All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.google.gerrit.server.group.SystemGroupBackend Maven / Gradle / Ivy

There is a newer version: 3.11.0-rc3
Show newest version
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.gerrit.server.group;

import static java.util.Objects.requireNonNull;
import static java.util.stream.Collectors.toSet;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.entities.AccountGroup;
import com.google.gerrit.entities.GroupDescription;
import com.google.gerrit.entities.GroupReference;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.ExternalUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.StartupCheck;
import com.google.gerrit.server.StartupException;
import com.google.gerrit.server.account.AbstractGroupBackend;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.account.ListGroupMembership;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.group.db.Groups;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.NavigableMap;
import java.util.Optional;
import java.util.Set;
import java.util.TreeMap;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.Config;

@Singleton
public class SystemGroupBackend extends AbstractGroupBackend {
  public static final String SYSTEM_GROUP_SCHEME = "global:";

  /** Common UUID assigned to the "Anonymous Users" group. */
  public static final AccountGroup.UUID ANONYMOUS_USERS =
      AccountGroup.uuid(SYSTEM_GROUP_SCHEME + "Anonymous-Users");

  /** Common UUID assigned to the "Registered Users" group. */
  public static final AccountGroup.UUID REGISTERED_USERS =
      AccountGroup.uuid(SYSTEM_GROUP_SCHEME + "Registered-Users");

  /** Common UUID assigned to the "Project Owners" placeholder group. */
  public static final AccountGroup.UUID PROJECT_OWNERS =
      AccountGroup.uuid(SYSTEM_GROUP_SCHEME + "Project-Owners");

  /** Common UUID assigned to the "Change Owner" placeholder group. */
  public static final AccountGroup.UUID CHANGE_OWNER =
      AccountGroup.uuid(SYSTEM_GROUP_SCHEME + "Change-Owner");

  private static final AccountGroup.UUID[] all = {
    ANONYMOUS_USERS, REGISTERED_USERS, PROJECT_OWNERS, CHANGE_OWNER,
  };

  public static boolean isSystemGroup(AccountGroup.UUID uuid) {
    return uuid.get().startsWith(SYSTEM_GROUP_SCHEME);
  }

  public static boolean isAnonymousOrRegistered(GroupReference ref) {
    return isAnonymousOrRegistered(ref.getUUID());
  }

  public static boolean isAnonymousOrRegistered(AccountGroup.UUID uuid) {
    return ANONYMOUS_USERS.equals(uuid) || REGISTERED_USERS.equals(uuid);
  }

  private final ImmutableSet reservedNames;
  private final NavigableMap namesToGroups;
  private final ImmutableSet names;
  private final ImmutableMap uuids;
  private final ImmutableSet externalUserMemberships;

  @Inject
  @VisibleForTesting
  public SystemGroupBackend(@GerritServerConfig Config cfg) {
    NavigableMap n = new TreeMap<>();
    ImmutableMap.Builder u = ImmutableMap.builder();

    ImmutableSet.Builder reservedNamesBuilder = ImmutableSet.builder();
    for (AccountGroup.UUID uuid : all) {
      int c = uuid.get().indexOf(':');
      String defaultName = uuid.get().substring(c + 1).replace('-', ' ');
      reservedNamesBuilder.add(defaultName);
      String configuredName = cfg.getString("groups", uuid.get(), "name");
      GroupReference ref =
          GroupReference.create(uuid, MoreObjects.firstNonNull(configuredName, defaultName));
      n.put(ref.getName().toLowerCase(Locale.US), ref);
      u.put(ref.getUUID(), ref);
    }
    reservedNames = reservedNamesBuilder.build();
    namesToGroups = Collections.unmodifiableNavigableMap(n);
    names =
        ImmutableSet.copyOf(
            namesToGroups.values().stream().map(GroupReference::getName).collect(toSet()));
    uuids = u.build();
    externalUserMemberships =
        cfg.getBoolean("groups", null, "includeExternalUsersInRegisteredUsersGroup", true)
            ? ImmutableSet.of(ANONYMOUS_USERS, REGISTERED_USERS)
            : ImmutableSet.of(ANONYMOUS_USERS);
  }

  public GroupReference getGroup(AccountGroup.UUID uuid) {
    return requireNonNull(uuids.get(uuid), () -> String.format("group %s not found", uuid.get()));
  }

  public Set getNames() {
    return names;
  }

  public Set getReservedNames() {
    return reservedNames;
  }

  @Override
  public boolean handles(AccountGroup.UUID uuid) {
    return isSystemGroup(uuid);
  }

