Checking permissions of users that aren't the caller on the current request
can have implications on the security of the system. The most prominent
one is creating a group-oracle.
To limit the cases where we could potentially expose Gerrit to these
threats, PermissionBackend removes the method that was operating solely
on the provider of the current user.
Change-Id: I601ea1200a15a5f262ca0770b23cc1c7bee126b1
Change I4878f066b6 allowed administrators to toggle the WIP flag on any
change but the UI action was still disabled for admins.
Change-Id: I55dd6400dc07d57fe2aaaf3528ff429d5baf48ed
Signed-off-by: Edwin Kempin <ekempin@google.com>
Passing in a Provider<CurrentUser> into PermissionBackend is
boiler-platy. This change adds a convenience method to PermissionBackend
and DefaultPermissionBackend to limit this boiler-plate. Future commits
will remove #user(Provider<CurrentUser>) from PermissionBackend, once
all callers were moved.
Change-Id: Ifcd07fe2c7d2673a66b2b4f9eff06ee8a3b6b943
Add unit tests for the labels functions.
Check if prolog rules are defined for this project or its parents, and
if not default to the added Java implementations of LabelFunctons.
Before this commit, the Prolog rules engine was always invoked to check
wether a change can be submitted or not, even if no prolog rules were
defined.
Doing so should also make it easier to extract Prolog as a plugin
without losing any of its currently offered features (label functions
and default rules implementation).
The LabelFunction code is inspired by Saša Živkov's change Iffe1567,
adjusted to live directly in the enum.
Change-Id: I5e18b0d494be3f0423bb533ed84a63ea4b8a31df
This commit changes this class so that every PBE will be logged
out as an error. But another option is throwing out this
exception since it stands for an error on the server side.
Change-Id: I231ab13ebeb9e5b37788875355d675c17f68745b
By design, PermissionBackendException stands for some error
in the permission backend. It doesn't mean the user doesn't
hold the checked/tested permission. Thus this endpoint should
not catch PBE and treat it the same with AuthException.
Change-Id: Ibbb99fb3648a1bfdbdea922cdb94a77f6824c141
Create project could fail when there are concurrent requests.
For example, in the test
CreateProjectIT#createSameProjectFromTwoConcurrentRequests.
Like other places, it's good to check whether ProjectState is
null before use.
Change-Id: I9dc590912f6ffa1878a3974991f78ccf51ca9ad1
Sometimes this can be useful, e.g. if one developers starts a WIP
change, goes to vacation and another developer makes the change ready.
At the moment the WIP flag cannot be removed by anyone else than the
change owner.
Change-Id: I4878f066b633b349dbfe927480ebb143539bf4d3
Signed-off-by: Edwin Kempin <ekempin@google.com>
Gerrit users active on several Gerrit servers may find it hard to
determine the gerrit instance related to an email.
This commit fixes it by adding a Gerrit instance name to the email
titles, right before the project's short name.
For instance, for a Gerrit instance called "Pear" and the project
"website/forum", the notification email titles will contain "Pear/forum".
Also add configuration to disable this behavior.
Change-Id: I6c842f33ce605125ec64ca7d09643f59aa96a02d
GroupRebuilder and GroupBundle are supposed to be only used by schema
migrations. Make sure that they are not used otherwise by moving them
into the schema package.
Change-Id: I094043259720edec9b60309f0ec0535bf0505d9e
Signed-off-by: Edwin Kempin <ekempin@google.com>
This is better than checking a constant group name that is the same for
all groups.
Change-Id: Ie92327bb1d5f285f3ef65fa229f1b3ee863cd8f6
Signed-off-by: Edwin Kempin <ekempin@google.com>
We want to use GroupRebuilder from a schema migration to migrate Gerrit
groups to NoteDb. For this GroupRebuilder must not depend on classes
which are not available during init:
- Don't use MetaDataUpdate.InternalFactory but instead instantiate
MetaDataUpdate directly (it's okay to use GitReferenceUpdated.DISABLED
since we don't fire events during init and init is the only place
where GroupRebuilder is used).
- Don't create an AuditLogFormatter from account cache, group cache and
server ID but instead require that the AuditLogFormatter is created
and passed in by the caller.
