All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.google.gerrit.server.account.CapabilityCollection Maven / Gradle / Ivy

The newest version!
// Copyright (C) 2011 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.gerrit.server.account;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.entities.AccessSection;
import com.google.gerrit.entities.GroupReference;
import com.google.gerrit.entities.Permission;
import com.google.gerrit.entities.PermissionRange;
import com.google.gerrit.entities.PermissionRule;
import com.google.gerrit.server.config.AdministrateServerGroups;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/** Caches active {@link GlobalCapability} set for a site. */
public class CapabilityCollection {
  public interface Factory {
    CapabilityCollection create(@Nullable AccessSection section);
  }

  private final SystemGroupBackend systemGroupBackend;
  private final ImmutableMap> permissions;

  public final ImmutableList administrateServer;
  public final ImmutableList batchChangesLimit;
  public final ImmutableList emailReviewers;
  public final ImmutableList priority;
  public final ImmutableList readAs;
  public final ImmutableList queryLimit;
  public final ImmutableList createGroup;

  @Inject
  CapabilityCollection(
      SystemGroupBackend systemGroupBackend,
      @AdministrateServerGroups ImmutableSet admins,
      @Assisted @Nullable AccessSection section) {
    this.systemGroupBackend = systemGroupBackend;

    if (section == null) {
      section = AccessSection.create(AccessSection.GLOBAL_CAPABILITIES);
    }
    Map> tmp = new HashMap<>();
    for (Permission permission : section.getPermissions()) {
      for (PermissionRule rule : permission.getRules()) {
        if (!permission.getName().equals(GlobalCapability.EMAIL_REVIEWERS)
            && rule.getAction() == PermissionRule.Action.DENY) {
          continue;
        }

        List r = tmp.get(permission.getName());
        if (r == null) {
          r = new ArrayList<>(2);
          tmp.put(permission.getName(), r);
        }
        r.add(rule);
      }
    }
    configureDefaults(tmp, section);
    if (!tmp.containsKey(GlobalCapability.ADMINISTRATE_SERVER) && !admins.isEmpty()) {
      tmp.put(GlobalCapability.ADMINISTRATE_SERVER, ImmutableList.of());
    }

    ImmutableMap.Builder> m = ImmutableMap.builder();
    for (Map.Entry> e : tmp.entrySet()) {
      List rules = e.getValue();
      if (GlobalCapability.ADMINISTRATE_SERVER.equals(e.getKey())) {
        rules = mergeAdmin(admins, rules);
      }
      m.put(e.getKey(), ImmutableList.copyOf(rules));
    }
    permissions = m.build();

    administrateServer = getPermission(GlobalCapability.ADMINISTRATE_SERVER);
    batchChangesLimit = getPermission(GlobalCapability.BATCH_CHANGES_LIMIT);
    emailReviewers = getPermission(GlobalCapability.EMAIL_REVIEWERS);
    priority = getPermission(GlobalCapability.PRIORITY);
    readAs = getPermission(GlobalCapability.READ_AS);
    queryLimit = getPermission(GlobalCapability.QUERY_LIMIT);
    createGroup = getPermission(GlobalCapability.CREATE_GROUP);
  }

  private static List mergeAdmin(
      Set admins, List rules) {
    if (admins.isEmpty()) {
      return rules;
    }

    List r = new ArrayList<>(admins.size() + rules.size());
    for (GroupReference g : admins) {
      r.add(PermissionRule.create(g));
    }
    for (PermissionRule rule : rules) {
      if (!admins.contains(rule.getGroup())) {
        r.add(rule);
      }
    }
    return r;
  }

  public ImmutableList getPermission(String permissionName) {
    ImmutableList r = permissions.get(permissionName);
    return r != null ? r : ImmutableList.of();
  }

  private void configureDefaults(Map> out, AccessSection section) {
    configureDefault(
        out,
        section,
        GlobalCapability.QUERY_LIMIT,
        systemGroupBackend.getGroup(SystemGroupBackend.ANONYMOUS_USERS));
  }

  private static void configureDefault(
      Map> out,
      AccessSection section,
      String capName,
      GroupReference group) {
    if (doesNotDeclare(section, capName)) {
      PermissionRange.WithDefaults range = GlobalCapability.getRange(capName);
      if (range != null) {
        PermissionRule.Builder rule = PermissionRule.builder(group);
        rule.setRange(range.getDefaultMin(), range.getDefaultMax());
        out.put(capName, Collections.singletonList(rule.build()));
      }
    }
  }

  private static boolean doesNotDeclare(AccessSection section, String capName) {
    return section.getPermission(capName) == null;
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy