.gerrit.server.git.validators.MergeValidationListener;
import com.google.gerrit.server.git.validators.MergeValidators;
import com.google.gerrit.server.git.validators.MergeValidators.ProjectConfigValidator;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.mail.AddReviewerSender;
import com.google.gerrit.server.mail.CommitMessageEditedSender;
import com.google.gerrit.server.mail.CreateChangeSender;
@ -203,6 +204,7 @@ public class GerritGlobalModule extends FactoryModule {
DynamicSet.setOf(binder(), GroupBackend.class);
bind(InternalGroupBackend.class).in(SINGLETON);
DynamicSet.bind(binder(), GroupBackend.class).to(SystemGroupBackend.class);
DynamicSet.bind(binder(), GroupBackend.class).to(InternalGroupBackend.class);
bind(FileTypeRegistry.class).to(MimeUtilFileTypeRegistry.class);

4
gerrit-server/src/main/java/com/google/gerrit/server/config/GitReceivePackGroupsProvider.java
View File

@ -14,8 +14,8 @@
package com.google.gerrit.server.config;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.util.ServerRequestContext;
import com.google.gerrit.server.util.ThreadLocalRequestContext;
import com.google.inject.Inject;
@ -35,7 +35,7 @@ public class GitReceivePackGroupsProvider extends GroupSetProvider {
// If no group was set, default to "registered users"
//
if (groupIds.isEmpty()) {
groupIds = Collections.singleton(AccountGroup.REGISTERED_USERS);
groupIds = Collections.singleton(SystemGroupBackend.REGISTERED_USERS);
}
}
}

13
gerrit-server/src/main/java/com/google/gerrit/server/config/GitUploadPackGroupsProvider.java
View File

@ -14,17 +14,15 @@
package com.google.gerrit.server.config;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.util.ServerRequestContext;
import com.google.gerrit.server.util.ThreadLocalRequestContext;
import com.google.inject.Inject;
import org.eclipse.jgit.lib.Config;
import java.util.Collections;
import java.util.HashSet;
public class GitUploadPackGroupsProvider extends GroupSetProvider {
@Inject
public GitUploadPackGroupsProvider(GroupBackend gb,
@ -36,10 +34,9 @@ public class GitUploadPackGroupsProvider extends GroupSetProvider {
// If no group was set, default to "registered users" and "anonymous"
//
if (groupIds.isEmpty()) {
HashSet<AccountGroup.UUID> all = new HashSet<AccountGroup.UUID>();
all.add(AccountGroup.REGISTERED_USERS);
all.add(AccountGroup.ANONYMOUS_USERS);
groupIds = Collections.unmodifiableSet(all);
groupIds = ImmutableSet.of(
SystemGroupBackend.REGISTERED_USERS,
SystemGroupBackend.ANONYMOUS_USERS);
}
}
}

6
gerrit-server/src/main/java/com/google/gerrit/server/group/ListGroups.java
View File

@ -72,9 +72,6 @@ public class ListGroups implements RestReadView<TopLevelResource> {
@Option(name = "--visible-to-all", usage = "to list only groups that are visible to all registered users")
private boolean visibleToAll;
@Option(name = "--type", usage = "type of group")
private AccountGroup.Type groupType;
@Option(name = "--user", aliases = {"-u"},
usage = "user for which the groups should be listed")
private Account.Id user;
@ -214,8 +211,7 @@ public class ListGroups implements RestReadView<TopLevelResource> {
continue;
}
}
if ((visibleToAll && !group.isVisibleToAll())
|| (groupType != null && !groupType.equals(group.getType()))) {
if (visibleToAll && !group.isVisibleToAll()) {
continue;
}
if (!groupsToInspect.isEmpty()

155
gerrit-server/src/main/java/com/google/gerrit/server/group/SystemGroupBackend.java Normal file
View File

@ -0,0 +1,155 @@
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.group;
import static com.google.common.base.Preconditions.checkNotNull;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.common.data.GroupDescription;
import com.google.gerrit.common.data.GroupReference;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.GroupBackend;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.account.ListGroupMembership;
import com.google.gerrit.server.project.ProjectControl;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.SortedMap;
import java.util.TreeMap;
public class SystemGroupBackend implements GroupBackend {
/** Common UUID assigned to the "Anonymous Users" group. */
public static final AccountGroup.UUID ANONYMOUS_USERS =
new AccountGroup.UUID("global:Anonymous-Users");
/** Common UUID assigned to the "Registered Users" group. */
public static final AccountGroup.UUID REGISTERED_USERS =
new AccountGroup.UUID("global:Registered-Users");
/** Common UUID assigned to the "Project Owners" placeholder group. */
public static final AccountGroup.UUID PROJECT_OWNERS =
new AccountGroup.UUID("global:Project-Owners");
/** Common UUID assigned to the "Change Owner" placeholder group. */
public static final AccountGroup.UUID CHANGE_OWNER =
new AccountGroup.UUID("global:Change-Owner");
private static final SortedMap<String, GroupReference> names;
private static final ImmutableMap<AccountGroup.UUID, GroupReference> uuids;
static {
SortedMap<String, GroupReference> n = new TreeMap<>();
ImmutableMap.Builder<AccountGroup.UUID, GroupReference> u =
ImmutableMap.builder();
AccountGroup.UUID[] all = {
ANONYMOUS_USERS,
REGISTERED_USERS,
PROJECT_OWNERS,
CHANGE_OWNER,
};
for (AccountGroup.UUID uuid : all) {
int c = uuid.get().indexOf(':');
String name = uuid.get().substring(c + 1).replace('-', ' ');
GroupReference ref = new GroupReference(uuid, name);
n.put(ref.getName().toLowerCase(Locale.US), ref);
u.put(ref.getUUID(), ref);
}
names = Collections.unmodifiableSortedMap(n);
uuids = u.build();
}
public static boolean isSystemGroup(AccountGroup.UUID uuid) {
return uuid.get().startsWith("global:");
}
public static boolean isAnonymousOrRegistered(GroupReference ref) {
return isAnonymousOrRegistered(ref.getUUID());
}
public static boolean isAnonymousOrRegistered(AccountGroup.UUID uuid) {
return ANONYMOUS_USERS.equals(uuid) || REGISTERED_USERS.equals(uuid);
}
public static GroupReference getGroup(AccountGroup.UUID uuid) {
return checkNotNull(uuids.get(uuid), "group %s not found", uuid.get());
}
@Override
public boolean handles(AccountGroup.UUID uuid) {
return isSystemGroup(uuid);
}
@Override
public GroupDescription.Basic get(AccountGroup.UUID uuid) {
final GroupReference ref = getGroup(uuid);
if (ref != null) {
return new GroupDescription.Basic() {
@Override
public String getName() {
return ref.getName();
}
@Override
public AccountGroup.UUID getGroupUUID() {
return ref.getUUID();
}
@Override
public String getUrl() {
return null;
}
@Override
public String getEmailAddress() {
return null;
}
};
}
return null;
}
@Override
public Collection<GroupReference> suggest(String name, ProjectControl project) {
String nameLC = name.toLowerCase(Locale.US);
SortedMap<String, GroupReference> matches = names.tailMap(nameLC);
if (matches.isEmpty()) {
return Collections.emptyList();
}
List<GroupReference> r = new ArrayList<>(matches.size());
for (Map.Entry<String, GroupReference> e : matches.entrySet()) {
if (e.getKey().startsWith(nameLC)) {
r.add(e.getValue());
} else {
break;
}
}
return r;
}
@Override
public GroupMembership membershipsOf(IdentifiedUser user) {
return new ListGroupMembership(ImmutableSet.of(
ANONYMOUS_USERS,
REGISTERED_USERS));
}
}

5
gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
View File

@ -37,6 +37,7 @@ import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.config.GitReceivePackGroups;
import com.google.gerrit.server.config.GitUploadPackGroups;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.assistedinject.Assisted;
@ -471,9 +472,9 @@ public class ProjectControl {
}
boolean match(AccountGroup.UUID uuid, boolean isChangeOwner) {
if (AccountGroup.PROJECT_OWNERS.equals(uuid)) {
if (SystemGroupBackend.PROJECT_OWNERS.equals(uuid)) {
return isDeclaredOwner();
} else if (AccountGroup.CHANGE_OWNER.equals(uuid)) {
} else if (SystemGroupBackend.CHANGE_OWNER.equals(uuid)) {
return isChangeOwner;
} else {
return user.getEffectiveGroups().contains(uuid);

