opendev/gerrit
Code Issues Proposed changes
Files
75afdfdc843b7dfb4c9dc2676e162b21d7df7684
gerrit/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/RefRightAccess.java
Nico Sallembien 75afdfdc84 Change permissions to be branch based 
The RefControl class introduces per-branch access control rules.
ProjectRight is replaced by RefRight in the database, shifting all
current access records to include a reference pattern that matches
the previously assumed target namespace.  For example, PUSH_HEAD
is now matched against refs/heads/*, as is SUBMIT.

Although this implementation starts the foundation for per-branch
level READ access, it is not fully supported.  The Git native
protocol exposes all branches to readers, which means users can
still fetch the Git objects even if the web UI wouldn't allow them
to see the change.

This work was a joint effort between Nico and Shawn.  Nico started
the change and did the bulk of the implementation.  Shawn did a
bunch of cleanup work near the tail end.  Consequently all bugs
are Shawn's fault.

Bug: issue 60
Change-Id: I62401d80cbb885180614a4f20a945f5611de8986
Signed-off-by: Shawn O. Pearce <sop@google.com>
2010-01-25 11:47:59 -08:00

34 lines
1.3 KiB
Java
Raw Blame History

// Copyright (C) 2010 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.reviewdb;
import com.google.gwtorm.client.Access;
import com.google.gwtorm.client.OrmException;
import com.google.gwtorm.client.PrimaryKey;
import com.google.gwtorm.client.Query;
import com.google.gwtorm.client.ResultSet;
public interface RefRightAccess extends Access<RefRight, RefRight.Key> {
@PrimaryKey("key")
RefRight get(RefRight.Key refRight) throws OrmException;
@Query("WHERE key.projectName = ?")
ResultSet<RefRight> byProject(Project.NameKey project) throws OrmException;
@Query("WHERE key.categoryId = ? AND key.groupId = ?")
ResultSet<RefRight> byCategoryGroup(ApprovalCategory.Id cat,
AccountGroup.Id group) throws OrmException;
}
View Git Blame Copy Permalink