Replace the link to the settings/agreements page in the git push error
message with a hardcoded link to the OpenStack wiki.
Remove the form widgets that permit agreeing to a CLA.
Change-Id: Ibfbb8bec245ae494a49cb905925fd2c4f34686f2
Add a test in receive commits for commit message first lines of over 50
characters and a boolean config option to enable checking for it.
Change-Id: I557d1ff72e6df97b991b05c36483c13873b706fb
* stable:
Fix ChangeDetailFactory's invocation of PatchSetDetailFactory
Release notes for 2.1.7.1
Fix API breakage on ChangeDetailService
Do not reset Patch History selection on navigation to next file diff
Resolve Project Owners when checking access right on any ref
Conflicts:
gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java
Change-Id: I6e956625cb4648df35035b9be2d32e6e431fb8f3
The name "-- All Projects --" is awkard to work with on the command
line due to starting with leading hypens, and containing spaces.
In prior versions of Gerrit Code Review this did not really matter,
the project was stored only in the database and did not need to be
accessed by command line tools. Now that the access controls are
in Git and are stored in a Git repository, this directory exists
and needs to be managed.
Bug: issue 994
Change-Id: I19b0967c6cf2720dcd2fd72a354e3566def15fdb
Signed-off-by: Shawn O. Pearce <sop@google.com>
The abandon and restore routines can fail if the change
is in the wrong state (abandoned already, or open still).
These failure lead to internal NPEs. Instead, create a
new exception and give a reason for the failure to the user.
Change-Id: Id7861d75e535c439c12329f7e891797c5b1f6eca
A project is visible to a user when the user has Read Access on any
ref of the project. This check whether an access right is granted on
any ref is not taking the access rights granted to the
'Project Owners' group into account. As a result a user does not see
a project if he is project owner and Read Access is only granted to
the 'Project Owners' group. This change ensures that the
'Project Owners' group is properly resolved in this case.
Bug: issue 997
Change-Id: I27cd8293e5c4a01c867a4e076073bf587294e0ba
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
If the repository name contains spaces (e.g. "-- All Projects --")
the spaces must be URL encoded using the esacpe "%20" in order to
appear in an http:// or https:// URL.
Encoding does *not* happen for ssh:// and git:// protocols as these
both pass-through the remote repository name as-is.
Change-Id: I3bb494c1bc3e21f3a9960071e9930a5ec1c8cf1a
Signed-off-by: Shawn O. Pearce <sop@google.com>
Periodically check a project's refs/meta/config for modifications
made outside of Gerrit Code Review. This ensures slave servers will
eventually pick up new access controls or project settings without
requiring administrators to flush the "projects" cache over SSH.
Checks are done only every cache.projects.checkFrequency period, as a
local disk check requires at least one stat() call to examine the
loose reference's last modified time. This is relatively inexpensive
for a single project request like git clone, but not feasible for
multiple project lookups like a query results page or user dashboard.
To prevent many calls to System.currentTimeMillis() a background
thread (managed by Executors.newScheduledThreadPool) is used to update
a generation flag every checkFrequency period. During a cache get the
ProjectState rechecks its refs/meta/config if the generation does not
match, and gets replaced if there were changes.
Bug: issue 962
Change-Id: I9ad4db27329968e2993b4dd142d1325446190065
Signed-off-by: Shawn O. Pearce <sop@google.com>
This check was broken when groups were changed to use UUIDs for the
effective groups set of an IdentifiedUser. The check must pass the
new UUID type to contains() rather than the older Id type.
We cache the owner decision in case we get multiple calls are made to
this GroupControl. This happens in the loops that invoke the canSee()
methods for each element.
Change-Id: Ifaa6adb456183267fc8030a1fcb04c283b20e941
Signed-off-by: Shawn O. Pearce <sop@google.com>
This program allows site administrators to dump their existing notes
out to the refs/notes/review branch, making the prior data available
to Git clients.