5
gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
View File

@ -22,12 +22,12 @@ import com.google.gerrit.common.data.PermissionRange;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.common.data.RefConfigSection;
import com.google.gerrit.common.errors.InvalidNameException;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.InternalUser;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.group.SystemGroupBackend;
import dk.brics.automaton.RegExp;
@ -125,8 +125,7 @@ public class RefControl {
for (PermissionRule rule : access) {
if (rule.isBlock()) {
blocks.add(relevant.getRuleProps(rule));
} else if (rule.getGroup().getUUID().equals(AccountGroup.ANONYMOUS_USERS)
|| rule.getGroup().getUUID().equals(AccountGroup.REGISTERED_USERS)) {
} else if (SystemGroupBackend.isAnonymousOrRegistered(rule.getGroup())) {
allows.add(relevant.getRuleProps(rule));
}
}

17
gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java
View File

@ -24,7 +24,6 @@ import com.google.gerrit.common.data.LabelValue;
import com.google.gerrit.common.data.Permission;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.common.data.PermissionRule.Action;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.client.Project.InheritableBoolean;
import com.google.gerrit.server.GerritPersonIdent;
@ -33,6 +32,10 @@ import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.SystemGroupBackend;
import static com.google.gerrit.server.group.SystemGroupBackend.*;
import com.google.inject.Inject;
import org.eclipse.jgit.errors.ConfigInvalidException;
@ -65,15 +68,9 @@ public class AllProjectsCreator {
this.allProjectsName = allProjectsName;
this.serverUser = serverUser;
this.anonymous = new GroupReference(
AccountGroup.ANONYMOUS_USERS,
"Anonymous Users");
this.registered = new GroupReference(
AccountGroup.REGISTERED_USERS,
"Registered Users");
this.owners = new GroupReference(
AccountGroup.PROJECT_OWNERS,
"Project Owners");
this.anonymous = SystemGroupBackend.getGroup(ANONYMOUS_USERS);
this.registered = SystemGroupBackend.getGroup(REGISTERED_USERS);
this.owners = SystemGroupBackend.getGroup(PROJECT_OWNERS);
}
public AllProjectsCreator setAdministrators(GroupReference admin) {

40
gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java
View File

@ -48,11 +48,7 @@ public class SchemaCreator {
private final int versionNbr;
private AccountGroup admin;
private AccountGroup anonymous;
private AccountGroup registered;
private AccountGroup owners;
private AccountGroup batch;
private AccountGroup changeOwner;
@Inject
public SchemaCreator(SitePaths site,
@ -111,53 +107,17 @@ public class SchemaCreator {
private SystemConfig initSystemConfig(final ReviewDb c) throws OrmException {
admin = newGroup(c, "Administrators", null);
admin.setDescription("Gerrit Site Administrators");
admin.setType(AccountGroup.Type.INTERNAL);
c.accountGroups().insert(Collections.singleton(admin));
c.accountGroupNames().insert(
Collections.singleton(new AccountGroupName(admin)));
anonymous =
newGroup(c, "Anonymous Users", AccountGroup.ANONYMOUS_USERS);
anonymous.setDescription("Any user, signed-in or not");
anonymous.setOwnerGroupUUID(admin.getGroupUUID());
anonymous.setType(AccountGroup.Type.SYSTEM);
c.accountGroups().insert(Collections.singleton(anonymous));
c.accountGroupNames().insert(
Collections.singleton(new AccountGroupName(anonymous)));
registered =
newGroup(c, "Registered Users", AccountGroup.REGISTERED_USERS);
registered.setDescription("Any signed-in user");
registered.setOwnerGroupUUID(admin.getGroupUUID());
registered.setType(AccountGroup.Type.SYSTEM);
c.accountGroups().insert(Collections.singleton(registered));
c.accountGroupNames().insert(
Collections.singleton(new AccountGroupName(registered)));
batch = newGroup(c, "Non-Interactive Users", null);
batch.setDescription("Users who perform batch actions on Gerrit");
batch.setOwnerGroupUUID(admin.getGroupUUID());
batch.setType(AccountGroup.Type.INTERNAL);
c.accountGroups().insert(Collections.singleton(batch));
c.accountGroupNames().insert(
Collections.singleton(new AccountGroupName(batch)));
owners = newGroup(c, "Project Owners", AccountGroup.PROJECT_OWNERS);
owners.setDescription("Any owner of the project");
owners.setOwnerGroupUUID(admin.getGroupUUID());
owners.setType(AccountGroup.Type.SYSTEM);
c.accountGroups().insert(Collections.singleton(owners));
c.accountGroupNames().insert(
Collections.singleton(new AccountGroupName(owners)));
changeOwner = newGroup(c, "Change Owner", AccountGroup.CHANGE_OWNER);
changeOwner.setDescription("The owner of a change");
changeOwner.setOwnerGroupUUID(admin.getGroupUUID());
changeOwner.setType(AccountGroup.Type.SYSTEM);
c.accountGroups().insert(Collections.singleton(changeOwner));
c.accountGroupNames().insert(
Collections.singleton(new AccountGroupName(changeOwner)));
final SystemConfig s = SystemConfig.create();
try {
s.sitePath = site_path.getCanonicalPath();

