blob: 881a0687b289eb95183057d7d416f534627d0e74 [file] [log] [blame]
// Copyright (C) 2012 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.account;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.gerrit.entities.AccountGroup;
import com.google.gerrit.entities.InternalGroup;
import com.google.gerrit.server.CurrentUser;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
/**
* Determines membership in the internal group system for a given user.
*
* <p>Groups the user is directly a member of are pulled from the in-memory AccountCache by way of
* the IdentifiedUser. Transitive group memberhips are resolved on demand starting from the
* requested group and looking for a path to a group the user is a member of. Other group backends
* are supported by recursively invoking the universal GroupMembership.
*/
public class IncludingGroupMembership implements GroupMembership {
public interface Factory {
IncludingGroupMembership create(CurrentUser user);
}
private final GroupCache groupCache;
private final GroupIncludeCache includeCache;
private final CurrentUser user;
private final Map<AccountGroup.UUID, Boolean> memberOf;
private ImmutableSet<AccountGroup.UUID> knownGroups;
@Inject
IncludingGroupMembership(
GroupCache groupCache, GroupIncludeCache includeCache, @Assisted CurrentUser user) {
this.groupCache = groupCache;
this.includeCache = includeCache;
this.user = user;
memberOf = new ConcurrentHashMap<>();
}
@Override
public boolean contains(AccountGroup.UUID id) {
if (id == null) {
return false;
}
Boolean b = memberOf.get(id);
return b != null ? b : containsAnyOf(ImmutableSet.of(id));
}
@Override
public boolean containsAnyOf(Iterable<AccountGroup.UUID> queryIds) {
// Prefer lookup of a cached result over expanding includes.
boolean tryExpanding = false;
for (AccountGroup.UUID id : queryIds) {
Boolean b = memberOf.get(id);
if (b == null) {
tryExpanding = true;
} else if (b) {
return true;
}
}
if (tryExpanding) {
Set<AccountGroup.UUID> queryIdsSet = new HashSet<>();
queryIds.forEach(i -> queryIdsSet.add(i));
Map<AccountGroup.UUID, InternalGroup> groups = groupCache.get(queryIdsSet);
for (AccountGroup.UUID id : queryIds) {
if (memberOf.containsKey(id)) {
// Membership was earlier proven to be false.
continue;
}
memberOf.put(id, false);
InternalGroup group = groups.get(id);
if (group == null) {
continue;
}
if (user.isIdentifiedUser() && group.getMembers().contains(user.getAccountId())) {
memberOf.put(id, true);
return true;
}
if (search(group.getSubgroups())) {
memberOf.put(id, true);
return true;
}
}
}
return false;
}
@Override
public Set<AccountGroup.UUID> intersection(Iterable<AccountGroup.UUID> groupIds) {
Set<AccountGroup.UUID> r = new HashSet<>();
for (AccountGroup.UUID id : groupIds) {
if (contains(id)) {
r.add(id);
}
}
return r;
}
private boolean search(Iterable<AccountGroup.UUID> ids) {
return user.getEffectiveGroups().containsAnyOf(ids);
}
private ImmutableSet<AccountGroup.UUID> computeKnownGroups() {
GroupMembership membership = user.getEffectiveGroups();
Collection<AccountGroup.UUID> direct =
user.isIdentifiedUser()
? includeCache.getGroupsWithMember(user.getAccountId())
: ImmutableList.of();
direct.forEach(groupUuid -> memberOf.put(groupUuid, true));
Set<AccountGroup.UUID> r = Sets.newHashSet(direct);
r.remove(null);
Set<AccountGroup.UUID> q = Sets.newHashSet(r);
for (AccountGroup.UUID g : membership.intersection(includeCache.allExternalMembers())) {
if (g != null && r.add(g)) {
q.add(g);
}
}
while (!q.isEmpty()) {
Collection<AccountGroup.UUID> parents = includeCache.parentGroupsOf(q);
q.clear();
for (AccountGroup.UUID g : parents) {
if (r.add(g)) {
q.add(g);
memberOf.put(g, true);
}
}
}
return ImmutableSet.copyOf(r);
}
@Override
public Set<AccountGroup.UUID> getKnownGroups() {
if (knownGroups == null) {
knownGroups = computeKnownGroups();
}
return knownGroups;
}
}