Change-Id: Iebaf1e4b2fb4620443e80d2a8f840cb30ae1e389
Signed-off-by: Shawn O. Pearce <sop@google.com>
* stable:
Support different color pallete when not signed in
Send new patchset event after its available
Enable git:// download URLs if canonicalGitUrl set
Fix NPE on Gerrit startup if mail.from doesn't include a name
Add config setting to only suggest users which are in a visible group
Change-Id: I2bc9ca40e616c7f7b0c12de41f631c916439289c
gerrit stream-events sent notification of a new patch set before it
created the reference in the Git repository. This confused some CI
systems that were able to read the stream-events message and look for
the reference before the server was able to create it.
Bug: issue 755
Change-Id: I14eb9d19984701eb9afbb13e006a24057e8c3473
Signed-off-by: Shawn O. Pearce <sop@google.com>
If for mail.from in the gerrit.config only an e-mail address but no
name was set, Gerrit failed on startup with a NullPointerException.
Bug: issue 961
Change-Id: Ie99a6c7ae42d77e408bc624408b2d13c8b5f9797
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
Update the refControl rules for refs/meta/config to check
for project ownership when submitting or pushing.
Do not allow deleting the magic refs/meta/config branch,
ever, as it would remove magic Gerrit control data.
Bug: issue 960
Change-Id: Idfa41d512060ad7085bbe9894b27f043c8f58d48
When a group is renamed through the web UI, each project.config
(and corresponding groups file) is updated with the new name if
there is a permission rule referencing the group. This ensures
authorship of the relevant modification is charged back to the
user that modified the group name.
Change-Id: Ic44c46553b34548e792269e6ce835ecffea42db7
Signed-off-by: Shawn O. Pearce <sop@google.com>
Pushing a new, rebased Patch Set for a Change failed with a
NullPointer if the first Patch Set could not be merged due
to a patch conflict.
The reason was that there is no ApprovalType of Category SUBM
anymore, but it is still stored in the database.
Change-Id: I058ba99b835813245283c04fdb08199c94957645
Signed-off-by: Stefan Lay <stefan.lay@sap.com>
Permissions are stored in the project.config file within the
refs/meta/config branch of each project. This makes the rules
more flexible in the future, as well as adds version control.
For example:
[access "refs/*"]
owner = group tools-owners
[access "refs/heads/*"]
label-Verified = -1..+1 group tools-dev
label-Verified = -1..+1 group tools-owners
label-Code-Review = -2..+2 group tools-owners
submit = group tools-dev
submit = group tools-owners
[access "refs/heads/stable"]
exclusiveGroupPermissions = read create push
read = group Anonymous Users
push = group tools-repo-maintainer
To enable easy remote editing of the configuration rules, the
following access block is added by default to -- All Projects --
and is thus inherited throughout the entire site:
[access "refs/meta/config"]
read = group Project Owners
push = group Project Owners
This configuration section permits any project owner or site
administrator (as they are indirectly always a project owner of
any project) to push changes to the project.config file within
the refs/meta/config branch, updating access (and other project
information) remotely without using the web UI.
Change-Id: Idb56f657a4bf88108ad40bbb19d831e6806b68c5
Signed-off-by: Shawn O. Pearce <sop@google.com>
By switching to the UUID we can have a globally unique identifier
for group membership throughout the server, even if group information
comes in from a different data source.
Change-Id: Icb49d6a6aff8e62864ac0f78ceedbe03f01de894
Signed-off-by: Shawn O. Pearce <sop@google.com>
UUIDs will be used later on to link access rules to groups, even if
the group gets renamed and the access rule file didn't get updated
with the new name yet.
To generate a UUID we take the creator of the group and the original
group name and hash them with SHA-1. This should produce a globally
unique identifier that is also time dependent, as the PersonIdent
has the current time embedded as part of the creator string.
The placeholder group 'Project Owners' is assigned a constant UUID,
as the concept of project ownership is the same across all servers
and the server interpreting the rules needs to replace this group
with the actual ownership list before evaluating them.