2
gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaVersion.java
View File

@ -32,7 +32,7 @@ import java.util.List;
/** A version of the database schema. */
public abstract class SchemaVersion {
/** The current schema version. */
public static final Class<Schema_86> C = Schema_86.class;
public static final Class<Schema_87> C = Schema_87.class;
public static class Module extends AbstractModule {
@Override

7
gerrit-server/src/main/java/com/google/gerrit/server/schema/Schema_53.java
View File

@ -43,6 +43,7 @@ import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.schema.Schema_77.LegacyLabelTypes;
import com.google.gwtorm.jdbc.JdbcSchema;
import com.google.gwtorm.server.OrmException;
@ -124,14 +125,14 @@ class Schema_53 extends SchemaVersion {
List<AccountGroup> groups = db.accountGroups().all().toList();
for (AccountGroup g : groups) {
if (g.getId().equals(systemConfig.ownerGroupId)) {
g.setGroupUUID(AccountGroup.PROJECT_OWNERS);
g.setGroupUUID(SystemGroupBackend.PROJECT_OWNERS);
projectOwners = GroupReference.forGroup(g);
} else if (g.getId().equals(systemConfig.anonymousGroupId)) {
g.setGroupUUID(AccountGroup.ANONYMOUS_USERS);
g.setGroupUUID(SystemGroupBackend.ANONYMOUS_USERS);
} else if (g.getId().equals(systemConfig.registeredGroupId)) {
g.setGroupUUID(AccountGroup.REGISTERED_USERS);
g.setGroupUUID(SystemGroupBackend.REGISTERED_USERS);
} else {
g.setGroupUUID(GroupUUID.make(g.getName(), serverUser));

5
gerrit-server/src/main/java/com/google/gerrit/server/schema/Schema_69.java
View File

@ -193,11 +193,8 @@ public class Schema_69 extends SchemaVersion {
for (AccountGroup.UUID uuid : resolveToUpdate) {
AccountGroup group = resolveGroups.get(uuid);
group.setType(AccountGroup.Type.INTERNAL);
toUpdate.add(group);
ui.message(String.format(
"*** Group has no DN and is inuse. Updated to be INTERNAL: %s",
"*** Group has no DN and is in use: %s",
group.getName()));
}

94
gerrit-server/src/main/java/com/google/gerrit/server/schema/Schema_86.java
View File

