LCOV - code coverage report
Current view: top level - server/account - CapabilityCollection.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 49 60 81.7 %
Date: 2022-11-19 15:00:39 Functions: 6 6 100.0 % 

          Line data    Source code
       1             : // Copyright (C) 2011 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.server.account;
      16             : 
      17             : import com.google.common.collect.ImmutableList;
      18             : import com.google.common.collect.ImmutableMap;
      19             : import com.google.common.collect.ImmutableSet;
      20             : import com.google.gerrit.common.Nullable;
      21             : import com.google.gerrit.common.data.GlobalCapability;
      22             : import com.google.gerrit.entities.AccessSection;
      23             : import com.google.gerrit.entities.GroupReference;
      24             : import com.google.gerrit.entities.Permission;
      25             : import com.google.gerrit.entities.PermissionRange;
      26             : import com.google.gerrit.entities.PermissionRule;
      27             : import com.google.gerrit.server.config.AdministrateServerGroups;
      28             : import com.google.gerrit.server.group.SystemGroupBackend;
      29             : import com.google.inject.Inject;
      30             : import com.google.inject.assistedinject.Assisted;
      31             : import java.util.ArrayList;
      32             : import java.util.Collections;
      33             : import java.util.HashMap;
      34             : import java.util.List;
      35             : import java.util.Map;
      36             : import java.util.Set;
      37             : 
      38             : /** Caches active {@link GlobalCapability} set for a site. */
      39             : public class CapabilityCollection {
      40             :   public interface Factory {
      41             :     CapabilityCollection create(@Nullable AccessSection section);
      42             :   }
      43             : 
      44             :   private final SystemGroupBackend systemGroupBackend;
      45             :   private final ImmutableMap<String, ImmutableList<PermissionRule>> permissions;
      46             : 
      47             :   public final ImmutableList<PermissionRule> administrateServer;
      48             :   public final ImmutableList<PermissionRule> batchChangesLimit;
      49             :   public final ImmutableList<PermissionRule> emailReviewers;
      50             :   public final ImmutableList<PermissionRule> priority;
      51             :   public final ImmutableList<PermissionRule> readAs;
      52             :   public final ImmutableList<PermissionRule> queryLimit;
      53             :   public final ImmutableList<PermissionRule> createGroup;
      54             : 
      55             :   @Inject
      56             :   CapabilityCollection(
      57             :       SystemGroupBackend systemGroupBackend,
      58             :       @AdministrateServerGroups ImmutableSet<GroupReference> admins,
      59         151 :       @Assisted @Nullable AccessSection section) {
      60         151 :     this.systemGroupBackend = systemGroupBackend;
      61             : 
      62         151 :     if (section == null) {
      63           3 :       section = AccessSection.create(AccessSection.GLOBAL_CAPABILITIES);
      64             :     }
      65         151 :     Map<String, List<PermissionRule>> tmp = new HashMap<>();
      66         151 :     for (Permission permission : section.getPermissions()) {
      67         151 :       for (PermissionRule rule : permission.getRules()) {
      68         151 :         if (!permission.getName().equals(GlobalCapability.EMAIL_REVIEWERS)
      69         151 :             && rule.getAction() == PermissionRule.Action.DENY) {
      70           0 :           continue;
      71             :         }
      72             : 
      73         151 :         List<PermissionRule> r = tmp.get(permission.getName());
      74         151 :         if (r == null) {
      75         151 :           r = new ArrayList<>(2);
      76         151 :           tmp.put(permission.getName(), r);
      77             :         }
      78         151 :         r.add(rule);
      79         151 :       }
      80         151 :     }
      81         151 :     configureDefaults(tmp, section);
      82         151 :     if (!tmp.containsKey(GlobalCapability.ADMINISTRATE_SERVER) && !admins.isEmpty()) {
      83           0 :       tmp.put(GlobalCapability.ADMINISTRATE_SERVER, ImmutableList.of());
      84             :     }
      85             : 
      86         151 :     ImmutableMap.Builder<String, ImmutableList<PermissionRule>> m = ImmutableMap.builder();
      87         151 :     for (Map.Entry<String, List<PermissionRule>> e : tmp.entrySet()) {
      88         151 :       List<PermissionRule> rules = e.getValue();
      89         151 :       if (GlobalCapability.ADMINISTRATE_SERVER.equals(e.getKey())) {
      90         151 :         rules = mergeAdmin(admins, rules);
      91             :       }
      92         151 :       m.put(e.getKey(), ImmutableList.copyOf(rules));
      93         151 :     }
      94         151 :     permissions = m.build();
      95             : 
      96         151 :     administrateServer = getPermission(GlobalCapability.ADMINISTRATE_SERVER);
      97         151 :     batchChangesLimit = getPermission(GlobalCapability.BATCH_CHANGES_LIMIT);
      98         151 :     emailReviewers = getPermission(GlobalCapability.EMAIL_REVIEWERS);
      99         151 :     priority = getPermission(GlobalCapability.PRIORITY);
     100         151 :     readAs = getPermission(GlobalCapability.READ_AS);
     101         151 :     queryLimit = getPermission(GlobalCapability.QUERY_LIMIT);
     102         151 :     createGroup = getPermission(GlobalCapability.CREATE_GROUP);
     103         151 :   }
     104             : 
     105             :   private static List<PermissionRule> mergeAdmin(
     106             :       Set<GroupReference> admins, List<PermissionRule> rules) {
     107         151 :     if (admins.isEmpty()) {
     108         151 :       return rules;
     109             :     }
     110             : 
     111           0 :     List<PermissionRule> r = new ArrayList<>(admins.size() + rules.size());
     112           0 :     for (GroupReference g : admins) {
     113           0 :       r.add(PermissionRule.create(g));
     114           0 :     }
     115           0 :     for (PermissionRule rule : rules) {
     116           0 :       if (!admins.contains(rule.getGroup())) {
     117           0 :         r.add(rule);
     118             :       }
     119           0 :     }
     120           0 :     return r;
     121             :   }
     122             : 
     123             :   public ImmutableList<PermissionRule> getPermission(String permissionName) {
     124         151 :     ImmutableList<PermissionRule> r = permissions.get(permissionName);
     125         151 :     return r != null ? r : ImmutableList.of();
     126             :   }
     127             : 
     128             :   private void configureDefaults(Map<String, List<PermissionRule>> out, AccessSection section) {
     129         151 :     configureDefault(
     130             :         out,
     131             :         section,
     132             :         GlobalCapability.QUERY_LIMIT,
     133         151 :         systemGroupBackend.getGroup(SystemGroupBackend.ANONYMOUS_USERS));
     134         151 :   }
     135             : 
     136             :   private static void configureDefault(
     137             :       Map<String, List<PermissionRule>> out,
     138             :       AccessSection section,
     139             :       String capName,
     140             :       GroupReference group) {
     141         151 :     if (doesNotDeclare(section, capName)) {
     142         151 :       PermissionRange.WithDefaults range = GlobalCapability.getRange(capName);
     143         151 :       if (range != null) {
     144         151 :         PermissionRule.Builder rule = PermissionRule.builder(group);
     145         151 :         rule.setRange(range.getDefaultMin(), range.getDefaultMax());
     146         151 :         out.put(capName, Collections.singletonList(rule.build()));
     147             :       }
     148             :     }
     149         151 :   }
     150             : 
     151             :   private static boolean doesNotDeclare(AccessSection section, String capName) {
     152         151 :     return section.getPermission(capName) == null;
     153             :   }
     154             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750