| // Copyright (C) 2017 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| package com.google.gerrit.server.group.db; |
| |
| import static com.google.common.collect.ImmutableSet.toImmutableSet; |
| |
| import com.google.common.collect.ImmutableList; |
| import com.google.common.collect.ImmutableSet; |
| import com.google.common.collect.Iterables; |
| import com.google.common.collect.Streams; |
| import com.google.gerrit.common.data.GroupReference; |
| import com.google.gerrit.common.errors.NoSuchGroupException; |
| import com.google.gerrit.reviewdb.client.Account; |
| import com.google.gerrit.reviewdb.client.AccountGroup; |
| import com.google.gerrit.reviewdb.client.AccountGroupById; |
| import com.google.gerrit.reviewdb.client.AccountGroupByIdAud; |
| import com.google.gerrit.reviewdb.client.AccountGroupMember; |
| import com.google.gerrit.reviewdb.client.AccountGroupMemberAudit; |
| import com.google.gerrit.reviewdb.server.ReviewDb; |
| import com.google.gerrit.server.config.AllUsersName; |
| import com.google.gerrit.server.git.GitRepositoryManager; |
| import com.google.gerrit.server.group.InternalGroup; |
| import com.google.gerrit.server.notedb.GroupsMigration; |
| import com.google.gwtorm.server.OrmDuplicateKeyException; |
| import com.google.gwtorm.server.OrmException; |
| import com.google.gwtorm.server.ResultSet; |
| import com.google.inject.Inject; |
| import com.google.inject.Singleton; |
| import java.io.IOException; |
| import java.util.List; |
| import java.util.Optional; |
| import java.util.stream.Stream; |
| import org.eclipse.jgit.errors.ConfigInvalidException; |
| import org.eclipse.jgit.lib.Repository; |
| |
| /** |
| * A database accessor for read calls related to groups. |
| * |
| * <p>All calls which read group related details from the database (either ReviewDb or NoteDb) are |
| * gathered here. Other classes should always use this class instead of accessing the database |
| * directly. There are a few exceptions though: schema classes, wrapper classes, and classes |
| * executed during init. The latter ones should use {@code GroupsOnInit} instead. |
| * |
| * <p>Most callers should not need to read groups directly from the database; they should use the |
| * {@link com.google.gerrit.server.account.GroupCache GroupCache} instead. |
| * |
| * <p>If not explicitly stated, all methods of this class refer to <em>internal</em> groups. |
| */ |
| @Singleton |
| public class Groups { |
| private final GroupsMigration groupsMigration; |
| private final GitRepositoryManager repoManager; |
| private final AllUsersName allUsersName; |
| private final AuditLogReader auditLogReader; |
| |
| @Inject |
| public Groups( |
| GroupsMigration groupsMigration, |
| GitRepositoryManager repoManager, |
| AllUsersName allUsersName, |
| AuditLogReader auditLogReader) { |
| this.groupsMigration = groupsMigration; |
| this.repoManager = repoManager; |
| this.allUsersName = allUsersName; |
| this.auditLogReader = auditLogReader; |
| } |
| |
| /** |
| * Returns the {@code AccountGroup} for the specified ID if it exists. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param groupId the ID of the group |
| * @return the found {@code AccountGroup} if it exists, or else an empty {@code Optional} |
| * @throws OrmException if the group couldn't be retrieved from ReviewDb |
| */ |
| public static Optional<InternalGroup> getGroupFromReviewDb(ReviewDb db, AccountGroup.Id groupId) |
| throws OrmException { |
| AccountGroup accountGroup = db.accountGroups().get(groupId); |
| if (accountGroup == null) { |
| return Optional.empty(); |
| } |
| return Optional.of(asInternalGroup(db, accountGroup)); |
| } |
| |
| /** |
| * Returns the {@code InternalGroup} for the specified UUID if it exists. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param groupUuid the UUID of the group |
| * @return the found {@code InternalGroup} if it exists, or else an empty {@code Optional} |
