Document why ReplicationUser doesn't use registered groups
I forgot why we did this isEmpty test before adding the registered
groups into the set. Explain what the heck is going on.
Change-Id: Ic62ec8b56b139aa3e9276fc9f3c9b2d3da12273c
Signed-off-by: Shawn O. Pearce <sop@google.com>
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/ReplicationUser.java b/gerrit-server/src/main/java/com/google/gerrit/server/ReplicationUser.java
index e6e7786..fbbe7f9 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/ReplicationUser.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/ReplicationUser.java
@@ -29,24 +29,34 @@
ReplicationUser create(@Assisted Set<AccountGroup.Id> authGroups);
}
- private Set<AccountGroup.Id> effectiveGroups;
+ private final Set<AccountGroup.Id> effectiveGroups;
@Inject
protected ReplicationUser(AuthConfig authConfig,
@Assisted Set<AccountGroup.Id> authGroups) {
super(AccessPath.REPLICATION, authConfig);
- effectiveGroups = new HashSet<AccountGroup.Id>(authGroups);
- if (effectiveGroups.isEmpty()) {
- effectiveGroups.addAll(authConfig.getRegisteredGroups());
+ if (authGroups.isEmpty()) {
+ // Only include the registered groups if no specific groups
+ // were provided. This allows an administrator to configure
+ // a replication user with a narrower view of the system than
+ // all other users, such as when replicating from an internal
+ // company server to a public open source distribution site.
+ //
+ effectiveGroups = authConfig.getRegisteredGroups();
+
+ } else {
+ effectiveGroups = copy(authGroups);
}
+ }
- effectiveGroups = Collections.unmodifiableSet(effectiveGroups);
+ private static Set<AccountGroup.Id> copy(Set<AccountGroup.Id> groups) {
+ return Collections.unmodifiableSet(new HashSet<AccountGroup.Id>(groups));
}
@Override
public Set<AccountGroup.Id> getEffectiveGroups() {
- return Collections.unmodifiableSet(effectiveGroups);
+ return effectiveGroups;
}
@Override
