LCOV - code coverage report
Current view: top level - server/permissions - DefaultPermissionMappings.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 72 78 92.3 %
Date: 2022-11-19 15:00:39 Functions: 11 15 73.3 % 

          Line data    Source code
       1             : // Copyright (C) 2018 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.server.permissions;
      16             : 
      17             : import static com.google.common.base.Preconditions.checkState;
      18             : import static java.util.Objects.requireNonNull;
      19             : 
      20             : import com.google.common.collect.ImmutableBiMap;
      21             : import com.google.common.collect.ImmutableMap;
      22             : import com.google.gerrit.common.data.GlobalCapability;
      23             : import com.google.gerrit.entities.Permission;
      24             : import com.google.gerrit.extensions.api.access.GlobalOrPluginPermission;
      25             : import com.google.gerrit.extensions.api.access.PluginPermission;
      26             : import com.google.gerrit.extensions.api.access.PluginProjectPermission;
      27             : import com.google.gerrit.server.permissions.LabelPermission.ForUser;
      28             : import java.util.EnumSet;
      29             : import java.util.Optional;
      30             : import java.util.Set;
      31             : 
      32             : /**
      33             :  * Mappings from {@link com.google.gerrit.extensions.api.access.GerritPermission} enum instances to
      34             :  * the permission names used by {@link DefaultPermissionBackend}.
      35             :  *
      36             :  * <p>These should be considered implementation details of {@code DefaultPermissionBackend}; a
      37             :  * backend that doesn't respect the default permission model will not need to consult these.
      38             :  * However, implementations may also choose to respect certain aspects of the default permission
      39             :  * model, so this class is provided as public to aid those implementations.
      40             :  */
      41             : public class DefaultPermissionMappings {
      42             :   private static final ImmutableBiMap<GlobalPermission, String> CAPABILITIES =
      43         150 :       ImmutableBiMap.<GlobalPermission, String>builder()
      44         150 :           .put(GlobalPermission.ACCESS_DATABASE, GlobalCapability.ACCESS_DATABASE)
      45         150 :           .put(GlobalPermission.ADMINISTRATE_SERVER, GlobalCapability.ADMINISTRATE_SERVER)
      46         150 :           .put(GlobalPermission.CREATE_ACCOUNT, GlobalCapability.CREATE_ACCOUNT)
      47         150 :           .put(GlobalPermission.CREATE_GROUP, GlobalCapability.CREATE_GROUP)
      48         150 :           .put(GlobalPermission.CREATE_PROJECT, GlobalCapability.CREATE_PROJECT)
      49         150 :           .put(GlobalPermission.EMAIL_REVIEWERS, GlobalCapability.EMAIL_REVIEWERS)
      50         150 :           .put(GlobalPermission.FLUSH_CACHES, GlobalCapability.FLUSH_CACHES)
      51         150 :           .put(GlobalPermission.KILL_TASK, GlobalCapability.KILL_TASK)
      52         150 :           .put(GlobalPermission.MAINTAIN_SERVER, GlobalCapability.MAINTAIN_SERVER)
      53         150 :           .put(GlobalPermission.MODIFY_ACCOUNT, GlobalCapability.MODIFY_ACCOUNT)
      54         150 :           .put(GlobalPermission.READ_AS, GlobalCapability.READ_AS)
      55         150 :           .put(GlobalPermission.RUN_AS, GlobalCapability.RUN_AS)
      56         150 :           .put(GlobalPermission.RUN_GC, GlobalCapability.RUN_GC)
      57         150 :           .put(GlobalPermission.STREAM_EVENTS, GlobalCapability.STREAM_EVENTS)
      58         150 :           .put(GlobalPermission.VIEW_ACCESS, GlobalCapability.VIEW_ACCESS)
      59         150 :           .put(GlobalPermission.VIEW_ALL_ACCOUNTS, GlobalCapability.VIEW_ALL_ACCOUNTS)
      60         150 :           .put(GlobalPermission.VIEW_CACHES, GlobalCapability.VIEW_CACHES)
      61         150 :           .put(GlobalPermission.VIEW_CONNECTIONS, GlobalCapability.VIEW_CONNECTIONS)
      62         150 :           .put(GlobalPermission.VIEW_PLUGINS, GlobalCapability.VIEW_PLUGINS)
      63         150 :           .put(GlobalPermission.VIEW_QUEUE, GlobalCapability.VIEW_QUEUE)
      64         150 :           .build();
      65             : 
      66             :   static {
      67         150 :     checkMapContainsAllEnumValues(CAPABILITIES, GlobalPermission.class);
      68             :   }
      69             : 
      70             :   private static final ImmutableBiMap<ProjectPermission, String> PROJECT_PERMISSIONS =
      71         150 :       ImmutableBiMap.<ProjectPermission, String>builder()
      72         150 :           .put(ProjectPermission.READ, Permission.READ)
      73         150 :           .build();
      74             : 
      75             :   private static final ImmutableBiMap<RefPermission, String> REF_PERMISSIONS =
      76         150 :       ImmutableBiMap.<RefPermission, String>builder()
      77         150 :           .put(RefPermission.READ, Permission.READ)
      78         150 :           .put(RefPermission.CREATE, Permission.CREATE)
      79         150 :           .put(RefPermission.DELETE, Permission.DELETE)
      80         150 :           .put(RefPermission.UPDATE, Permission.PUSH)
      81         150 :           .put(RefPermission.FORGE_AUTHOR, Permission.FORGE_AUTHOR)
      82         150 :           .put(RefPermission.FORGE_COMMITTER, Permission.FORGE_COMMITTER)
      83         150 :           .put(RefPermission.FORGE_SERVER, Permission.FORGE_SERVER)
      84         150 :           .put(RefPermission.CREATE_TAG, Permission.CREATE_TAG)
      85         150 :           .put(RefPermission.CREATE_SIGNED_TAG, Permission.CREATE_SIGNED_TAG)
      86         150 :           .put(RefPermission.READ_PRIVATE_CHANGES, Permission.VIEW_PRIVATE_CHANGES)
      87         150 :           .build();
      88             : 