| * @throws OrmDuplicateKeyException if multiple groups are found for the specified UUID |
| * @throws OrmException if the group couldn't be retrieved from ReviewDb |
| * @throws IOException if the group couldn't be retrieved from NoteDb |
| * @throws ConfigInvalidException if the group couldn't be retrieved from NoteDb |
| */ |
| public Optional<InternalGroup> getGroup(ReviewDb db, AccountGroup.UUID groupUuid) |
| throws OrmException, IOException, ConfigInvalidException { |
| if (groupsMigration.readFromNoteDb()) { |
| try (Repository allUsersRepo = repoManager.openRepository(allUsersName)) { |
| return getGroupFromNoteDb(allUsersRepo, groupUuid); |
| } |
| } |
| |
| Optional<AccountGroup> accountGroup = getGroupFromReviewDb(db, groupUuid); |
| if (!accountGroup.isPresent()) { |
| return Optional.empty(); |
| } |
| return Optional.of(asInternalGroup(db, accountGroup.get())); |
| } |
| |
| private static Optional<InternalGroup> getGroupFromNoteDb( |
| Repository allUsersRepository, AccountGroup.UUID groupUuid) |
| throws IOException, ConfigInvalidException { |
| GroupConfig groupConfig = GroupConfig.loadForGroup(allUsersRepository, groupUuid); |
| Optional<InternalGroup> loadedGroup = groupConfig.getLoadedGroup(); |
| if (loadedGroup.isPresent()) { |
| // Check consistency with group name notes. |
| GroupsNoteDbConsistencyChecker.ensureConsistentWithGroupNameNotes( |
| allUsersRepository, loadedGroup.get()); |
| } |
| return loadedGroup; |
| } |
| |
| public static InternalGroup asInternalGroup(ReviewDb db, AccountGroup accountGroup) |
| throws OrmException { |
| ImmutableSet<Account.Id> members = |
| getMembersFromReviewDb(db, accountGroup.getId()).collect(toImmutableSet()); |
| ImmutableSet<AccountGroup.UUID> subgroups = |
| getSubgroupsFromReviewDb(db, accountGroup.getId()).collect(toImmutableSet()); |
| return InternalGroup.create(accountGroup, members, subgroups); |
| } |
| |
| /** |
| * Returns the {@code AccountGroup} for the specified UUID. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param groupUuid the UUID of the group |
| * @return the {@code AccountGroup} which has the specified UUID |
| * @throws OrmDuplicateKeyException if multiple groups are found for the specified UUID |
| * @throws OrmException if the group couldn't be retrieved from ReviewDb |
| * @throws NoSuchGroupException if a group with such a UUID doesn't exist |
| */ |
| static AccountGroup getExistingGroupFromReviewDb(ReviewDb db, AccountGroup.UUID groupUuid) |
| throws OrmException, NoSuchGroupException { |
| Optional<AccountGroup> group = getGroupFromReviewDb(db, groupUuid); |
| return group.orElseThrow(() -> new NoSuchGroupException(groupUuid)); |
| } |
| |
| /** |
| * Returns the {@code AccountGroup} for the specified UUID if it exists. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param groupUuid the UUID of the group |
| * @return the found {@code AccountGroup} if it exists, or else an empty {@code Optional} |
| * @throws OrmDuplicateKeyException if multiple groups are found for the specified UUID |
| * @throws OrmException if the group couldn't be retrieved from ReviewDb |
| */ |
| private static Optional<AccountGroup> getGroupFromReviewDb( |
| ReviewDb db, AccountGroup.UUID groupUuid) throws OrmException { |
| List<AccountGroup> accountGroups = db.accountGroups().byUUID(groupUuid).toList(); |
| if (accountGroups.size() == 1) { |
| return Optional.of(Iterables.getOnlyElement(accountGroups)); |
| } else if (accountGroups.isEmpty()) { |
| return Optional.empty(); |
| } else { |
| throw new OrmDuplicateKeyException("Duplicate group UUID " + groupUuid); |
| } |
| } |
| |
| /** |
| * Returns {@code GroupReference}s for all internal groups. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @return a stream of the {@code GroupReference}s of all internal groups |
| * @throws OrmException if an error occurs while reading from ReviewDb |