@ -14,104 +14,12 @@
package com.google.gerrit.server.schema;
import com.google.gerrit.common.data.AccessSection;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.common.data.PermissionRule.Action;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.AccountGroupName;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
import com.google.gerrit.server.git.GitRepositoryManager;
import com.google.gerrit.server.git.MetaDataUpdate;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.Repository;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
public class Schema_86 extends SchemaVersion {
private final AllProjectsName allProjects;
private final GitRepositoryManager mgr;
private final PersonIdent serverUser;
@Inject
Schema_86(Provider<Schema_85> prior,
AllProjectsName allProjects,
GitRepositoryManager mgr,
@GerritPersonIdent PersonIdent serverUser) {
Schema_86(Provider<Schema_85> prior) {
super(prior);
this.allProjects = allProjects;
this.mgr = mgr;
this.serverUser = serverUser;
}
@Override
protected void migrateData(ReviewDb db, UpdateUI ui) throws OrmException {
Repository git;
try {
git = mgr.openRepository(allProjects);
} catch (IOException e) {
throw new OrmException(e);
}
try {
MetaDataUpdate md =
new MetaDataUpdate(GitReferenceUpdated.DISABLED, allProjects, git);
ProjectConfig config = ProjectConfig.read(md);
// Create the CHANGE OWNER group.
AccountGroup.UUID adminGroupUUID = findAdminGroup(db, config);
createGroup(db, "Change Owner", adminGroupUUID,
"The owner of a change");
} catch (IOException e) {
throw new OrmException(e);
} catch (ConfigInvalidException e) {
throw new OrmException(e);
} finally {
git.close();
}
}
private AccountGroup createGroup(ReviewDb db, String groupName,
AccountGroup.UUID adminGroupUUID, String description) throws OrmException {
AccountGroup.Id groupId = new AccountGroup.Id(db.nextAccountGroupId());
AccountGroup.NameKey nameKey = new AccountGroup.NameKey(groupName);
AccountGroup group =
new AccountGroup(nameKey, groupId, AccountGroup.CHANGE_OWNER);
group.setOwnerGroupUUID(adminGroupUUID);
group.setDescription(description);
group.setType(AccountGroup.Type.SYSTEM);
AccountGroupName gn = new AccountGroupName(group);
// first insert the group name to validate that the group name hasn't
// already been used to create another group
db.accountGroupNames().insert(Collections.singleton(gn));
db.accountGroups().insert(Collections.singleton(group));
return group;
}
private static AccountGroup.UUID findAdminGroup(
ReviewDb db, ProjectConfig cfg) {
List<PermissionRule> rules = cfg
.getAccessSection(AccessSection.GLOBAL_CAPABILITIES)
.getPermission(GlobalCapability.ADMINISTRATE_SERVER)
.getRules();
for (PermissionRule rule : rules) {
if (rule.getAction() == Action.ALLOW) {
return rule.getGroup().getUUID();
}
}
throw new IllegalStateException("no administrator group found");
}
}

68
gerrit-server/src/main/java/com/google/gerrit/server/schema/Schema_87.java Normal file
View File

@ -0,0 +1,68 @@
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.schema;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gwtorm.jdbc.JdbcSchema;
import com.google.gwtorm.server.OrmException;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
public class Schema_87 extends SchemaVersion {
@Inject
Schema_87(Provider<Schema_86> prior) {
super(prior);
}
@Override
protected void migrateData(ReviewDb db, UpdateUI ui)
throws OrmException, SQLException {
for (AccountGroup.Id id : scanSystemGroups(db)) {
AccountGroup group = db.accountGroups().get(id);
if (group != null
&& SystemGroupBackend.isSystemGroup(group.getGroupUUID())) {
db.accountGroups().delete(Collections.singleton(group));
db.accountGroupNames().deleteKeys(
Collections.singleton(group.getNameKey()));
}
}
}
private Set<AccountGroup.Id> scanSystemGroups(ReviewDb db)
throws SQLException {
JdbcSchema s = (JdbcSchema) db;
Statement stmt = s.getConnection().createStatement();
try {
ResultSet rs =
stmt.executeQuery("SELECT group_id FROM account_groups WHERE group_type = 'SYSTEM'");
Set<AccountGroup.Id> ids = new HashSet<>();
while (rs.next()) {
ids.add(new AccountGroup.Id(rs.getInt(1)));
}
return ids;
} finally {
stmt.close();
}
}
}

7
gerrit-server/src/test/java/com/google/gerrit/rules/GerritCommonTest.java
View File

@ -17,10 +17,10 @@ package com.google.gerrit.rules;
import static com.google.gerrit.common.data.Permission.LABEL;
import static com.google.gerrit.server.project.Util.value;
import static com.google.gerrit.server.project.Util.category;
import static com.google.gerrit.server.project.Util.REGISTERED;
import static com.google.gerrit.server.project.Util.grant;
import com.google.gerrit.server.git.ProjectConfig;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.Util;
import com.google.gerrit.server.util.TimeUtil;
import com.google.gerrit.common.data.LabelType;
@ -29,6 +29,7 @@ import com.google.gerrit.reviewdb.client.Branch;
import com.google.gerrit.reviewdb.client.Change;
import com.google.gerrit.reviewdb.client.Project;
import com.google.inject.AbstractModule;
import org.junit.Before;
import org.junit.Test;
@ -72,8 +73,8 @@ public class GerritCommonTest extends PrologTestCase {
local.getLabelSections().put(V.getName(), V);
local.getLabelSections().put(Q.getName(), Q);
util.add(local);
grant(local, LABEL + V.getName(), -1, +1, REGISTERED, "refs/heads/*");
grant(local, LABEL + Q.getName(), -1, +1, REGISTERED, "refs/heads/master");
grant(local, LABEL + V.getName(), -1, +1, SystemGroupBackend.REGISTERED_USERS, "refs/heads/*");
grant(local, LABEL + Q.getName(), -1, +1, SystemGroupBackend.REGISTERED_USERS, "refs/heads/master");
}
@Override

