Google Git
Sign in
gerrit / gerrit / 41f46c881ec01129a61b4051af7cdbc169a9383a / . / Documentation / rest-api-access.txt
blob: 991f36cc0c347304db5aa2f67901ed5e3f157767 [file] [log] [blame]
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]1= Gerrit Code Review - /access/ REST API
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]2
3This page describes the access rights related REST endpoints.
4Please also take note of the general information on the
5link:rest-api.html[REST API].
6
7[[access-endpoints]]
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]8== Access Rights Endpoints
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]9
10[[list-access]]
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]11=== List Access Rights
Yuxuan 'fishy' Wangd85b6872013-11-15 11:47:46 -0800[diff] [blame]12--
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]13'GET /access/?project=link:rest-api-projects.html#project-name[\{project-name\}]'
Yuxuan 'fishy' Wangd85b6872013-11-15 11:47:46 -0800[diff] [blame]14--
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]15
16Lists the access rights for projects. The projects for which the access
17rights should be returned must be specified as `project` options. The
18`project` can be specified multiple times.
19
20As result a map is returned that maps the project name to
21link:#project-access-info[ProjectAccessInfo] entities.
22
23The entries in the map are sorted by project name.
24
25.Request
26----
27 GET /access/?project=MyProject&project=All-Projects HTTP/1.0
28----
29
30.Response
31----
32 HTTP/1.1 200 OK
David Pursehouse56bf1cb2015-01-06 15:44:00 +0900[diff] [blame]33 Content-Type: application/json; charset=UTF-8
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]34
35 )]}'
36 {
37 "All-Projects": {
38 "revision": "edd453d18e08640e67a8c9a150cec998ed0ac9aa",
39 "local": {
40 "GLOBAL_CAPABILITIES": {
41 "permissions": {
42 "priority": {
43 "rules": {
44 "15bfcd8a6de1a69c50b30cedcdcc951c15703152": {
45 "action": "BATCH"
46 }
47 }
48 },
49 "streamEvents": {
50 "rules": {
51 "15bfcd8a6de1a69c50b30cedcdcc951c15703152": {
52 "action": "ALLOW"
53 }
54 }
55 },
56 "administrateServer": {
57 "rules": {
58 "53a4f647a89ea57992571187d8025f830625192a": {
59 "action": "ALLOW"
60 }
61 }
62 }
63 }
64 },
65 "refs/meta/config": {
66 "permissions": {
67 "submit": {
68 "rules": {
69 "53a4f647a89ea57992571187d8025f830625192a": {
70 "action": "ALLOW"
71 },
72 "global:Project-Owners": {
73 "action": "ALLOW"
74 }
75 }
76 },
77 "label-Code-Review": {
78 "label": "Code-Review",
79 "rules": {
80 "53a4f647a89ea57992571187d8025f830625192a": {
81 "action": "ALLOW",
82 "min": -2,
83 "max": 2
84 },
85 "global:Project-Owners": {
86 "action": "ALLOW",
87 "min": -2,
88 "max": 2
89 }
90 }
91 },
92 "read": {
93 "exclusive": true,
94 "rules": {
95 "53a4f647a89ea57992571187d8025f830625192a": {
96 "action": "ALLOW"
97 },
98 "global:Project-Owners": {
99 "action": "ALLOW"
100 }
101 }
102 },
103 "push": {
104 "rules": {
105 "53a4f647a89ea57992571187d8025f830625192a": {
106 "action": "ALLOW"
107 },
108 "global:Project-Owners": {
109 "action": "ALLOW"
110 }
111 }
112 }
113 }
114 },
115 "refs/for/refs/*": {
116 "permissions": {
117 "pushMerge": {
118 "rules": {
119 "global:Registered-Users": {
120 "action": "ALLOW"
121 }
122 }
123 },
124 "push": {
125 "rules": {
126 "global:Registered-Users": {
127 "action": "ALLOW"
128 }
129 }
130 }
131 }
132 },
133 "refs/tags/*": {
134 "permissions": {
Edwin Kempin62c15682016-09-05 14:32:38 +0200[diff] [blame]135 "createSignedTag": {
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]136 "rules": {
137 "53a4f647a89ea57992571187d8025f830625192a": {
138 "action": "ALLOW"
139 },
140 "global:Project-Owners": {
141 "action": "ALLOW"
142 }
143 }
144 },
Edwin Kempin62c15682016-09-05 14:32:38 +0200[diff] [blame]145 "createTag": {
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]146 "rules": {
147 "53a4f647a89ea57992571187d8025f830625192a": {
148 "action": "ALLOW"
149 },
150 "global:Project-Owners": {
151 "action": "ALLOW"
152 }
153 }
154 }
155 }
156 },
157 "refs/heads/*": {
158 "permissions": {
159 "forgeCommitter": {
160 "rules": {
161 "53a4f647a89ea57992571187d8025f830625192a": {
162 "action": "ALLOW"
163 },
164 "global:Project-Owners": {
165 "action": "ALLOW"
166 }
167 }
168 },
169 "forgeAuthor": {
170 "rules": {
171 "global:Registered-Users": {
172 "action": "ALLOW"
173 }
