Disallow publish change edit when user has not signed CLA
Bug: issue 3504
Change-Id: I4b3b5607e8742c90ceb68e87c571df076cd82dad
diff --git a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java
index ff61899..4a803e6 100644
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java
@@ -29,6 +29,7 @@
import com.google.gerrit.common.data.PermissionRule;
import com.google.gerrit.extensions.api.GerritApi;
import com.google.gerrit.extensions.api.changes.RevisionApi;
+import com.google.gerrit.extensions.client.InheritableBoolean;
import com.google.gerrit.extensions.client.ListChangesOption;
import com.google.gerrit.extensions.common.ChangeInfo;
import com.google.gerrit.extensions.common.EditInfo;
@@ -307,6 +308,15 @@
saveProjectConfig(allProjects, cfg);
}
+ protected void setUseContributorAgreements(InheritableBoolean value)
+ throws Exception {
+ MetaDataUpdate md = metaDataUpdateFactory.create(project);
+ ProjectConfig config = ProjectConfig.read(md);
+ config.getProject().setUseContributorAgreements(value);
+ config.commit(md);
+ projectCache.evict(config.getProject());
+ }
+
protected void deny(String permission, AccountGroup.UUID id, String ref)
throws Exception {
ProjectConfig cfg = projectCache.checkedGet(project).getConfig();
diff --git a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/edit/ChangeEditIT.java b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/edit/ChangeEditIT.java
index 4726079..8a02831 100644
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/edit/ChangeEditIT.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/edit/ChangeEditIT.java
@@ -21,6 +21,7 @@
import static java.nio.charset.StandardCharsets.UTF_8;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static java.util.concurrent.TimeUnit.SECONDS;
+import static org.apache.http.HttpStatus.SC_FORBIDDEN;
import static org.apache.http.HttpStatus.SC_CONFLICT;
import static org.apache.http.HttpStatus.SC_NOT_FOUND;
import static org.apache.http.HttpStatus.SC_NO_CONTENT;
@@ -35,6 +36,7 @@
import com.google.gerrit.acceptance.RestResponse;
import com.google.gerrit.acceptance.RestSession;
import com.google.gerrit.extensions.api.changes.ReviewInput;
+import com.google.gerrit.extensions.client.InheritableBoolean;
import com.google.gerrit.extensions.client.ListChangesOption;
import com.google.gerrit.extensions.common.ApprovalInfo;
import com.google.gerrit.extensions.common.ChangeInfo;
@@ -188,6 +190,22 @@
}
@Test
+ public void publishEditRestWithoutCLA() throws Exception {
+ setUseContributorAgreements(InheritableBoolean.TRUE);
+ PatchSet oldCurrentPatchSet = getCurrentPatchSet(changeId);
+ assertThat(modifier.createEdit(change, oldCurrentPatchSet)).isEqualTo(
+ RefUpdate.Result.NEW);
+ assertThat(
+ modifier.modifyFile(editUtil.byChange(change).get(), FILE_NAME,
+ RestSession.newRawInput(CONTENT_NEW))).isEqualTo(RefUpdate.Result.FORCED);
+ RestResponse r = adminSession.post(urlPublish());
+ assertThat(r.getStatusCode()).isEqualTo(SC_FORBIDDEN);
+ setUseContributorAgreements(InheritableBoolean.FALSE);
+ r = adminSession.post(urlPublish());
+ assertThat(r.getStatusCode()).isEqualTo(SC_NO_CONTENT);
+ }
+
+ @Test
public void rebaseEdit() throws Exception {
assertThat(modifier.createEdit(change, ps)).isEqualTo(RefUpdate.Result.NEW);
assertThat(
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/change/PublishChangeEdit.java b/gerrit-server/src/main/java/com/google/gerrit/server/change/PublishChangeEdit.java
index 952636f..711cf18 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/change/PublishChangeEdit.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/change/PublishChangeEdit.java
@@ -15,6 +15,7 @@
package com.google.gerrit.server.change;
import com.google.common.base.Optional;
+import com.google.gerrit.common.data.Capable;
import com.google.gerrit.extensions.registration.DynamicMap;
import com.google.gerrit.extensions.restapi.AcceptsPost;
import com.google.gerrit.extensions.restapi.AuthException;
@@ -85,6 +86,12 @@
public Response<?> apply(ChangeResource rsrc, Publish.Input in)
throws AuthException, ResourceConflictException, NoSuchChangeException,
IOException, InvalidChangeOperationException, OrmException {
+ Capable r =
+ rsrc.getControl().getProjectControl().canPushToAtLeastOneRef();
+ if (r != Capable.OK) {
+ throw new AuthException(r.getMessage());
+ }
+
Optional<ChangeEdit> edit = editUtil.byChange(rsrc.getChange());
if (!edit.isPresent()) {
throw new ResourceConflictException(String.format(
