diff options
author | Edwin Kempin <edwin.kempin@sap.com> | 2011-01-24 11:00:42 +0100 |
---|---|---|
committer | Shawn O. Pearce <sop@google.com> | 2011-05-19 10:24:30 -0700 |
commit | 5ad271d039d4d09c7d094ef1f86e0ce5400a2c5c (patch) | |
tree | f4ecbe3c1dbcd47ffd520aef73cba8f85a632fee | |
parent | b1901c07979a54ae497b2579a44540c15ddd9b0a (diff) |
Fix calculation of project owners
When calculating the owners of a project the ref pattern to which the
OWN access rights are assigned are ignored and the inherited OWN
access rights are also not taken into account.
There are two use-cases for which the owners of a project must be
calculated:
1. e-mail notification for project owners about new changes:
This e-mail notification should only be sent to the local project
owners (the groups to which the OWN access right is assigned on this
project). In case there are no local owners for a project this e-mail
notification should be sent to the local owners of the nearest parent
project that has local owners.
2. resolving of the system group 'Project Owners':
The 'Project Owners' system group should be resolved to all groups
that are allowed to administrate the project. These are the local
owners plus the inherited owners.
For both use cases we have to filter the OWN access rights to only
those access rights that are assigned for the ref pattern 'refs/*'.
This change implements the logic described above.
Change-Id: Ib90014caf628db00250694f00741076db0492113
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectState.java | 42 | ||||
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java | 2 |
2 files changed, 39 insertions, 5 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectState.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectState.java index 68e80ee881..0b8e83a188 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectState.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectState.java @@ -46,7 +46,7 @@ public class ProjectState { private final Project project; private final Collection<RefRight> localRights; - private final Set<AccountGroup.Id> owners; + private final Set<AccountGroup.Id> localOwners; private volatile Collection<RefRight> inheritedRights; @@ -78,11 +78,12 @@ public class ProjectState { final HashSet<AccountGroup.Id> groups = new HashSet<AccountGroup.Id>(); for (final RefRight right : rights) { if (ApprovalCategory.OWN.equals(right.getApprovalCategoryId()) - && right.getMaxValue() > 0) { + && right.getMaxValue() > 0 + && right.getRefPattern().equals(RefRight.ALL)) { groups.add(right.getAccountGroupId()); } } - owners = Collections.unmodifiableSet(groups); + localOwners = Collections.unmodifiableSet(groups); } public Project getProject() { @@ -209,8 +210,41 @@ public class ProjectState { return project.getNameKey().equals(wildProject); } + /** + * @return all {@link AccountGroup}'s to which the owner privilege for + * 'refs/*' is assigned for this project (the local owners), if there + * are no local owners the local owners of the nearest parent project + * that has local owners are returned + */ public Set<AccountGroup.Id> getOwners() { - return owners; + if (!localOwners.isEmpty() || isSpecialWildProject() + || project.getParent() == null) { + return localOwners; + } + + final ProjectState parent = projectCache.get(project.getParent()); + if (parent != null) { + return parent.getOwners(); + } + + return Collections.emptySet(); + } + + /** + * @return all {@link AccountGroup}'s that are allowed to administrate the + * complete project. This includes all groups to which the owner + * privilege for 'refs/*' is assigned for this project (the local + * owners) and all groups to which the owner privilege for 'refs/*' is + * assigned for one of the parent projects (the inherited owners). + */ + public Set<AccountGroup.Id> getAllOwners() { + final HashSet<AccountGroup.Id> owners = new HashSet<AccountGroup.Id>(); + for (final RefRight right : getAllRights(ApprovalCategory.OWN, true)) { + if (right.getMaxValue() > 0 && right.getRefPattern().equals(RefRight.ALL)) { + owners.add(right.getAccountGroupId()); + } + } + return Collections.unmodifiableSet(owners); } public ProjectControl controlForAnonymousUser() { diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java index 4c9d0a4e8f..8ddf5850d0 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java @@ -539,7 +539,7 @@ public class RefControl { private Set<RefRight> resolveOwnerGroups(final RefRight refRight) { final Set<RefRight> resolvedRefRights = new HashSet<RefRight>(); if (refRight.getAccountGroupId().equals(systemConfig.ownerGroupId)) { - for (final AccountGroup.Id ownerGroup : getProjectState().getOwners()) { + for (final AccountGroup.Id ownerGroup : getProjectState().getAllOwners()) { if (!ownerGroup.equals(systemConfig.ownerGroupId)) { resolvedRefRights.add(new RefRight(refRight, ownerGroup)); } |