87
gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java
View File

@ -20,13 +20,13 @@ import static com.google.gerrit.common.data.Permission.OWNER;
import static com.google.gerrit.common.data.Permission.PUSH;
import static com.google.gerrit.common.data.Permission.READ;
import static com.google.gerrit.common.data.Permission.SUBMIT;
import static com.google.gerrit.server.project.Util.ANONYMOUS;
import static com.google.gerrit.server.project.Util.REGISTERED;
import static com.google.gerrit.server.project.Util.CHANGE_OWNER;
import static com.google.gerrit.server.group.SystemGroupBackend.ANONYMOUS_USERS;
import static com.google.gerrit.server.group.SystemGroupBackend.CHANGE_OWNER;
import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS;
import static com.google.gerrit.server.project.Util.ADMIN;
import static com.google.gerrit.server.project.Util.DEVS;
import static com.google.gerrit.server.project.Util.grant;
import static com.google.gerrit.server.project.Util.doNotInherit;
import static com.google.gerrit.server.project.Util.grant;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@ -36,6 +36,7 @@ import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.git.ProjectConfig;
import org.junit.Before;
import org.junit.Test;
@ -123,9 +124,9 @@ public class RefControlTest {
@Test
public void testInheritRead_SingleBranchDeniesUpload() {
grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
grant(util.getParentConfig(), PUSH, REGISTERED, "refs/for/refs/*");
grant(local, READ, REGISTERED, "refs/heads/foobar");
grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
grant(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
grant(local, READ, REGISTERED_USERS, "refs/heads/foobar");
doNotInherit(local, READ, "refs/heads/foobar");
doNotInherit(local, PUSH, "refs/for/refs/heads/foobar");
@ -141,9 +142,9 @@ public class RefControlTest {
@Test
public void testInheritRead_SingleBranchDoesNotOverrideInherited() {
grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
grant(util.getParentConfig(), PUSH, REGISTERED, "refs/for/refs/*");
grant(local, READ, REGISTERED, "refs/heads/foobar");
grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
grant(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
grant(local, READ, REGISTERED_USERS, "refs/heads/foobar");
ProjectControl u = util.user(local);
assertTrue("can upload", u.canPushToAtLeastOneRef() == Capable.OK);
@ -170,8 +171,8 @@ public class RefControlTest {
@Test
public void testInheritRead_OverrideWithDeny() {
grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
grant(local, READ, REGISTERED, "refs/*").setDeny();
grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
grant(local, READ, REGISTERED_USERS, "refs/*").setDeny();
ProjectControl u = util.user(local);
assertFalse("can't read", u.isVisible());
@ -179,8 +180,8 @@ public class RefControlTest {
@Test
public void testInheritRead_AppendWithDenyOfRef() {
grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
grant(local, READ, REGISTERED, "refs/heads/*").setDeny();
grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
grant(local, READ, REGISTERED_USERS, "refs/heads/*").setDeny();
ProjectControl u = util.user(local);
assertTrue("can read", u.isVisible());
@ -191,9 +192,9 @@ public class RefControlTest {
@Test
public void testInheritRead_OverridesAndDeniesOfRef() {
grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
grant(local, READ, REGISTERED, "refs/*").setDeny();
grant(local, READ, REGISTERED, "refs/heads/*");
grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
grant(local, READ, REGISTERED_USERS, "refs/*").setDeny();
grant(local, READ, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local);
assertTrue("can read", u.isVisible());
@ -204,9 +205,9 @@ public class RefControlTest {
@Test
public void testInheritSubmit_OverridesAndDeniesOfRef() {
grant(util.getParentConfig(), SUBMIT, REGISTERED, "refs/*");
grant(local, SUBMIT, REGISTERED, "refs/*").setDeny();
grant(local, SUBMIT, REGISTERED, "refs/heads/*");
grant(util.getParentConfig(), SUBMIT, REGISTERED_USERS, "refs/*");
grant(local, SUBMIT, REGISTERED_USERS, "refs/*").setDeny();
grant(local, SUBMIT, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local);
assertFalse("can't submit", u.controlForRef("refs/foobar").canSubmit());
@ -216,7 +217,7 @@ public class RefControlTest {
@Test
public void testCannotUploadToAnyRef() {
grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
grant(local, READ, DEVS, "refs/heads/*");
grant(local, PUSH, DEVS, "refs/for/refs/heads/*");
@ -247,7 +248,7 @@ public class RefControlTest {
@Test
public void testSortWithRegex() {
grant(local, READ, DEVS, "^refs/heads/.*");
grant(util.getParentConfig(), READ, ANONYMOUS, "^refs/heads/.*-QA-.*");
grant(util.getParentConfig(), READ, ANONYMOUS_USERS, "^refs/heads/.*-QA-.*");
ProjectControl u = util.user(local, DEVS), d = util.user(local, DEVS);
assertTrue("u can read", u.controlForRef("refs/heads/foo-QA-bar").isVisible());
@ -257,7 +258,7 @@ public class RefControlTest {
@Test
public void testBlockRule_ParentBlocksChild() {
grant(local, PUSH, DEVS, "refs/tags/*");
grant(util.getParentConfig(), PUSH, ANONYMOUS, "refs/tags/*").setBlock();
grant(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/tags/*").setBlock();
ProjectControl u = util.user(local, DEVS);
assertFalse("u can't force update tag", u.controlForRef("refs/tags/V10").canForceUpdate());
@ -279,7 +280,7 @@ public class RefControlTest {
@Test
public void testUnblockNoForce() {
