blob: 1f2f1510e2a5cd2a7930e2736faf3c941b7ff3a1 [file] [log] [blame]
// Copyright (C) 2010 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.entities;
import static com.google.common.collect.ImmutableList.toImmutableList;
import com.google.auto.value.AutoValue;
import com.google.common.collect.ImmutableList;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import com.google.gerrit.common.Nullable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.function.Consumer;
/** A single permission within an {@link AccessSection} of a project. */
@AutoValue
public abstract class Permission implements Comparable<Permission> {
public static final String ABANDON = "abandon";
public static final String ADD_PATCH_SET = "addPatchSet";
public static final String CREATE = "create";
public static final String CREATE_SIGNED_TAG = "createSignedTag";
public static final String CREATE_TAG = "createTag";
public static final String DELETE = "delete";
public static final String DELETE_CHANGES = "deleteChanges";
public static final String DELETE_OWN_CHANGES = "deleteOwnChanges";
public static final String EDIT_CUSTOM_KEYED_VALUES = "editCustomKeyedValues";
public static final String EDIT_HASHTAGS = "editHashtags";
public static final String EDIT_TOPIC_NAME = "editTopicName";
public static final String FORGE_AUTHOR = "forgeAuthor";
public static final String FORGE_COMMITTER = "forgeCommitter";
public static final String FORGE_SERVER = "forgeServerAsCommitter";
public static final String LABEL = "label-";
public static final String LABEL_AS = "labelAs-";
public static final String REMOVE_LABEL = "removeLabel-";
public static final String OWNER = "owner";
public static final String PUSH = "push";
public static final String PUSH_MERGE = "pushMerge";
public static final String READ = "read";
public static final String REBASE = "rebase";
public static final String REMOVE_REVIEWER = "removeReviewer";
public static final String REVERT = "revert";
public static final String SUBMIT = "submit";
public static final String SUBMIT_AS = "submitAs";
public static final String TOGGLE_WORK_IN_PROGRESS_STATE = "toggleWipState";
public static final String VIEW_PRIVATE_CHANGES = "viewPrivateChanges";
public static final boolean DEF_EXCLUSIVE_GROUP = false;
private static final List<String> NAMES_LC;
private static final int LABEL_INDEX;
private static final int LABEL_AS_INDEX;
private static final int REMOVE_LABEL_INDEX;
static {
NAMES_LC = new ArrayList<>();
NAMES_LC.add(ABANDON.toLowerCase(Locale.US));
NAMES_LC.add(ADD_PATCH_SET.toLowerCase(Locale.US));
NAMES_LC.add(CREATE.toLowerCase(Locale.US));
NAMES_LC.add(CREATE_SIGNED_TAG.toLowerCase(Locale.US));
NAMES_LC.add(CREATE_TAG.toLowerCase(Locale.US));
NAMES_LC.add(DELETE.toLowerCase(Locale.US));
NAMES_LC.add(DELETE_CHANGES.toLowerCase(Locale.US));
NAMES_LC.add(DELETE_OWN_CHANGES.toLowerCase(Locale.US));
NAMES_LC.add(EDIT_CUSTOM_KEYED_VALUES.toLowerCase(Locale.US));
NAMES_LC.add(EDIT_HASHTAGS.toLowerCase(Locale.US));
NAMES_LC.add(EDIT_TOPIC_NAME.toLowerCase(Locale.US));
NAMES_LC.add(FORGE_AUTHOR.toLowerCase(Locale.US));
NAMES_LC.add(FORGE_COMMITTER.toLowerCase(Locale.US));
NAMES_LC.add(FORGE_SERVER.toLowerCase(Locale.US));
NAMES_LC.add(LABEL.toLowerCase(Locale.US));
NAMES_LC.add(LABEL_AS.toLowerCase(Locale.US));
NAMES_LC.add(REMOVE_LABEL.toLowerCase(Locale.US));
NAMES_LC.add(OWNER.toLowerCase(Locale.US));
NAMES_LC.add(PUSH.toLowerCase(Locale.US));
NAMES_LC.add(PUSH_MERGE.toLowerCase(Locale.US));
NAMES_LC.add(READ.toLowerCase(Locale.US));
NAMES_LC.add(REBASE.toLowerCase(Locale.US));
NAMES_LC.add(REMOVE_REVIEWER.toLowerCase(Locale.US));
NAMES_LC.add(REVERT.toLowerCase(Locale.US));
NAMES_LC.add(SUBMIT.toLowerCase(Locale.US));
NAMES_LC.add(SUBMIT_AS.toLowerCase(Locale.US));
NAMES_LC.add(TOGGLE_WORK_IN_PROGRESS_STATE.toLowerCase(Locale.US));
NAMES_LC.add(VIEW_PRIVATE_CHANGES.toLowerCase(Locale.US));
LABEL_INDEX = NAMES_LC.indexOf(Permission.LABEL);
LABEL_AS_INDEX = NAMES_LC.indexOf(Permission.LABEL_AS.toLowerCase(Locale.US));
REMOVE_LABEL_INDEX = NAMES_LC.indexOf(Permission.REMOVE_LABEL.toLowerCase(Locale.US));
}
/** Returns true if the name is recognized as a permission name. */
public static boolean isPermission(String varName) {
return isLabel(varName)
|| isLabelAs(varName)
|| isRemoveLabel(varName)
|| NAMES_LC.contains(varName.toLowerCase(Locale.US));
}
public static boolean hasRange(String varName) {
return isLabel(varName) || isLabelAs(varName) || isRemoveLabel(varName);
}
/** Returns true if the permission name is actually for a review label. */
public static boolean isLabel(String varName) {
return varName.startsWith(LABEL) && LABEL.length() < varName.length();
}
/** Returns true if the permission is for impersonated review labels. */
public static boolean isLabelAs(String var) {
return var.startsWith(LABEL_AS) && LABEL_AS.length() < var.length();