| * @throws IOException if an error occurs while reading from NoteDb |
| * @throws ConfigInvalidException if the data in NoteDb is in an incorrect format |
| */ |
| public Stream<GroupReference> getAllGroupReferences(ReviewDb db) |
| throws OrmException, IOException, ConfigInvalidException { |
| if (groupsMigration.readFromNoteDb()) { |
| try (Repository allUsersRepo = repoManager.openRepository(allUsersName)) { |
| return GroupNameNotes.loadAllGroupReferences(allUsersRepo).stream(); |
| } |
| } |
| |
| return Streams.stream(db.accountGroups().all()) |
| .map(group -> new GroupReference(group.getGroupUUID(), group.getName())); |
| } |
| |
| /** |
| * Returns the members (accounts) of a group. |
| * |
| * <p><strong>Note</strong>: This method doesn't check whether the accounts exist! |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param groupId the ID of the group |
| * @return a stream of the IDs of the members |
| * @throws OrmException if an error occurs while reading from ReviewDb |
| */ |
| public static Stream<Account.Id> getMembersFromReviewDb(ReviewDb db, AccountGroup.Id groupId) |
| throws OrmException { |
| ResultSet<AccountGroupMember> accountGroupMembers = db.accountGroupMembers().byGroup(groupId); |
| return Streams.stream(accountGroupMembers).map(AccountGroupMember::getAccountId); |
| } |
| |
| /** |
| * Returns the subgroups of a group. |
| * |
| * <p>This parent group must be an internal group whereas the subgroups can either be internal or |
| * external groups. |
| * |
| * <p><strong>Note</strong>: This method doesn't check whether the subgroups exist! |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param groupId the ID of the group |
| * @return a stream of the UUIDs of the subgroups |
| * @throws OrmException if an error occurs while reading from ReviewDb |
| */ |
| public static Stream<AccountGroup.UUID> getSubgroupsFromReviewDb( |
| ReviewDb db, AccountGroup.Id groupId) throws OrmException { |
| ResultSet<AccountGroupById> accountGroupByIds = db.accountGroupById().byGroup(groupId); |
| return Streams.stream(accountGroupByIds).map(AccountGroupById::getIncludeUUID).distinct(); |
| } |
| |
| /** |
| * Returns the groups of which the specified account is a member. |
| * |
| * <p><strong>Note</strong>: This method returns an empty stream if the account doesn't exist. |
| * This method doesn't check whether the groups exist. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param accountId the ID of the account |
| * @return a stream of the IDs of the groups of which the account is a member |
| * @throws OrmException if an error occurs while reading from ReviewDb |
| */ |
| public static Stream<AccountGroup.Id> getGroupsWithMemberFromReviewDb( |
| ReviewDb db, Account.Id accountId) throws OrmException { |
| ResultSet<AccountGroupMember> accountGroupMembers = |
| db.accountGroupMembers().byAccount(accountId); |
| return Streams.stream(accountGroupMembers).map(AccountGroupMember::getAccountGroupId); |
| } |
| |
| /** |
| * Returns the parent groups of the specified (sub)group. |
| * |
| * <p>The subgroup may either be an internal or an external group whereas the returned parent |
| * groups represent only internal groups. |
| * |
| * <p><strong>Note</strong>: This method returns an empty stream if the specified group doesn't |
| * exist. This method doesn't check whether the parent groups exist. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param subgroupUuid the UUID of the subgroup |
| * @return a stream of the IDs of the parent groups |
| * @throws OrmException if an error occurs while reading from ReviewDb |
| */ |
| public static Stream<AccountGroup.Id> getParentGroupsFromReviewDb( |
| ReviewDb db, AccountGroup.UUID subgroupUuid) throws OrmException { |
| ResultSet<AccountGroupById> accountGroupByIds = |
| db.accountGroupById().byIncludeUUID(subgroupUuid); |