grant(local, PUSH, ANONYMOUS, "refs/heads/*").setBlock();
grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/*").setBlock();
grant(local, PUSH, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
@ -288,7 +289,7 @@ public class RefControlTest {
@Test
public void testUnblockForce() {
PermissionRule r = grant(local, PUSH, ANONYMOUS, "refs/heads/*");
PermissionRule r = grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/*");
r.setBlock();
r.setForce(true);
grant(local, PUSH, DEVS, "refs/heads/*").setForce(true);
@ -299,7 +300,7 @@ public class RefControlTest {
@Test
public void testUnblockForceWithAllowNoForce_NotPossible() {
PermissionRule r = grant(local, PUSH, ANONYMOUS, "refs/heads/*");
PermissionRule r = grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/*");
r.setBlock();
r.setForce(true);
grant(local, PUSH, DEVS, "refs/heads/*");
@ -310,7 +311,7 @@ public class RefControlTest {
@Test
public void testUnblockMoreSpecificRef_Fails() {
grant(local, PUSH, ANONYMOUS, "refs/heads/*").setBlock();
grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/*").setBlock();
grant(local, PUSH, DEVS, "refs/heads/master");
ProjectControl u = util.user(local, DEVS);
@ -319,7 +320,7 @@ public class RefControlTest {
@Test
public void testUnblockLargerScope_Fails() {
grant(local, PUSH, ANONYMOUS, "refs/heads/master").setBlock();
grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/master").setBlock();
grant(local, PUSH, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
@ -328,7 +329,7 @@ public class RefControlTest {
@Test
public void testUnblockInLocal_Fails() {
grant(util.getParentConfig(), PUSH, ANONYMOUS, "refs/heads/*").setBlock();
grant(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*").setBlock();
grant(local, PUSH, fixers, "refs/heads/*");
ProjectControl f = util.user(local, fixers);
@ -337,7 +338,7 @@ public class RefControlTest {
@Test
public void testUnblockInParentBlockInLocal() {
grant(util.getParentConfig(), PUSH, ANONYMOUS, "refs/heads/*").setBlock();
grant(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*").setBlock();
grant(util.getParentConfig(), PUSH, DEVS, "refs/heads/*");
grant(local, PUSH, DEVS, "refs/heads/*").setBlock();
@ -347,25 +348,25 @@ public class RefControlTest {
@Test
public void testUnblockVisibilityByREGISTEREDUsers() {
grant(local, READ, ANONYMOUS, "refs/heads/*").setBlock();
grant(local, READ, REGISTERED, "refs/heads/*");
grant(local, READ, ANONYMOUS_USERS, "refs/heads/*").setBlock();
grant(local, READ, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local, REGISTERED);
ProjectControl u = util.user(local, REGISTERED_USERS);
assertTrue("u can read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
}
@Test
public void testUnblockInLocalVisibilityByRegisteredUsers_Fails() {
grant(util.getParentConfig(), READ, ANONYMOUS, "refs/heads/*").setBlock();
grant(local, READ, REGISTERED, "refs/heads/*");
grant(util.getParentConfig(), READ, ANONYMOUS_USERS, "refs/heads/*").setBlock();
grant(local, READ, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local, REGISTERED);
ProjectControl u = util.user(local, REGISTERED_USERS);
assertFalse("u can't read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
}
@Test
public void testUnblockForceEditTopicName() {
grant(local, EDIT_TOPIC_NAME, ANONYMOUS, "refs/heads/*").setBlock();
grant(local, EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*").setBlock();
grant(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);
ProjectControl u = util.user(local, DEVS);
@ -375,18 +376,18 @@ public class RefControlTest {
@Test
public void testUnblockInLocalForceEditTopicName_Fails() {
grant(util.getParentConfig(), EDIT_TOPIC_NAME, ANONYMOUS, "refs/heads/*")
grant(util.getParentConfig(), EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*")
.setBlock();
grant(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);
ProjectControl u = util.user(local, REGISTERED);
ProjectControl u = util.user(local, REGISTERED_USERS);
assertFalse("u can't edit topic name", u.controlForRef("refs/heads/master")
.canForceEditTopicName());
}
@Test
public void testUnblockRange() {
grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS, "refs/heads/*").setBlock();
grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS_USERS, "refs/heads/*").setBlock();
grant(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
@ -397,7 +398,7 @@ public class RefControlTest {
@Test
public void testUnblockRangeOnMoreSpecificRef_Fails() {
grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS, "refs/heads/*").setBlock();
grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS_USERS, "refs/heads/*").setBlock();
grant(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/master");
ProjectControl u = util.user(local, DEVS);
@ -408,7 +409,7 @@ public class RefControlTest {
@Test
public void testUnblockRangeOnLargerScope_Fails() {
grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS, "refs/heads/master").setBlock();
grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS_USERS, "refs/heads/master").setBlock();
grant(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
@ -419,7 +420,7 @@ public class RefControlTest {
@Test
public void testUnblockInLocalRange_Fails() {
grant(util.getParentConfig(), LABEL + "Code-Review", -1, 1, ANONYMOUS,
grant(util.getParentConfig(), LABEL + "Code-Review", -1, 1, ANONYMOUS_USERS,
"refs/heads/*").setBlock();
grant(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");