174 }
175 },
176 "submit": {
177 "rules": {
178 "53a4f647a89ea57992571187d8025f830625192a": {
179 "action": "ALLOW"
180 },
181 "global:Project-Owners": {
182 "action": "ALLOW"
183 }
184 }
185 },
186 "editTopicName": {
187 "rules": {
188 "53a4f647a89ea57992571187d8025f830625192a": {
189 "action": "ALLOW",
190 "force": true
191 },
192 "global:Project-Owners": {
193 "action": "ALLOW",
194 "force": true
195 }
196 }
197 },
198 "label-Code-Review": {
199 "label": "Code-Review",
200 "rules": {
201 "global:Registered-Users": {
202 "action": "ALLOW",
203 "min": -1,
204 "max": 1
205 },
206 "53a4f647a89ea57992571187d8025f830625192a": {
207 "action": "ALLOW",
208 "min": -2,
209 "max": 2
210 },
211 "global:Project-Owners": {
212 "action": "ALLOW",
213 "min": -2,
214 "max": 2
215 }
216 }
217 },
218 "create": {
219 "rules": {
220 "53a4f647a89ea57992571187d8025f830625192a": {
221 "action": "ALLOW"
222 },
223 "global:Project-Owners": {
224 "action": "ALLOW"
225 }
226 }
227 },
228 "push": {
229 "rules": {
230 "53a4f647a89ea57992571187d8025f830625192a": {
231 "action": "ALLOW"
232 },
233 "global:Project-Owners": {
234 "action": "ALLOW"
235 }
236 }
237 }
238 }
239 },
240 "refs/*": {
241 "permissions": {
242 "read": {
243 "rules": {
244 "global:Anonymous-Users": {
245 "action": "ALLOW"
246 },
247 "53a4f647a89ea57992571187d8025f830625192a": {
248 "action": "ALLOW"
249 }
250 }
251 }
252 }
253 }
254 },
Edwin Kempinca192a62013-07-12 13:21:15 +0200[diff] [blame]255 "is_owner": true,
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]256 "owner_of": [
257 "GLOBAL_CAPABILITIES",
258 "refs/meta/config",
259 "refs/for/refs/*",
260 "refs/tags/*",
261 "refs/heads/*",
262 "refs/*"
263 ],
264 "can_upload": true,
265 "can_add": true,
Marco Millerc2114ac2018-09-10 16:52:54 -0400[diff] [blame]266 "can_add_tags": true,
Han-Wen Nienhuyse2258f6e2017-08-08 15:38:18 -0300[diff] [blame]267 "config_visible": true,
268 "groups": {
269 "53a4f647a89ea57992571187d8025f830625192a": {
270 "url": "#/admin/groups/uuid-53a4f647a89ea57992571187d8025f830625192a",
271 "options": {},
272 "description": "Gerrit Site Administrators",
273 "group_id": 1,
274 "owner": "Administrators",
275 "owner_id": "53a4f647a89ea57992571187d8025f830625192a",
276 "created_on": "2009-06-08 23:31:00.000000000",
277 "name": "Administrators"
278 },
279 "global:Registered-Users": {
280 "options": {},
281 "name": "Registered Users"
282 },
283 "global:Project-Owners": {
284 "options": {},
285 "name": "Project Owners"
286 },
287 "15bfcd8a6de1a69c50b30cedcdcc951c15703152": {
288 "url": "#/admin/groups/uuid-15bfcd8a6de1a69c50b30cedcdcc951c15703152",
289 "options": {},
Patrick Hiesele587c402020-08-07 16:11:29 +0200[diff] [blame]290 "description": "Service accounts that interact with Gerrit",
Han-Wen Nienhuyse2258f6e2017-08-08 15:38:18 -0300[diff] [blame]291 "group_id": 2,
292 "owner": "Administrators",
293 "owner_id": "53a4f647a89ea57992571187d8025f830625192a",
294 "created_on": "2009-06-08 23:31:00.000000000",
Patrick Hiesele587c402020-08-07 16:11:29 +0200[diff] [blame]295 "name": "Service Users"
Han-Wen Nienhuyse2258f6e2017-08-08 15:38:18 -0300[diff] [blame]296 },
297 "global:Anonymous-Users": {
298 "options": {},
299 "name": "Anonymous Users"
300 }
301 }
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]302 },
303 "MyProject": {
304 "revision": "61157ed63e14d261b6dca40650472a9b0bd88474",
305 "inherits_from": {
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]306 "id": "All-Projects",
307 "name": "All-Projects",
308 "description": "Access inherited by all other projects."
309 },
310 "local": {},
Edwin Kempinca192a62013-07-12 13:21:15 +0200[diff] [blame]311 "is_owner": true,
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]312 "owner_of": [
313 "refs/*"
314 ],
315 "can_upload": true,
316 "can_add": true,
Marco Millerc2114ac2018-09-10 16:52:54 -0400[diff] [blame]317 "can_add_tags": true,
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]318 "config_visible": true
319 }
320 }
321----
322
David Pursehouse76af7f82014-11-25 17:13:11 +0900[diff] [blame]323[[json-entities]]
324== JSON Entities
325
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]326[[access-section-info]]
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]327=== AccessSectionInfo
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]328The `AccessSectionInfo` describes the access rights that are assigned
329on a ref.
