blob: 5a9b9e595d4742f3baec35ff8d4c659e0c98fed5 [file] [log] [blame]
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.group;
import static java.util.Objects.requireNonNull;
import static java.util.stream.Collectors.toSet;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.gerrit.entities.AccountGroup;
import com.google.gerrit.entities.GroupDescription;
import com.google.gerrit.entities.GroupReference;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.ExternalUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.StartupCheck;
import com.google.gerrit.server.StartupException;
import com.google.gerrit.server.account.AbstractGroupBackend;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.account.ListGroupMembership;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.group.db.Groups;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.NavigableMap;
import java.util.Optional;
import java.util.Set;
import java.util.TreeMap;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.Config;
@Singleton
public class SystemGroupBackend extends AbstractGroupBackend {
public static final String SYSTEM_GROUP_SCHEME = "global:";
/** Common UUID assigned to the "Anonymous Users" group. */
public static final AccountGroup.UUID ANONYMOUS_USERS =
AccountGroup.uuid(SYSTEM_GROUP_SCHEME + "Anonymous-Users");
/** Common UUID assigned to the "Registered Users" group. */
public static final AccountGroup.UUID REGISTERED_USERS =
AccountGroup.uuid(SYSTEM_GROUP_SCHEME + "Registered-Users");
/** Common UUID assigned to the "Project Owners" placeholder group. */
public static final AccountGroup.UUID PROJECT_OWNERS =
AccountGroup.uuid(SYSTEM_GROUP_SCHEME + "Project-Owners");
/** Common UUID assigned to the "Change Owner" placeholder group. */
public static final AccountGroup.UUID CHANGE_OWNER =
AccountGroup.uuid(SYSTEM_GROUP_SCHEME + "Change-Owner");
private static final AccountGroup.UUID[] all = {
ANONYMOUS_USERS, REGISTERED_USERS, PROJECT_OWNERS, CHANGE_OWNER,
};
public static boolean isSystemGroup(AccountGroup.UUID uuid) {
return uuid.get().startsWith(SYSTEM_GROUP_SCHEME);
}
public static boolean isAnonymousOrRegistered(GroupReference ref) {
return isAnonymousOrRegistered(ref.getUUID());
}
public static boolean isAnonymousOrRegistered(AccountGroup.UUID uuid) {
return ANONYMOUS_USERS.equals(uuid) || REGISTERED_USERS.equals(uuid);
}
private final ImmutableSet<String> reservedNames;
private final NavigableMap<String, GroupReference> namesToGroups;
private final ImmutableSet<String> names;
private final ImmutableMap<AccountGroup.UUID, GroupReference> uuids;
private final ImmutableSet<AccountGroup.UUID> externalUserMemberships;
@Inject
@VisibleForTesting
public SystemGroupBackend(@GerritServerConfig Config cfg) {
NavigableMap<String, GroupReference> n = new TreeMap<>();
ImmutableMap.Builder<AccountGroup.UUID, GroupReference> u = ImmutableMap.builder();
ImmutableSet.Builder<String> reservedNamesBuilder = ImmutableSet.builder();
for (AccountGroup.UUID uuid : all) {
int c = uuid.get().indexOf(':');
String defaultName = uuid.get().substring(c + 1).replace('-', ' ');
reservedNamesBuilder.add(defaultName);
String configuredName = cfg.getString("groups", uuid.get(), "name");
GroupReference ref =
GroupReference.create(uuid, MoreObjects.firstNonNull(configuredName, defaultName));
n.put(ref.getName().toLowerCase(Locale.US), ref);
u.put(ref.getUUID(), ref);
}
reservedNames = reservedNamesBuilder.build();
namesToGroups = Collections.unmodifiableNavigableMap(n);
names =
ImmutableSet.copyOf(
namesToGroups.values().stream().map(GroupReference::getName).collect(toSet()));
uuids = u.build();
externalUserMemberships =
cfg.getBoolean("groups", null, "includeExternalUsersInRegisteredUsersGroup", true)