10
gerrit-server/src/test/java/com/google/gerrit/server/project/Util.java
View File

@ -14,6 +14,9 @@
package com.google.gerrit.server.project;
import static com.google.gerrit.server.group.SystemGroupBackend.ANONYMOUS_USERS;
import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.Lists;
@ -54,9 +57,6 @@ import java.util.Map;
import java.util.Set;
public class Util {
public static AccountGroup.UUID ANONYMOUS = AccountGroup.ANONYMOUS_USERS;
public static AccountGroup.UUID CHANGE_OWNER = AccountGroup.CHANGE_OWNER;
public static AccountGroup.UUID REGISTERED = AccountGroup.REGISTERED_USERS;
public static AccountGroup.UUID ADMIN = new AccountGroup.UUID("test.admin");
public static AccountGroup.UUID DEVS = new AccountGroup.UUID("test.devs");
@ -237,8 +237,8 @@ public class Util {
super(capabilityControlFactory);
username = name;
ArrayList<AccountGroup.UUID> groupIds = Lists.newArrayList(groupId);
groupIds.add(REGISTERED);
groupIds.add(ANONYMOUS);
groupIds.add(REGISTERED_USERS);
groupIds.add(ANONYMOUS_USERS);
groups = new ListGroupMembership(groupIds);
}