Add automaticMembership flag to account groups

If set to true, the group's membership list will be hidden from view, and cannot be accessed or modified. Instead it is assumed that the members are drawn from an external data source, and replicated into Gerrit through some external means such as direct database updates. The two standard groups for anonymous and registered users behaves like this, in that their membership is derived on the fly, and is not visible, or modifiable. Signed-off-by: Shawn O. Pearce <sop@google.com>
author: Shawn O. Pearce <sop@google.com> 2009-06-08 11:52:24 -0700
committer: Shawn O. Pearce <sop@google.com> 2009-06-08 11:52:24 -0700
commit: 828f3c71a5159ce53ba109e44849228eace63772 (patch)
tree: b9247d708cb7a380116b10679066f368abc96c14
parent: d8157ff48cc359172c0e4e7f2d86633fbb069eb4 (diff)
6 files changed, 47 insertions, 22 deletions
diff --git a/src/main/java/com/google/gerrit/client/admin/AccountGroupDetail.java b/src/main/java/com/google/gerrit/client/admin/AccountGroupDetail.java
index c1cef7b19a..663adab020 100644
--- a/src/main/java/com/google/gerrit/client/admin/AccountGroupDetail.java
+++ b/src/main/java/com/google/gerrit/client/admin/AccountGroupDetail.java
@@ -46,7 +46,7 @@ public class AccountGroupDetail {
     } else {
       ownerGroup = db.accountGroups().get(group.getOwnerGroupId());
     }
-    autoGroup = isAuto;
+    autoGroup = isAuto || g.isAutomaticMembership();
 
     if (!autoGroup) {
       loadMembers(db, acc);
diff --git a/src/main/java/com/google/gerrit/client/reviewdb/AccountGroup.java b/src/main/java/com/google/gerrit/client/reviewdb/AccountGroup.java
index 26737e2315..1d7bd0d8e5 100644
--- a/src/main/java/com/google/gerrit/client/reviewdb/AccountGroup.java
+++ b/src/main/java/com/google/gerrit/client/reviewdb/AccountGroup.java
@@ -98,6 +98,10 @@ public final class AccountGroup {
   @Column(length = Integer.MAX_VALUE, notNull = false)
   protected String description;
 
+  /** Is the membership managed by some external means? */
+  @Column
+  protected boolean automaticMembership;
+
   protected AccountGroup() {
   }
 
@@ -139,4 +143,12 @@ public final class AccountGroup {
   public void setOwnerGroupId(final AccountGroup.Id id) {
     ownerGroupId = id;
   }
+
+  public boolean isAutomaticMembership() {
+    return automaticMembership;
+  }
+
+  public void setAutomaticMembership(final boolean auto) {
+    automaticMembership = auto;
+  }
 }
diff --git a/src/main/java/com/google/gerrit/server/GerritServer.java b/src/main/java/com/google/gerrit/server/GerritServer.java
index 40232bb954..a726ef0750 100644
--- a/src/main/java/com/google/gerrit/server/GerritServer.java
+++ b/src/main/java/com/google/gerrit/server/GerritServer.java
@@ -433,6 +433,7 @@ public class GerritServer {
             new AccountGroup.Id(c.nextAccountGroupId()));
     anonymous.setDescription("Any user, signed-in or not");
     anonymous.setOwnerGroupId(admin.getId());
+    anonymous.setAutomaticMembership(true);
     c.accountGroups().insert(Collections.singleton(anonymous));
 
     final AccountGroup registered =
@@ -440,6 +441,7 @@ public class GerritServer {
             new AccountGroup.Id(c.nextAccountGroupId()));
     registered.setDescription("Any signed-in user");
     registered.setOwnerGroupId(admin.getId());
+    registered.setAutomaticMembership(true);
     c.accountGroups().insert(Collections.singleton(registered));
 
     final SystemConfig s = SystemConfig.create();
diff --git a/src/main/java/com/google/gerrit/server/GroupAdminServiceImpl.java b/src/main/java/com/google/gerrit/server/GroupAdminServiceImpl.java
index 6bb01f9c47..45cf01eb6d 100644
--- a/src/main/java/com/google/gerrit/server/GroupAdminServiceImpl.java
+++ b/src/main/java/com/google/gerrit/server/GroupAdminServiceImpl.java
@@ -98,11 +98,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final AsyncCallback<AccountGroupDetail> callback) {
     run(callback, new Action<AccountGroupDetail>() {
       public AccountGroupDetail run(ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
         final AccountGroup group = db.accountGroups().get(groupId);
-        if (group == null) {
-          throw new Failure(new NoSuchEntityException());
-        }
+        assertAmGroupOwner(db, group);
 
         final AccountGroupDetail d = new AccountGroupDetail();
         final boolean auto = Common.getGroupCache().isAutoGroup(group.getId());
@@ -116,11 +113,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final String description, final AsyncCallback<VoidResult> callback) {
     run(callback, new Action<VoidResult>() {
       public VoidResult run(final ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
         final AccountGroup group = db.accountGroups().get(groupId);
-        if (group == null) {
-          throw new Failure(new NoSuchEntityException());
-        }
+        assertAmGroupOwner(db, group);
         group.setDescription(description);
         db.accountGroups().update(Collections.singleton(group));
         return VoidResult.INSTANCE;
@@ -132,11 +126,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final String newOwnerName, final AsyncCallback<VoidResult> callback) {
     run(callback, new Action<VoidResult>() {
       public VoidResult run(final ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
         final AccountGroup group = db.accountGroups().get(groupId);
-        if (group == null) {
-          throw new Failure(new NoSuchEntityException());
-        }
+        assertAmGroupOwner(db, group);
 
