summaryrefslogtreecommitdiffstats
path: root/gerrit-server/src/main/java/com/google/gerrit/server/project/ContributorAgreementsChecker.java
diff options
context:
space:
mode:
Diffstat (limited to 'gerrit-server/src/main/java/com/google/gerrit/server/project/ContributorAgreementsChecker.java')
-rw-r--r--gerrit-server/src/main/java/com/google/gerrit/server/project/ContributorAgreementsChecker.java108
1 files changed, 108 insertions, 0 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/ContributorAgreementsChecker.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/ContributorAgreementsChecker.java
new file mode 100644
index 0000000000..0033b12fe7
--- /dev/null
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ContributorAgreementsChecker.java
@@ -0,0 +1,108 @@
+// Copyright (C) 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.server.project;
+
+import com.google.gerrit.common.Nullable;
+import com.google.gerrit.common.PageLinks;
+import com.google.gerrit.common.data.ContributorAgreement;
+import com.google.gerrit.common.data.PermissionRule;
+import com.google.gerrit.common.data.PermissionRule.Action;
+import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.reviewdb.client.AccountGroup;
+import com.google.gerrit.reviewdb.client.AccountGroup.UUID;
+import com.google.gerrit.reviewdb.client.Project;
+import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.IdentifiedUser;
+import com.google.gerrit.server.config.CanonicalWebUrl;
+import com.google.gerrit.server.project.ProjectControl.Metrics;
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+@Singleton
+public class ContributorAgreementsChecker {
+
+ private final String canonicalWebUrl;
+ private final ProjectCache projectCache;
+ private final Metrics metrics;
+
+ @Inject
+ ContributorAgreementsChecker(
+ @CanonicalWebUrl @Nullable String canonicalWebUrl,
+ ProjectCache projectCache,
+ Metrics metrics) {
+ this.canonicalWebUrl = canonicalWebUrl;
+ this.projectCache = projectCache;
+ this.metrics = metrics;
+ }
+
+ /**
+ * Checks if the user has signed a contributor agreement for the project.
+ *
+ * @throws AuthException if the user has not signed a contributor agreement for the project
+ * @throws IOException if project states could not be loaded
+ */
+ public void check(Project.NameKey project, CurrentUser user) throws IOException, AuthException {
+ metrics.claCheckCount.increment();
+
+ ProjectState projectState = projectCache.checkedGet(project);
+ if (projectState == null) {
+ throw new IOException("Can't load All-Projects");
+ }
+
+ if (!projectState.isUseContributorAgreements()) {
+ return;
+ }
+
+ if (!user.isIdentifiedUser()) {
+ throw new AuthException("Must be logged in to verify Contributor Agreement");
+ }
+
+ IdentifiedUser iUser = user.asIdentifiedUser();
+ Collection<ContributorAgreement> contributorAgreements =
+ projectCache.getAllProjects().getConfig().getContributorAgreements();
+ List<UUID> okGroupIds = new ArrayList<>();
+ for (ContributorAgreement ca : contributorAgreements) {
+ List<AccountGroup.UUID> groupIds;
+ groupIds = okGroupIds;
+
+ for (PermissionRule rule : ca.getAccepted()) {
+ if ((rule.getAction() == Action.ALLOW)
+ && (rule.getGroup() != null)
+ && (rule.getGroup().getUUID() != null)) {
+ groupIds.add(new AccountGroup.UUID(rule.getGroup().getUUID().get()));
+ }
+ }
+ }
+
+ if (!iUser.getEffectiveGroups().containsAnyOf(okGroupIds)) {
+ final StringBuilder msg = new StringBuilder();
+ msg.append("A Contributor Agreement must be completed before uploading");
+ if (canonicalWebUrl != null) {
+ msg.append(":\n\n ");
+ msg.append(canonicalWebUrl);
+ msg.append("#");
+ msg.append(PageLinks.SETTINGS_AGREEMENTS);
+ msg.append("\n");
+ } else {
+ msg.append(".");
+ }
+ throw new AuthException(msg.toString());
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-15 04:18:51 +0000