The magic groups 'Anonymous Users' and 'Registered Users' are also
assigned constant UUIDs, as this simplifies the definition of those
automatic membership groups within a server installation.
Change-Id: I47119b325418f88e089e136cee47593d82fbc754
Signed-off-by: Shawn O. Pearce <sop@google.com>
Project settings are now saved in the project.config file of the
refs/meta/config branch within each Git repository. This offers
us free version control over the lifespan of the project, and will
help reduce schema version issues as the configuration file is
more free-form.
Project owners can edit the configuration of their project by
hand and push the results back up, possibly even going through
code review, if the proper access rules are assigned in the
project's access panel. Project users can inspect the history of
the configuration by reading the history of the refs/meta/config
branch with their favorite history browser.
Change-Id: Id63414d86dbfb9033021f76e1d5e782373525a77
Signed-off-by: Shawn O. Pearce <sop@google.com>
If the application code tries to change the description file,
but its already set to the new description text, don't write
out the LockFile and commit it, instead leave things alone.
This avoids updating $GIT_DIR/description unless there will be
an actual content change.
Change-Id: I75613c49ad2f7d8e48e998229c37b23c9ad04675
Signed-off-by: Shawn O. Pearce <sop@google.com>
To simplify the migration changes I'm not going to try to support
upgrading from schema 52 and earlier. Just kill the classes and
require the user to upgrade to 2.1.7 first.
Change-Id: Ic3199034addd2c6a17410745a80a58c1cd5ab8fc
Signed-off-by: Shawn O. Pearce <sop@google.com>
Since projects are listed by recursively walking the filesystem,
we don't need to import them into the database.
Change-Id: I86613ac34a9c0ac68ba82b70b2c0312f877a8e69
Signed-off-by: Shawn O. Pearce <sop@google.com>
Rather than locating projects in the database table, perform a
recursive scan of the managed repository directory and pull up
anything that we find. This is a first step towards moving all
the project control metadata directly into Git.
Bug: issue 436
Change-Id: I08e0083f14f5c03eb9e49b4895c265d13b828534
Signed-off-by: Shawn O. Pearce <sop@google.com>
Make createRepository() actually create the project repository.
Change-Id: Ic10381440129f13919ad6cd67a32c22ae48e0f53
Signed-off-by: Shawn O. Pearce <sop@google.com>
If a branch did not yet exist (e.g. a new project with no commits)
Gerrit refused to allow uploading a new change for review, as the
new commit was not connected to the history.
Change-Id: Ie0beca2c51751d618655dcb739ff94de87ace75b
Signed-off-by: Shawn O. Pearce <sop@google.com>
We moved the private instance member this used to populate, as it was
never read (and is thus dead code). But we forgot to also delete the
now-dead setter.
Change-Id: I5ef5897c58f32c88908c5134ef8221b1d938f970
Signed-off-by: Shawn O. Pearce <sop@google.com>
When calculating the owners of a project the ref pattern to which the
OWN access rights are assigned are ignored and the inherited OWN
access rights are also not taken into account.
There are two use-cases for which the owners of a project must be
calculated:
1. e-mail notification for project owners about new changes:
This e-mail notification should only be sent to the local project
owners (the groups to which the OWN access right is assigned on this
project). In case there are no local owners for a project this e-mail
notification should be sent to the local owners of the nearest parent
project that has local owners.
2. resolving of the system group 'Project Owners':
The 'Project Owners' system group should be resolved to all groups
that are allowed to administrate the project. These are the local
owners plus the inherited owners.
For both use cases we have to filter the OWN access rights to only
those access rights that are assigned for the ref pattern 'refs/*'.
This change implements the logic described above.
Change-Id: Ib90014caf628db00250694f00741076db0492113
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
This way we can set the Eclipse warnings/error reporting for the
generated code to ignore problems we normally try to prevent in
human written sources.
Change-Id: I0b32d4ebf95611f58468a14e81489bf76f5d7603
Signed-off-by: Shawn O. Pearce <sop@google.com>