? ImmutableSet.of(ANONYMOUS_USERS, REGISTERED_USERS)
: ImmutableSet.of(ANONYMOUS_USERS);
}
public GroupReference getGroup(AccountGroup.UUID uuid) {
return requireNonNull(uuids.get(uuid), () -> String.format("group %s not found", uuid.get()));
}
public Set<String> getNames() {
return names;
}
public Set<String> getReservedNames() {
return reservedNames;
}
@Override
public boolean handles(AccountGroup.UUID uuid) {
return isSystemGroup(uuid);
}
@Override
public GroupDescription.Basic get(AccountGroup.UUID uuid) {
final GroupReference ref = uuids.get(uuid);
if (ref == null) {
return null;
}
return new GroupDescription.Basic() {
@Override
public String getName() {
return ref.getName();
}
@Override
public AccountGroup.UUID getGroupUUID() {
return ref.getUUID();
}
@Override
public String getUrl() {
return null;
}
@Override
public String getEmailAddress() {
return null;
}
};
}
@Override
public Collection<GroupReference> suggest(String name, ProjectState project) {
String nameLC = name.toLowerCase(Locale.US);
NavigableMap<String, GroupReference> matches =
namesToGroups.tailMap(nameLC, /* inclusive= */ true);
if (matches.isEmpty()) {
return new ArrayList<>();
}
List<GroupReference> r = new ArrayList<>(matches.size());
for (Map.Entry<String, GroupReference> e : matches.entrySet()) {
if (e.getKey().startsWith(nameLC)) {
r.add(e.getValue());
} else {
break;
}
}
return r;
}
@Override
public GroupMembership membershipsOf(CurrentUser user) {
if (user instanceof ExternalUser) {
return new ListGroupMembership(externalUserMemberships);
}
if (user instanceof IdentifiedUser) {
return new ListGroupMembership(ImmutableSet.of(ANONYMOUS_USERS, REGISTERED_USERS));
}
return new ListGroupMembership(ImmutableSet.of(ANONYMOUS_USERS));
}
public static class NameCheck implements StartupCheck {
private final Config cfg;
private final Groups groups;
@Inject
NameCheck(@GerritServerConfig Config cfg, Groups groups) {
this.cfg = cfg;
this.groups = groups;
}
@Override
public void check() throws StartupException {
Map<AccountGroup.UUID, String> configuredNames = new HashMap<>();
Map<String, AccountGroup.UUID> byLowerCaseConfiguredName = new HashMap<>();
for (AccountGroup.UUID uuid : all) {
String configuredName = cfg.getString("groups", uuid.get(), "name");
if (configuredName != null) {
configuredNames.put(uuid, configuredName);
byLowerCaseConfiguredName.put(configuredName.toLowerCase(Locale.US), uuid);
}
}
if (configuredNames.isEmpty()) {
return;
}
Optional<GroupReference> conflictingGroup;
try {
conflictingGroup =
groups
.getAllGroupReferences()
.filter(group -> hasConfiguredName(byLowerCaseConfiguredName, group))
.findAny();
} catch (IOException | ConfigInvalidException ignored) {
return;
}
if (conflictingGroup.isPresent()) {
GroupReference group = conflictingGroup.get();
String groupName = group.getName();
AccountGroup.UUID systemGroupUuid = byLowerCaseConfiguredName.get(groupName);
throw new StartupException(
getAmbiguousNameMessage(groupName, group.getUUID(), systemGroupUuid));
}
}
private static boolean hasConfiguredName(
Map<String, AccountGroup.UUID> byLowerCaseConfiguredName, GroupReference group) {
String name = group.getName().toLowerCase(Locale.US);
return byLowerCaseConfiguredName.keySet().contains(name);
}
private static String getAmbiguousNameMessage(
String groupName, AccountGroup.UUID groupUuid, AccountGroup.UUID systemGroupUuid) {
return String.format(
"The configured name '%s' for system group '%s' is ambiguous"
+ " with the name '%s' of existing group '%s'."
+ " Please remove/change the value for groups.%s.name in"
+ " gerrit.config.",
groupName, systemGroupUuid.get(), groupName, groupUuid.get(), systemGroupUuid.get());
}
}
}