      89         150 :   private static final ImmutableBiMap<ChangePermission, String> CHANGE_PERMISSIONS =
      90         150 :       ImmutableBiMap.<ChangePermission, String>builder()
      91         150 :           .put(ChangePermission.READ, Permission.READ)
      92         150 :           .put(ChangePermission.ABANDON, Permission.ABANDON)
      93         150 :           .put(ChangePermission.EDIT_ASSIGNEE, Permission.EDIT_ASSIGNEE)
      94         150 :           .put(ChangePermission.EDIT_HASHTAGS, Permission.EDIT_HASHTAGS)
      95         150 :           .put(ChangePermission.EDIT_TOPIC_NAME, Permission.EDIT_TOPIC_NAME)
      96         150 :           .put(ChangePermission.REMOVE_REVIEWER, Permission.REMOVE_REVIEWER)
      97         150 :           .put(ChangePermission.ADD_PATCH_SET, Permission.ADD_PATCH_SET)
      98         150 :           .put(ChangePermission.REBASE, Permission.REBASE)
      99         150 :           .put(ChangePermission.REVERT, Permission.REVERT)
     100         150 :           .put(ChangePermission.SUBMIT, Permission.SUBMIT)
     101         150 :           .put(ChangePermission.SUBMIT_AS, Permission.SUBMIT_AS)
     102         150 :           .put(
     103             :               ChangePermission.TOGGLE_WORK_IN_PROGRESS_STATE,
     104             :               Permission.TOGGLE_WORK_IN_PROGRESS_STATE)
     105         150 :           .build();
     106             : 
     107             :   private static <T extends Enum<T>> void checkMapContainsAllEnumValues(
     108             :       ImmutableMap<T, String> actual, Class<T> clazz) {
     109         150 :     Set<T> expected = EnumSet.allOf(clazz);
     110         150 :     checkState(
     111         150 :         actual.keySet().equals(expected),
     112             :         "all %s values must be defined, found: %s",
     113         150 :         clazz.getSimpleName(),
     114         150 :         actual.keySet());
     115         150 :   }
     116             : 
     117             :   public static String globalPermissionName(GlobalPermission globalPermission) {
     118         150 :     return requireNonNull(CAPABILITIES.get(globalPermission));
     119             :   }
     120             : 
     121             :   public static Optional<GlobalPermission> globalPermission(String capabilityName) {
     122         148 :     return Optional.ofNullable(CAPABILITIES.inverse().get(capabilityName));
     123             :   }
     124             : 
     125             :   public static String pluginCapabilityName(PluginPermission pluginPermission) {
     126           1 :     return pluginPermission.pluginName() + '-' + pluginPermission.capability();
     127             :   }
     128             : 
     129             :   public static String pluginProjectPermissionName(PluginProjectPermission pluginPermission) {
     130           0 :     return "plugin-" + pluginPermission.pluginName() + '-' + pluginPermission.permission();
     131             :   }
     132             : 
     133             :   public static String globalOrPluginPermissionName(GlobalOrPluginPermission permission) {
     134           2 :     return permission instanceof GlobalPermission
     135           2 :         ? globalPermissionName((GlobalPermission) permission)
     136           0 :         : pluginCapabilityName((PluginPermission) permission);
     137             :   }
     138             : 
     139             :   public static Optional<String> projectPermissionName(ProjectPermission projectPermission) {
     140           0 :     return Optional.ofNullable(PROJECT_PERMISSIONS.get(projectPermission));
     141             :   }
     142             : 
     143             :   public static Optional<ProjectPermission> projectPermission(String permissionName) {
     144           0 :     return Optional.ofNullable(PROJECT_PERMISSIONS.inverse().get(permissionName));
     145             :   }
     146             : 
     147             :   public static Optional<String> refPermissionName(RefPermission refPermission) {
     148          45 :     return Optional.ofNullable(REF_PERMISSIONS.get(refPermission));
     149             :   }
     150             : 
     151             :   public static Optional<RefPermission> refPermission(String permissionName) {
     152           2 :     return Optional.ofNullable(REF_PERMISSIONS.inverse().get(permissionName));
     153             :   }
     154             : 
     155             :   public static Optional<String> changePermissionName(ChangePermission changePermission) {
     156         103 :     return Optional.ofNullable(CHANGE_PERMISSIONS.get(changePermission));
     157             :   }
     158             : 
     159             :   public static Optional<ChangePermission> changePermission(String permissionName) {
     160           0 :     return Optional.ofNullable(CHANGE_PERMISSIONS.inverse().get(permissionName));
     161             :   }
     162             : 
     163             :   public static String labelPermissionName(LabelPermission labelPermission) {
     164          39 :     if (labelPermission.forUser() == ForUser.ON_BEHALF_OF) {
     165           0 :       return Permission.forLabelAs(labelPermission.label());
     166             :     }
     167          39 :     return Permission.forLabel(labelPermission.label());
     168             :   }
     169             : 
     170             :   // TODO(dborowitz): Can these share a common superinterface?
     171             :   public static String labelPermissionName(LabelPermission.WithValue labelPermission) {
     172         103 :     if (labelPermission.forUser() == ForUser.ON_BEHALF_OF) {
     173           2 :       return Permission.forLabelAs(labelPermission.label());
     174             :     }
     175         103 :     return Permission.forLabel(labelPermission.label());
     176             :   }
     177             : 
     178             :   private DefaultPermissionMappings() {}
     179             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750