diff options
author | Android Code Review <code-review@android.com> | 2009-10-06 08:19:35 -0700 |
---|---|---|
committer | Android Code Review <code-review@android.com> | 2009-10-06 08:19:35 -0700 |
commit | 481693d78bf04d15ed2fd211cfb2160cf71ec033 (patch) | |
tree | b0698540094ad2f0ab7258952b52315709506eb4 | |
parent | 93de7db467e42be01117d47bcb12839ad08eb272 (diff) | |
parent | f2a0ffd76e49450e8952797341f85dcdec1acb69 (diff) |
Merge change Ie16b8ca2
* changes:
Check if the user has permission to upload changes
5 files changed, 45 insertions, 2 deletions
diff --git a/src/main/java/com/google/gerrit/client/reviewdb/ReviewDb.java b/src/main/java/com/google/gerrit/client/reviewdb/ReviewDb.java index e8fd2f375c..d06e3a85bf 100644 --- a/src/main/java/com/google/gerrit/client/reviewdb/ReviewDb.java +++ b/src/main/java/com/google/gerrit/client/reviewdb/ReviewDb.java @@ -31,7 +31,7 @@ import com.google.gwtorm.client.Sequence; * </ul> */ public interface ReviewDb extends Schema { - public static final int VERSION = 18; + public static final int VERSION = 19; @Relation SchemaVersionAccess schemaVersion(); diff --git a/src/main/java/com/google/gerrit/server/config/SystemConfigProvider.java b/src/main/java/com/google/gerrit/server/config/SystemConfigProvider.java index aabc23d47a..7f438fe4ec 100644 --- a/src/main/java/com/google/gerrit/server/config/SystemConfigProvider.java +++ b/src/main/java/com/google/gerrit/server/config/SystemConfigProvider.java @@ -245,6 +245,7 @@ class SystemConfigProvider implements Provider<SystemConfig> { cat.setPosition((short) -1); cat.setFunctionName(NoOpFunction.NAME); vals = new ArrayList<ApprovalCategoryValue>(); + vals.add(value(cat, 2, "Upload permission")); vals.add(value(cat, 1, "Read access")); vals.add(value(cat, -1, "No access")); c.approvalCategories().insert(Collections.singleton(cat), txn); @@ -254,7 +255,7 @@ class SystemConfigProvider implements Provider<SystemConfig> { final ProjectRight read = new ProjectRight(new ProjectRight.Key(DEFAULT_WILD_NAME, cat.getId(), sConfig.anonymousGroupId)); - read.setMaxValue((short) 1); + read.setMaxValue((short) 2); read.setMinValue((short) 1); c.projectRights().insert(Collections.singleton(read)); } diff --git a/src/main/java/com/google/gerrit/server/ssh/commands/Receive.java b/src/main/java/com/google/gerrit/server/ssh/commands/Receive.java index 196e3636ea..db6b74157f 100644 --- a/src/main/java/com/google/gerrit/server/ssh/commands/Receive.java +++ b/src/main/java/com/google/gerrit/server/ssh/commands/Receive.java @@ -178,8 +178,18 @@ final class Receive extends AbstractGitCommand { private Map<ObjectId, Ref> refsById; + protected boolean canUpload() { + return canPerform(ApprovalCategory.READ, (short) 2); + } + @Override protected void runImpl() throws IOException, Failure { + if (!canUpload()) { + final String reqName = project.getName(); + throw new Failure(1, "fatal: Upload denied for project '" + reqName + "'", + new SecurityException("Account lacks Upload permission")); + } + if (project.isUseContributorAgreements()) { verifyActiveContributorAgreement(); } diff --git a/src/main/webapp/WEB-INF/sql/upgrade018_019_mysql.sql b/src/main/webapp/WEB-INF/sql/upgrade018_019_mysql.sql new file mode 100644 index 0000000000..63e4fe305c --- /dev/null +++ b/src/main/webapp/WEB-INF/sql/upgrade018_019_mysql.sql @@ -0,0 +1,13 @@ +-- Upgrade: schema_version 18 to 19 (MySQL) +-- + +-- Per-project upload permission +INSERT INTO approval_category_values +(name, category_id, value) +VALUES +('Upload permission', 'READ', 2); + +UPDATE project_rights SET max_value = 2 +WHERE category_id = 'READ' AND max_value = 1; + +UPDATE schema_version SET version_nbr = 19; diff --git a/src/main/webapp/WEB-INF/sql/upgrade018_019_postgres.sql b/src/main/webapp/WEB-INF/sql/upgrade018_019_postgres.sql new file mode 100644 index 0000000000..e436b1eab4 --- /dev/null +++ b/src/main/webapp/WEB-INF/sql/upgrade018_019_postgres.sql @@ -0,0 +1,19 @@ +-- Upgrade: schema_version 18 to 19 (PostgreSQL) +-- + +BEGIN; + +SELECT check_schema_version(18); + +-- Per-project upload permission +INSERT INTO approval_category_values +(name, category_id, value) +VALUES +('Upload permission', 'READ', 2); + +UPDATE project_rights SET max_value = 2 +WHERE category_id = 'READ' AND max_value = 1; + +UPDATE schema_version SET version_nbr = 19; + +COMMIT; |