Change-Id: Ib43e3121ec99c38ef4c1a1879c48d879118fb4c4
Signed-off-by: Edwin Kempin <ekempin@google.com>
This will make it easier to use this method from the schema migration
that implements the migration of Gerrit groups to NoteDb.
Change-Id: Ic15d54c240998796bb5e8ad91a8b8144674c8af0
Signed-off-by: Edwin Kempin <ekempin@google.com>
This will allow us to use this method from the schema migration that
implements the migration of Gerrit groups to NoteDb.
Change-Id: I12ba4a0217ae9479f32c6c5f3fc0a834fd127e30
Signed-off-by: Edwin Kempin <ekempin@google.com>
The Gerrit groups will be migrated to NoteDb. Once this is done reading
groups from ReviewDb will be no longer supported and the
AccountGroup*Access classes will be removed.
The GroupBundle class will be used by the schema migration that migrates
the Gerrit groups from ReviewDb to NoteDb and we need to keep this
migration running for some longer time to support Gerrit upgrades.
This means GroupBundle will still exist when the AccountGroup*Access
classes are already gone. Hence to read group data it cannot rely on the
AccountGroup*Access classes, but must use plain SQL to retrieve this
data from ReviewDb.
Change-Id: If4bc99191bc7cd0e713c9666c2d52b278fe3a246
Signed-off-by: Edwin Kempin <ekempin@google.com>
This reverts commit 809de7e70c9a974df0a4c467ab731938c8b81d85.
Reason for revert: Groups are migrated offline with change I530116c8c5a.
Hence, we don't need to prevent any intermediate group updates.
Change-Id: I28113f8dbca7698a2335ae315405e7893636a745
This change partially reverts I84201c0c9d.
A follow-up change will migrate all groups from ReviewDb to NoteDb.
Further follow-up changes will remove all ReviewDb code for groups.
Hence, we don't need this REST endpoint anymore, which only existed
temporarily while implementing groups in NoteDb.
Change-Id: Ia2cf0c75a80e34ef9a8d8c8063b08388fa5fae9c
The only usage of this class is to create a ProjectState from a
ProjectConfig acquired from a ProjectState returned by the ProjectCache.
No need for this indirection; just use the original ProjectState.
Change-Id: I53434efc3c59bb2992f54ef262076030db55badd
This is similar to the split between index and server.index: these
pieces of the index code do not depend on Gerrit internals and may be
used to implement a project index in non-Gerrit servers. In other words,
this is the logical continuation of the work started in I07beec95.
Change-Id: Ic56eb46a5386cdd72f62117ad36b24ca85659809
* stable-2.15:
Fix formatting in MergeInput documentation
Fix assertions on iterable size in tests
Fix example ref in 'Create Merge Patch Set For Change' documentation
Fix documentation for CreateMergePatchSetForChange REST API endpoint.
LightweightPluginDaemonTest: Expose plugin guice injectors
Change-Id: Ief9930217e4769aac629b076316cdb3b47edfd11
* stable-2.15:
Skip migrating inline comments on missing patch set parents
Temporarily increase heap size of NoteDb migration tests
Log the reason why a project cannot be found
Change kind cache: short-circuit on root commits
Document that gitweb.type must be set
Tidy up config-gitweb
Change kind cache: short-circuit on root commits
Do not abort indexing if < 50% projects failed
Improve documentation of `index.maxLimit` for Elasticsearch
InitIndex: Set Elasticsearch index config under elasticsearch section
Link to hashtag intro docs from more places
user-upload.txt: Document setting hashtags on push
intro-user.txt: Document hashtags
user-search.txt: Document hashtag operator
intro-user.txt: Mention that topics may affect submission
Add NoteDb migration test for change with no patch set refs
NoteDbMigrator: Totally skip changes with no patch sets
Add more tests for rebuilding changes missing some entities
Fix Change-Id in revert email
Widen set of My Drafts menus that are automatically removed
Migrate old My Drafts menus in refs/users/default
This partially reverts commit e518d9dacc9d4cc547cb5935101859e36072ccb0
because Schema_159_to_160_Test references PREFERENCES which was made
private, and uses the forDefault method which was removed. This commit
makes PREFERENCES package visible and re-adds the forDefault method as
a package visible method.
Change-Id: Ifba662a47197b3a5f17988fc69896cdca1ff853b