  @Nullable
  @Override
  public GroupDescription.Basic get(AccountGroup.UUID uuid) {
    final GroupReference ref = uuids.get(uuid);
    if (ref == null) {
      return null;
    }
    return new GroupDescription.Basic() {
      @Override
      public String getName() {
        return ref.getName();
      }

      @Override
      public AccountGroup.UUID getGroupUUID() {
        return ref.getUUID();
      }

      @Nullable
      @Override
      public String getUrl() {
        return null;
      }

      @Nullable
      @Override
      public String getEmailAddress() {
        return null;
      }
    };
  }

  @Override
  public Collection suggest(String name, ProjectState project) {
    String nameLC = name.toLowerCase(Locale.US);
    NavigableMap matches =
        namesToGroups.tailMap(nameLC, /* inclusive= */ true);
    if (matches.isEmpty()) {
      return new ArrayList<>();
    }

    List r = new ArrayList<>(matches.size());
    for (Map.Entry e : matches.entrySet()) {
      if (e.getKey().startsWith(nameLC)) {
        r.add(e.getValue());
      } else {
        break;
      }
    }
    return r;
  }

  @Override
  public GroupMembership membershipsOf(CurrentUser user) {
    if (user instanceof ExternalUser) {
      return new ListGroupMembership(externalUserMemberships);
    }
    if (user instanceof IdentifiedUser) {
      return new ListGroupMembership(ImmutableSet.of(ANONYMOUS_USERS, REGISTERED_USERS));
    }
    return new ListGroupMembership(ImmutableSet.of(ANONYMOUS_USERS));
  }

  public static class NameCheck implements StartupCheck {
    private final Config cfg;
    private final Groups groups;

    @Inject
    NameCheck(@GerritServerConfig Config cfg, Groups groups) {
      this.cfg = cfg;
      this.groups = groups;
    }

    @Override
    public void check() throws StartupException {
      Map configuredNames = new HashMap<>();
      Map byLowerCaseConfiguredName = new HashMap<>();
      for (AccountGroup.UUID uuid : all) {
        String configuredName = cfg.getString("groups", uuid.get(), "name");
        if (configuredName != null) {
          configuredNames.put(uuid, configuredName);
          byLowerCaseConfiguredName.put(configuredName.toLowerCase(Locale.US), uuid);
        }
      }
      if (configuredNames.isEmpty()) {
        return;
      }

      Optional conflictingGroup;
      try {
        conflictingGroup =
            groups
                .getAllGroupReferences()
                .filter(group -> hasConfiguredName(byLowerCaseConfiguredName, group))
                .findAny();

      } catch (IOException | ConfigInvalidException ignored) {
        return;
      }

      if (conflictingGroup.isPresent()) {
        GroupReference group = conflictingGroup.get();
        String groupName = group.getName();
        AccountGroup.UUID systemGroupUuid = byLowerCaseConfiguredName.get(groupName);
        throw new StartupException(
            getAmbiguousNameMessage(groupName, group.getUUID(), systemGroupUuid));
      }
    }

    private static boolean hasConfiguredName(
        Map byLowerCaseConfiguredName, GroupReference group) {
      String name = group.getName().toLowerCase(Locale.US);
      return byLowerCaseConfiguredName.keySet().contains(name);
    }

    private static String getAmbiguousNameMessage(
        String groupName, AccountGroup.UUID groupUuid, AccountGroup.UUID systemGroupUuid) {
      return String.format(
          "The configured name '%s' for system group '%s' is ambiguous"
              + " with the name '%s' of existing group '%s'."
              + " Please remove/change the value for groups.%s.name in"
              + " gerrit.config.",
          groupName, systemGroupUuid.get(), groupName, groupUuid.get(), systemGroupUuid.get());
    }
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy