diff options
author | David Pursehouse <dpursehouse@collab.net> | 2018-12-19 17:45:37 +0900 |
---|---|---|
committer | David Pursehouse <dpursehouse@collab.net> | 2018-12-19 17:45:37 +0900 |
commit | 292c2ba5391a444a82945ec870f6cb2c55bf1942 (patch) | |
tree | 2687adfb754a4320e95624d90411f37e82f4ecae | |
parent | e6bef21369792eafc82175b1dd10eef9a4ddb851 (diff) | |
parent | 2d220feb02f14d312b6791c88f7a0ef353a36d85 (diff) |
Merge branch 'stable-2.15' into stable-2.16
* stable-2.15:
Add new maintainer Han-Wen Nienhuys as developer in pom.xml files
Set version to 2.14.18-SNAPSHOT
ldap: allow to disable the groups relevance filtering
Change-Id: I32e63792fe13436575167074139ae304915d2aec
-rw-r--r-- | Documentation/config-gerrit.txt | 13 | ||||
-rw-r--r-- | java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java | 9 | ||||
-rw-r--r-- | java/com/google/gerrit/server/auth/ldap/LdapGroupMembership.java | 10 | ||||
-rw-r--r-- | tools/maven/gerrit-acceptance-framework_pom.xml | 3 | ||||
-rw-r--r-- | tools/maven/gerrit-extension-api_pom.xml | 3 | ||||
-rw-r--r-- | tools/maven/gerrit-plugin-api_pom.xml | 3 | ||||
-rw-r--r-- | tools/maven/gerrit-plugin-gwtui_pom.xml | 3 | ||||
-rw-r--r-- | tools/maven/gerrit-war_pom.xml | 3 |
8 files changed, 43 insertions, 4 deletions
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index df9c07d9f3..a3ff1ae7ae 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -3093,6 +3093,19 @@ Directory and link:https://www.freeipa.org[FreeIPA]. groupMemberPattern = (&(objectClass=group)(member=${dn})) ---- +[[ldap.guessRelevantGroups]]ldap.guessRelevantGroups:: ++ +Filter the groups found in LDAP by guessing the ones relevant to +Gerrit and removing the others from list completions and ACL evaluations. +The guess is based on two elements: the projects most recently +accessed in the cache and the list of LDAP groups included in their ACLs. ++ +Please note that projects rarely used and thus not cached may be +temporarily inaccessible by users even with LDAP membership and grants +referenced in the ACLs. ++ +By default, true. + [[ldap.server]]ldap.server:: + URL of the organization's LDAP server to query for user information diff --git a/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java b/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java index c338cd30bc..87a4abfacb 100644 --- a/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java +++ b/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java @@ -34,6 +34,7 @@ import com.google.gerrit.server.account.GroupBackend; import com.google.gerrit.server.account.GroupMembership; import com.google.gerrit.server.account.externalids.ExternalId; import com.google.gerrit.server.auth.ldap.Helper.LdapSchema; +import com.google.gerrit.server.config.GerritServerConfig; import com.google.gerrit.server.project.ProjectCache; import com.google.gerrit.server.project.ProjectState; import com.google.inject.Inject; @@ -52,6 +53,7 @@ import javax.naming.directory.DirContext; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; import javax.security.auth.login.LoginException; +import org.eclipse.jgit.lib.Config; /** Implementation of GroupBackend for the LDAP group system. */ public class LdapGroupBackend implements GroupBackend { @@ -65,6 +67,7 @@ public class LdapGroupBackend implements GroupBackend { private final LoadingCache<String, Boolean> existsCache; private final ProjectCache projectCache; private final Provider<CurrentUser> userProvider; + private final Config gerritConfig; @Inject LdapGroupBackend( @@ -72,12 +75,14 @@ public class LdapGroupBackend implements GroupBackend { @Named(GROUP_CACHE) LoadingCache<String, Set<AccountGroup.UUID>> membershipCache, @Named(GROUP_EXIST_CACHE) LoadingCache<String, Boolean> existsCache, ProjectCache projectCache, - Provider<CurrentUser> userProvider) { + Provider<CurrentUser> userProvider, + @GerritServerConfig Config gerritConfig) { this.helper = helper; this.membershipCache = membershipCache; this.projectCache = projectCache; this.existsCache = existsCache; this.userProvider = userProvider; + this.gerritConfig = gerritConfig; } private boolean isLdapUUID(AccountGroup.UUID uuid) { @@ -178,7 +183,7 @@ public class LdapGroupBackend implements GroupBackend { if (id == null) { return GroupMembership.EMPTY; } - return new LdapGroupMembership(membershipCache, projectCache, id); + return new LdapGroupMembership(membershipCache, projectCache, id, gerritConfig); } private static String findId(Collection<ExternalId> extIds) { diff --git a/java/com/google/gerrit/server/auth/ldap/LdapGroupMembership.java b/java/com/google/gerrit/server/auth/ldap/LdapGroupMembership.java index 7f0bd7b9e3..f5406c25d3 100644 --- a/java/com/google/gerrit/server/auth/ldap/LdapGroupMembership.java +++ b/java/com/google/gerrit/server/auth/ldap/LdapGroupMembership.java @@ -22,20 +22,24 @@ import com.google.gerrit.server.project.ProjectCache; import java.util.HashSet; import java.util.Set; import java.util.concurrent.ExecutionException; +import org.eclipse.jgit.lib.Config; class LdapGroupMembership implements GroupMembership { private final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache; private final ProjectCache projectCache; private final String id; + private final boolean guessRelevantGroups; private GroupMembership membership; LdapGroupMembership( LoadingCache<String, Set<AccountGroup.UUID>> membershipCache, ProjectCache projectCache, - String id) { + String id, + Config gerritConfig) { this.membershipCache = membershipCache; this.projectCache = projectCache; this.id = id; + this.guessRelevantGroups = gerritConfig.getBoolean("ldap", "guessRelevantGroups", true); } @Override @@ -56,7 +60,9 @@ class LdapGroupMembership implements GroupMembership { @Override public Set<AccountGroup.UUID> getKnownGroups() { Set<AccountGroup.UUID> g = new HashSet<>(get().getKnownGroups()); - g.retainAll(projectCache.guessRelevantGroupUUIDs()); + if (guessRelevantGroups) { + g.retainAll(projectCache.guessRelevantGroupUUIDs()); + } return g; } diff --git a/tools/maven/gerrit-acceptance-framework_pom.xml b/tools/maven/gerrit-acceptance-framework_pom.xml index f9e22f4595..ec5b6041bd 100644 --- a/tools/maven/gerrit-acceptance-framework_pom.xml +++ b/tools/maven/gerrit-acceptance-framework_pom.xml @@ -44,6 +44,9 @@ <name>Edwin Kempin</name> </developer> <developer> + <name>Han-Wen Nienhuys</name> + </developer> + <developer> <name>Hugo Arès</name> </developer> <developer> diff --git a/tools/maven/gerrit-extension-api_pom.xml b/tools/maven/gerrit-extension-api_pom.xml index 04f8bb3ffe..6f3058f238 100644 --- a/tools/maven/gerrit-extension-api_pom.xml +++ b/tools/maven/gerrit-extension-api_pom.xml @@ -44,6 +44,9 @@ <name>Edwin Kempin</name> </developer> <developer> + <name>Han-Wen Nienhuys</name> + </developer> + <developer> <name>Hugo Arès</name> </developer> <developer> diff --git a/tools/maven/gerrit-plugin-api_pom.xml b/tools/maven/gerrit-plugin-api_pom.xml index 4bb20dc19b..ef5ee8f56b 100644 --- a/tools/maven/gerrit-plugin-api_pom.xml +++ b/tools/maven/gerrit-plugin-api_pom.xml @@ -44,6 +44,9 @@ <name>Edwin Kempin</name> </developer> <developer> + <name>Han-Wen Nienhuys</name> + </developer> + <developer> <name>Hugo Arès</name> </developer> <developer> diff --git a/tools/maven/gerrit-plugin-gwtui_pom.xml b/tools/maven/gerrit-plugin-gwtui_pom.xml index 1008b74020..7bad711c5c 100644 --- a/tools/maven/gerrit-plugin-gwtui_pom.xml +++ b/tools/maven/gerrit-plugin-gwtui_pom.xml @@ -44,6 +44,9 @@ <name>Edwin Kempin</name> </developer> <developer> + <name>Han-Wen Nienhuys</name> + </developer> + <developer> <name>Hugo Arès</name> </developer> <developer> diff --git a/tools/maven/gerrit-war_pom.xml b/tools/maven/gerrit-war_pom.xml index f90d3acfb5..4eecff5ab6 100644 --- a/tools/maven/gerrit-war_pom.xml +++ b/tools/maven/gerrit-war_pom.xml @@ -44,6 +44,9 @@ <name>Edwin Kempin</name> </developer> <developer> + <name>Han-Wen Nienhuys</name> + </developer> + <developer> <name>Hugo Arès</name> </developer> <developer> |