}
/** Returns true if the permission is for impersonated review labels. */
public static boolean isRemoveLabel(String var) {
return var.startsWith(REMOVE_LABEL) && REMOVE_LABEL.length() < var.length();
}
/** Returns permission name for the given review label. */
public static String forLabel(String labelName) {
return LABEL + labelName;
}
/** Returns permission name to apply a label for another user. */
public static String forLabelAs(String labelName) {
return LABEL_AS + labelName;
}
/** Returns permission name to remove a label for another user. */
public static String forRemoveLabel(String labelName) {
return REMOVE_LABEL + labelName;
}
@Nullable
public static String extractLabel(String varName) {
if (isLabel(varName)) {
return varName.substring(LABEL.length());
} else if (isLabelAs(varName)) {
return varName.substring(LABEL_AS.length());
} else if (isRemoveLabel(varName)) {
return varName.substring(REMOVE_LABEL.length());
}
return null;
}
public static boolean canBeOnAllProjects(String ref, String permissionName) {
if (AccessSection.ALL.equals(ref)) {
return !OWNER.equals(permissionName);
}
return true;
}
/** The permission name, eg. {@code Permission.SUBMIT} */
public abstract String getName();
protected abstract boolean isExclusiveGroup();
public abstract ImmutableList<PermissionRule> getRules();
public static Builder builder(String name) {
return new AutoValue_Permission.Builder()
.setName(name)
.setExclusiveGroup(DEF_EXCLUSIVE_GROUP)
.setRules(ImmutableList.of());
}
public static Permission create(String name) {
return builder(name).build();
}
public String getLabel() {
return extractLabel(getName());
}
public boolean getExclusiveGroup() {
// Only permit exclusive group behavior on non OWNER permissions,
// otherwise an owner might lose access to a delegated subspace.
//
return isExclusiveGroup() && !OWNER.equals(getName());
}
@Nullable
public PermissionRule getRule(GroupReference group) {
for (PermissionRule r : getRules()) {
if (sameGroup(r, group)) {
return r;
}
}
return null;
}
private static boolean sameGroup(PermissionRule rule, GroupReference group) {
if (group.getUUID() != null && rule.getGroup().getUUID() != null) {
return group.getUUID().equals(rule.getGroup().getUUID());
} else if (group.getName() != null && rule.getGroup().getName() != null) {
return group.getName().equals(rule.getGroup().getName());
} else {
return false;
}
}
@Override
public final int compareTo(Permission b) {
int cmp = index(this) - index(b);
if (cmp == 0) {
cmp = getName().compareTo(b.getName());
}
return cmp;
}
private static int index(Permission a) {
if (isLabel(a.getName())) {
return LABEL_INDEX;
} else if (isLabelAs(a.getName())) {
return LABEL_AS_INDEX;
} else if (isRemoveLabel(a.getName())) {
return REMOVE_LABEL_INDEX;
}
int index = NAMES_LC.indexOf(a.getName().toLowerCase(Locale.US));
return 0 <= index ? index : NAMES_LC.size();
}
@Override
public final String toString() {
StringBuilder bldr = new StringBuilder();
bldr.append(getName()).append(" ");
if (isExclusiveGroup()) {
bldr.append("[exclusive] ");
}
bldr.append("[");
Iterator<PermissionRule> it = getRules().iterator();
while (it.hasNext()) {
bldr.append(it.next());
if (it.hasNext()) {
bldr.append(", ");
}
}
bldr.append("]");
return bldr.toString();
}
protected abstract Builder autoToBuilder();
public Builder toBuilder() {
Builder b = autoToBuilder();
getRules().stream().map(PermissionRule::toBuilder).forEach(r -> b.add(r));
return b;
}
@AutoValue.Builder
public abstract static class Builder {
private final List<PermissionRule.Builder> rulesBuilders;
Builder() {
rulesBuilders = new ArrayList<>();
}
public abstract Builder setName(String value);
public abstract String getName();
public abstract Builder setExclusiveGroup(boolean value);
@CanIgnoreReturnValue
public Builder modifyRules(Consumer<List<PermissionRule.Builder>> modification) {
modification.accept(rulesBuilders);
return this;
}
@CanIgnoreReturnValue
public Builder add(PermissionRule.Builder rule) {
return modifyRules(r -> r.add(rule));
}
@CanIgnoreReturnValue
public Builder remove(PermissionRule rule) {
if (rule != null) {
return removeRule(rule.getGroup());
}
return this;
}
@CanIgnoreReturnValue
public Builder removeRule(GroupReference group) {
return modifyRules(rules -> rules.removeIf(rule -> sameGroup(rule.build(), group)));
}
@CanIgnoreReturnValue
public Builder clearRules() {
return modifyRules(r -> r.clear());
}
public Permission build() {
setRules(
rulesBuilders.stream()
.map(PermissionRule.Builder::build)
.distinct()
.collect(toImmutableList()));
return autoBuild();
}
public List<PermissionRule.Builder> getRulesBuilders() {
return rulesBuilders;
}
protected abstract ImmutableList<PermissionRule> getRules();
protected abstract Builder setRules(ImmutableList<PermissionRule> rules);
protected abstract Permission autoBuild();
}
}