Inherit project permissions from more than just All Projects

Add the basic functionality to build a tree of projects for easier
administation of access rights.  With this change, any project can
act as a parent project to another.

The way to set a project as a parent of another is done with a
new command: `gerrit set-project-parent`.  Right now there is no
possibility to set or remove the parenthood from the UI.

Bug: issue 273
Change-Id: Iac514de89e24b470339ea53065f8b470de68ab75
Uploaded-by: Ulrik Sjölin <ulrik.sjolin@sonyericsson.com>
Signed-off-by: Shawn O. Pearce <sop@google.com>

gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/AdminSetParent.java

@@ -0,0 +1,138 @@
+// Copyright (C) 2010 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License
+
+package com.google.gerrit.sshd.commands;
+
+import com.google.gerrit.reviewdb.Project;
+import com.google.gerrit.reviewdb.ReviewDb;
+import com.google.gerrit.server.config.WildProjectName;
+import com.google.gerrit.server.project.ProjectCache;
+import com.google.gerrit.server.project.ProjectControl;
+import com.google.gerrit.server.project.ProjectState;
+import com.google.gerrit.sshd.AdminCommand;
+import com.google.gerrit.sshd.BaseCommand;
+import com.google.gwtorm.client.OrmException;
+import com.google.inject.Inject;
+
+import org.apache.sshd.server.Environment;
+import org.kohsuke.args4j.Argument;
+import org.kohsuke.args4j.Option;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+@AdminCommand
+final class AdminSetParent extends BaseCommand {
+  @Option(name = "--parent", aliases = {"-p"}, metaVar = "NAME", usage = "new parent project")
+  private ProjectControl newParent;
+
+  @Argument(index = 0, required = true, multiValued = true, metaVar = "NAME", usage = "projects to modify")
+  private List<ProjectControl> children = new ArrayList<ProjectControl>();
+
+  @Inject
+  private ReviewDb db;
+
+  @Inject
+  private ProjectCache projectCache;
+
+  @Inject
+  @WildProjectName
+  private Project.NameKey wildProject;
+
+  @Override
+  public void start(final Environment env) {
+    startThread(new CommandRunnable() {
+      @Override
+      public void run() throws Exception {
+        parseCommandLine();
+        updateParents();
+      }
+    });
+  }
+
+  private void updateParents() throws OrmException, UnloggedFailure {
+    final StringBuilder err = new StringBuilder();
+    final Set<Project.NameKey> grandParents = new HashSet<Project.NameKey>();
+    Project.NameKey newParentKey;
+
+    grandParents.add(wildProject);
+
+    if (newParent != null) {
+      newParentKey = newParent.getProject().getNameKey();
+
+      // Catalog all grandparents of the "parent", we want to
+      // catch a cycle in the parent pointers before it occurs.
+      //
+      Project.NameKey gp = newParent.getProject().getParent();
+      while (gp != null && grandParents.add(gp)) {
+        final ProjectState s = projectCache.get(gp);
+        if (s != null) {
+          gp = s.getProject().getParent();
+        } else {
+          break;
+        }
+      }
+    } else {
+      // If no parent was selected, set to NULL to use the default.
+      //
+      newParentKey = null;
+    }
+
+    for (final ProjectControl pc : children) {
+      final Project.NameKey key = pc.getProject().getNameKey();
+      final String name = pc.getProject().getName();
+
+      if (wildProject.equals(key)) {
+        // Don't allow the wild card project to have a parent.
+        //
+        err.append("error: Cannot set parent of '" + name + "'\n");
+        continue;
+      }
+
+      if (grandParents.contains(key)) {
+        // Try to avoid creating a cycle in the parent pointers.
+        //
+        err.append("error: Cycle exists between '" + name + "' and '"
+            + (newParentKey != null ? newParentKey.get() : wildProject.get())
+            + "'\n");
+        continue;
+      }
+
+      final Project child = db.projects().get(key);
+      if (child == null) {
+        // Race condition? Its in the cache, but not the database.
+        //
+        err.append("error: Project '" + name + "' not found\n");
+        continue;
+      }
+
+      child.setParent(newParentKey);
+      db.projects().update(Collections.singleton(child));
+    }
+
+    // Invalidate all projects in cache since inherited rights were changed.
+    //
+    projectCache.evictAll();
+
+    if (err.length() > 0) {
+      while (err.charAt(err.length() - 1) == '\n') {
+        err.setLength(err.length() - 1);
+      }
+      throw new UnloggedFailure(1, err.toString());
+    }
+  }
+}

gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/MasterCommandModule.java

@@ -31,5 +31,6 @@ public class MasterCommandModule extends CommandModule {
     command(gerrit, "gsql").to(AdminQueryShell.class);
     command(gerrit, "receive-pack").to(Receive.class);
     command(gerrit, "replicate").to(AdminReplicate.class);
+    command(gerrit, "set-project-parent").to(AdminSetParent.class);
   }
 }

gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SlaveCommandModule.java

@@ -31,5 +31,6 @@ public class SlaveCommandModule extends CommandModule {
     command(gerrit, "gsql").to(ErrorSlaveMode.class);
     command(gerrit, "receive-pack").to(ErrorSlaveMode.class);
     command(gerrit, "replicate").to(ErrorSlaveMode.class);
+    command(gerrit, "set-project-parent").to(ErrorSlaveMode.class);
   }
 }