blob: 3ed82a10aeca66e9f4f0d202d6c3a6d555e11777 [file] [log] [blame]
// Copyright (C) 2011 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.account;
import static com.google.common.collect.ImmutableSet.toImmutableSet;
import static com.google.gerrit.server.project.ProjectCache.noSuchProject;
import com.google.common.collect.Sets;
import com.google.common.collect.Streams;
import com.google.gerrit.common.Nullable;
import com.google.gerrit.entities.Account;
import com.google.gerrit.entities.AccountGroup;
import com.google.gerrit.entities.InternalGroup;
import com.google.gerrit.entities.Project;
import com.google.gerrit.server.group.InternalGroupDescription;
import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.NoSuchProjectException;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectState;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
@Singleton
public class GroupMembers {
private final GroupCache groupCache;
private final GroupControl.Factory groupControlFactory;
private final AccountCache accountCache;
private final ProjectCache projectCache;
@Inject
GroupMembers(
GroupCache groupCache,
GroupControl.Factory groupControlFactory,
AccountCache accountCache,
ProjectCache projectCache) {
this.groupCache = groupCache;
this.groupControlFactory = groupControlFactory;
this.accountCache = accountCache;
this.projectCache = projectCache;
}
/**
* Recursively enumerate the members of the given group. Should not be used with the
* PROJECT_OWNERS magical group.
*
* <p>Group members for which an account doesn't exist are filtered out.
*/
public Set<Account> listAccounts(AccountGroup.UUID groupUUID) throws IOException {
if (SystemGroupBackend.PROJECT_OWNERS.equals(groupUUID)) {
throw new IllegalStateException("listAccounts called with PROJECT_OWNERS argument");
}
try {
return listAccounts(groupUUID, null, new HashSet<>());
} catch (NoSuchProjectException e) {
throw new IllegalStateException(e);
}
}
/**
* Recursively enumerate the members of the given group. The project should be specified so the
* PROJECT_OWNERS magical group can be expanded.
*
* <p>Group members for which an account doesn't exist are filtered out.
*/
public Set<Account> listAccounts(AccountGroup.UUID groupUUID, Project.NameKey project)
throws NoSuchProjectException, IOException {
return listAccounts(groupUUID, project, new HashSet<>());
}
private Set<Account> listAccounts(
final AccountGroup.UUID groupUUID,
@Nullable final Project.NameKey project,
final Set<AccountGroup.UUID> seen)
throws NoSuchProjectException, IOException {
if (SystemGroupBackend.PROJECT_OWNERS.equals(groupUUID)) {
return getProjectOwners(project, seen);
}
Optional<InternalGroup> group = groupCache.get(groupUUID);
if (group.isPresent()) {
return getGroupMembers(group.get(), project, seen);
}
return Collections.emptySet();
}
private Set<Account> getProjectOwners(final Project.NameKey project, Set<AccountGroup.UUID> seen)
throws NoSuchProjectException, IOException {
seen.add(SystemGroupBackend.PROJECT_OWNERS);
if (project == null) {
return Collections.emptySet();
}
ProjectState projectState = projectCache.get(project).orElseThrow(noSuchProject(project));
final HashSet<Account> projectOwners = new HashSet<>();
for (AccountGroup.UUID ownerGroup : projectState.getAllOwners()) {
if (!seen.contains(ownerGroup)) {
projectOwners.addAll(listAccounts(ownerGroup, project, seen));
}
}
return projectOwners;
}
private Set<Account> getGroupMembers(
InternalGroup group, @Nullable Project.NameKey project, Set<AccountGroup.UUID> seen)
throws NoSuchProjectException, IOException {
seen.add(group.getGroupUUID());
GroupControl groupControl = groupControlFactory.controlFor(new InternalGroupDescription(group));
Set<Account> directMembers =
group.getMembers().stream()
.filter(groupControl::canSeeMember)
.map(accountCache::get)
.flatMap(Streams::stream)
.map(AccountState::account)
.collect(toImmutableSet());
Set<Account> indirectMembers = new HashSet<>();
if (groupControl.canSeeGroup()) {
for (AccountGroup.UUID subgroupUuid : group.getSubgroups()) {
if (!seen.contains(subgroupUuid)) {
indirectMembers.addAll(listAccounts(subgroupUuid, project, seen));
}
}
}
return Sets.union(directMembers, indirectMembers);
}
}