| return Streams.stream(accountGroupByIds).map(AccountGroupById::getGroupId); |
| } |
| |
| /** |
| * Returns all known external groups. External groups are 'known' when they are specified as a |
| * subgroup of an internal group. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @return a stream of the UUIDs of the known external groups |
| * @throws OrmException if an error occurs while reading from ReviewDb |
| * @throws IOException if an error occurs while reading from NoteDb |
| * @throws ConfigInvalidException if the data in NoteDb is in an incorrect format |
| */ |
| public Stream<AccountGroup.UUID> getExternalGroups(ReviewDb db) |
| throws OrmException, IOException, ConfigInvalidException { |
| if (groupsMigration.readFromNoteDb()) { |
| try (Repository allUsersRepo = repoManager.openRepository(allUsersName)) { |
| return getExternalGroupsFromNoteDb(allUsersRepo); |
| } |
| } |
| |
| return Streams.stream(db.accountGroupById().all()) |
| .map(AccountGroupById::getIncludeUUID) |
| .distinct() |
| .filter(groupUuid -> !AccountGroup.isInternalGroup(groupUuid)); |
| } |
| |
| private Stream<AccountGroup.UUID> getExternalGroupsFromNoteDb(Repository allUsersRepo) |
| throws IOException, ConfigInvalidException { |
| ImmutableSet<GroupReference> allInternalGroups = |
| GroupNameNotes.loadAllGroupReferences(allUsersRepo); |
| ImmutableSet.Builder<AccountGroup.UUID> allSubgroups = ImmutableSet.builder(); |
| for (GroupReference internalGroup : allInternalGroups) { |
| Optional<InternalGroup> group = getGroupFromNoteDb(allUsersRepo, internalGroup.getUUID()); |
| group.map(InternalGroup::getSubgroups).ifPresent(allSubgroups::addAll); |
| } |
| return allSubgroups |
| .build() |
| .stream() |
| .filter(groupUuid -> !AccountGroup.isInternalGroup(groupUuid)); |
| } |
| |
| /** |
| * Returns the membership audit records for a given group. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param repo All-Users repository. |
| * @param groupUuid the UUID of the group |
| * @return the audit records, in arbitrary order; empty if the group does not exist |
| * @throws OrmException if an error occurs while reading from ReviewDb |
| * @throws IOException if an error occurs while reading from NoteDb |
| * @throws ConfigInvalidException if the group couldn't be retrieved from NoteDb |
| */ |
| public List<AccountGroupMemberAudit> getMembersAudit( |
| ReviewDb db, Repository repo, AccountGroup.UUID groupUuid) |
| throws OrmException, IOException, ConfigInvalidException { |
| if (groupsMigration.readFromNoteDb()) { |
| return auditLogReader.getMembersAudit(repo, groupUuid); |
| } |
| Optional<AccountGroup> group = getGroupFromReviewDb(db, groupUuid); |
| if (!group.isPresent()) { |
| return ImmutableList.of(); |
| } |
| |
| return db.accountGroupMembersAudit().byGroup(group.get().getId()).toList(); |
| } |
| |
| /** |
| * Returns the subgroup audit records for a given group. |
| * |
| * @param db the {@code ReviewDb} instance to use for lookups |
| * @param repo All-Users repository. |
| * @param groupUuid the UUID of the group |
| * @return the audit records, in arbitrary order; empty if the group does not exist |
| * @throws OrmException if an error occurs while reading from ReviewDb |
| * @throws IOException if an error occurs while reading from NoteDb |
| * @throws ConfigInvalidException if the group couldn't be retrieved from NoteDb |
| */ |
| public List<AccountGroupByIdAud> getSubgroupsAudit( |
| ReviewDb db, Repository repo, AccountGroup.UUID groupUuid) |
| throws OrmException, IOException, ConfigInvalidException { |
| if (groupsMigration.readFromNoteDb()) { |
| return auditLogReader.getSubgroupsAudit(repo, groupUuid); |
| } |
| Optional<AccountGroup> group = getGroupFromReviewDb(db, groupUuid); |
| if (!group.isPresent()) { |
| return ImmutableList.of(); |
| } |
| |
| return db.accountGroupByIdAud().byGroup(group.get().getId()).toList(); |
| } |
| } |