330
David Pursehouseae367192014-11-25 17:24:47 +0900[diff] [blame]331[options="header",cols="1,^1,5"]
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]332|==================================
333|Field Name ||Description
334|`permissions` ||
335The permissions assigned on the ref of this access section as a map
336that maps the permission names to link:#permission-info[PermissionInfo]
337entities.
338|==================================
339
340[[permission-info]]
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]341=== PermissionInfo
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]342The `PermissionInfo` entity contains information about an assigned
343permission.
344
David Pursehouseae367192014-11-25 17:24:47 +0900[diff] [blame]345[options="header",cols="1,^1,5"]
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]346|==================================
347|Field Name ||Description
348|`label` |optional|
349The name of the label. Not set if it's not a label permission.
350|`exclusive` |not set if `false`|
351Whether this permission is assigned exclusively.
352|`rules` ||
353The rules assigned for this permission as a map that maps the UUIDs of
354the groups for which the permission are assigned to
355link:#permission-info[PermissionRuleInfo] entities.
356|==================================
357
358[[permission-rule-info]]
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]359=== PermissionRuleInfo
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]360The `PermissionRuleInfo` entity contains information about a permission
361rule that is assigned to group.
362
David Pursehouseae367192014-11-25 17:24:47 +0900[diff] [blame]363[options="header",cols="1,^1,5"]
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]364|==================================
365|Field Name ||Description
366|`action` ||
367The action of this rule. For normal permissions this can be `ALLOW`,
368`DENY` or `BLOCK`. Special values for global capabilities are
369`INTERACTIVE` and `BATCH`.
370|`force` |not set if `false`|
371Whether the force flag is set.
372|`min` |
David Pursehouse59c8dc52016-10-02 23:50:17 +0000[diff] [blame]373not set if range is empty (from `0` to `0`) or not set|
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]374The min value of the permission range.
375|`max` |
David Pursehouse59c8dc52016-10-02 23:50:17 +0000[diff] [blame]376not set if range is empty (from `0` to `0`) or not set|
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]377The max value of the permission range.
378|==================================
379
380[[project-access-info]]
Yuxuan 'fishy' Wang61698b12013-12-20 12:55:51 -0800[diff] [blame]381=== ProjectAccessInfo
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]382The `ProjectAccessInfo` entity contains information about the access
383rights for a project.
384
David Pursehouseae367192014-11-25 17:24:47 +0900[diff] [blame]385[options="header",cols="1,^1,5"]
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]386|==================================
387|Field Name ||Description
388|`revision` ||
389The revision of the `refs/meta/config` branch from which the access
390rights were loaded.
Edwin Kempin51e78512022-04-06 12:49:04 +0200[diff] [blame]391|`inherits_from` |not set for the `All-Projects` project|
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]392The parent project from which permissions are inherited as a
393link:rest-api-projects.html#project-info[ProjectInfo] entity.
394|`local` ||
395The local access rights of the project as a map that maps the refs to
396link:#access-section-info[AccessSectionInfo] entities.
Edwin Kempinca192a62013-07-12 13:21:15 +0200[diff] [blame]397|`is_owner` |not set if `false`|
398Whether the calling user owns this project.
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]399|`owner_of` ||The list of refs owned by the calling user.
400|`can_upload` |not set if `false`|
401Whether the calling user can upload to any ref.
402|`can_add` |not set if `false`|
403Whether the calling user can add any ref.
Marco Millerc2114ac2018-09-10 16:52:54 -0400[diff] [blame]404|`can_add_tags` |not set if `false`|
405Whether the calling user can add any tag ref.
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]406|`config_visible` |not set if `false`|
407Whether the calling user can see the `refs/meta/config` branch of the
408project.
Edwin Kempinaf35ce42021-01-29 13:50:04 +0100[diff] [blame]409|`groups` ||A map of group UUID to
Han-Wen Nienhuys33ef2b82018-02-07 13:01:05 +0100[diff] [blame]410link:rest-api-groups.html#group-info[GroupInfo] objects, with names and
411URLs for the group UUIDs used in the `local` map.
412This will include names for groups that might
413be invisible to the caller.
Edwin Kempinaf35ce42021-01-29 13:50:04 +0100[diff] [blame]414|`config_web_links` |optional|
415Links to the history of the configuration file governing this project's access
416rights as list of link:rest-api-changes.html#web-link-info[WebLinkInfo]
417entities.
Edwin Kempin87340e62013-06-24 16:46:34 +0200[diff] [blame]418|==================================
419
420
421GERRIT
422------
423Part of link:index.html[Gerrit Code Review]
Yuxuan 'fishy' Wang99cb68d2013-10-31 17:26:00 -0700[diff] [blame]424
425SEARCHBOX
426---------