         final AccountGroup owner =
             db.accountGroups().get(new AccountGroup.NameKey(newOwnerName));
@@ -155,11 +146,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final AsyncCallback<VoidResult> callback) {
     run(callback, new Action<VoidResult>() {
       public VoidResult run(final ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
         final AccountGroup group = db.accountGroups().get(groupId);
-        if (group == null) {
-          throw new Failure(new NoSuchEntityException());
-        }
+        assertAmGroupOwner(db, group);
 
         final AccountGroup.NameKey nameKey = new AccountGroup.NameKey(newName);
         if (!nameKey.equals(group.getNameKey())) {
@@ -178,10 +166,13 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
       final String nameOrEmail, final AsyncCallback<AccountGroupDetail> callback) {
     run(callback, new Action<AccountGroupDetail>() {
       public AccountGroupDetail run(ReviewDb db) throws OrmException, Failure {
-        assertAmGroupOwner(db, groupId);
-        if (Common.getGroupCache().isAutoGroup(groupId)) {
+        final AccountGroup group = db.accountGroups().get(groupId);
+        assertAmGroupOwner(db, group);
+        if (group.isAutomaticMembership()
+            || Common.getGroupCache().isAutoGroup(groupId)) {
           throw new Failure(new NameAlreadyUsedException());
         }
+
         final Account a = findAccount(db, nameOrEmail);
         final AccountGroupMember.Key key =
             new AccountGroupMember.Key(a.getId(), groupId);
@@ -255,9 +246,8 @@ public class GroupAdminServiceImpl extends BaseServiceImplementation implements
     });
   }
 
-  private void assertAmGroupOwner(final ReviewDb db,
-      final AccountGroup.Id groupId) throws OrmException, Failure {
-    final AccountGroup group = db.accountGroups().get(groupId);
+  private void assertAmGroupOwner(final ReviewDb db, final AccountGroup group)
+      throws Failure {
     if (group == null) {
       throw new Failure(new NoSuchEntityException());
     }
diff --git a/src/main/webapp/WEB-INF/sql/upgrade012_013_mysql.sql b/src/main/webapp/WEB-INF/sql/upgrade012_013_mysql.sql
index 5063dc951d..9c614b1687 100644
--- a/src/main/webapp/WEB-INF/sql/upgrade012_013_mysql.sql
+++ b/src/main/webapp/WEB-INF/sql/upgrade012_013_mysql.sql
@@ -11,4 +11,14 @@ CREATE TABLE account_group_members_audit
 ,PRIMARY KEY (account_id, group_id, added_on)
 );
 
+ALTER TABLE account_groups ADD automatic_membership CHAR(1);
+UPDATE account_groups SET automatic_membership = 'N';
+ALTER TABLE account_groups MODIFY automatic_membership CHAR(1) NOT NULL;
+
+UPDATE account_groups SET automatic_membership = 'Y'
+WHERE group_id = (SELECT anonymous_group_id FROM system_config);
+
+UPDATE account_groups SET automatic_membership = 'Y'
+WHERE group_id = (SELECT registered_group_id FROM system_config);
+
 UPDATE schema_version SET version_nbr = 13;
diff --git a/src/main/webapp/WEB-INF/sql/upgrade012_013_postgres.sql b/src/main/webapp/WEB-INF/sql/upgrade012_013_postgres.sql
index 21bff06a39..631a33f576 100644
--- a/src/main/webapp/WEB-INF/sql/upgrade012_013_postgres.sql
+++ b/src/main/webapp/WEB-INF/sql/upgrade012_013_postgres.sql
@@ -11,6 +11,17 @@ CREATE TABLE account_group_members_audit
 ,PRIMARY KEY (account_id, group_id, added_on)
 );
 
+ALTER TABLE account_groups ADD automatic_membership CHAR(1);
+UPDATE account_groups SET automatic_membership = 'N';
+ALTER TABLE account_groups ALTER COLUMN automatic_membership SET DEFAULT 'N';
+ALTER TABLE account_groups ALTER COLUMN automatic_membership SET NOT NULL;
+
+UPDATE account_groups SET automatic_membership = 'Y'
+WHERE group_id = (SELECT anonymous_group_id FROM system_config);
+
+UPDATE account_groups SET automatic_membership = 'Y'
+WHERE group_id = (SELECT registered_group_id FROM system_config);
+
 ALTER TABLE account_group_members_audit OWNER TO gerrit2;
 
 UPDATE schema_version SET version_nbr = 13;
author	Shawn O. Pearce <sop@google.com>	2009-06-08 11:52:24 -0700
committer	Shawn O. Pearce <sop@google.com>	2009-06-08 11:52:24 -0700
commit	828f3c71a5159ce53ba109e44849228eace63772 (patch)
tree	b9247d708cb7a380116b10679066f368abc96c14
parent	d8157ff48cc359172c0e4e7f2d86633fbb069eb4 (diff)