diff options
| author | Edwin Kempin <edwin.kempin@sap.com> | 2010-10-11 08:02:24 +0200 |
|---|---|---|
| committer | Shawn O. Pearce <sop@google.com> | 2010-10-14 20:52:00 -0700 |
| commit | d2605edacf7c1f5bbb7c25d065a0753e8e933d9c (patch) | |
| tree | 56b52fce7830eddcf78ba4e268a83a6e62750e4b /gerrit-reviewdb | |
| parent | 5b502401293ac93cce2b17202c9894a21cf2a9f1 (diff) | |
| download | gerrit-d2605edacf7c1f5bbb7c25d065a0753e8e933d9c.tar.gz | |
Add new system group for project owners
Add a new system group 'Project Owners' that permits all owners of a project.
The 'Project Owners' group is always evaluated in the context of a project,
meaning that all rights assigned to the 'Project Owners' group are resolved to
rights for the concrete groups owning the project.
This new group makes it easy for Gerrit administrators to configure a default
access configuration for new projects and so the creation of new projects gets
easier and faster.
As an example let's assume that by default for new projects we want to allow
all project owners to push tags and to vote -2/+2 for Code Review, -1/+1 for
Verified and to submit. Before this change the steps to do this were:
1. Creation of a new group for the team that owns the project, 'Team X' (if not
already existing)
2. Creation of a new project 'Project Y' with group 'Team X' as project owner.
3. Assigning for 'Project Y' 'Push Tag +2' privilege to 'Team X'
4. Assigning for 'Project Y' 'Code Review -2/+2' privilege to 'Team X'
5. Assigning for 'Project Y' 'Verified -1/+1' privilege to 'Team X'
6. Assigning for 'Project Y' 'Submit +1' privilege to 'Team X'
With the introduction of the 'Project Owner' group things get easier. A Gerrit
Administrator can assign the deault privileges ONCE on a parent project,
e.g. '-- All Projects --', to the 'Project Owners' group.
1. Assigning for '-- All Projects --' 'Push Tag +2' privilege to
'Project Owners'
2. Assigning for '-- All Projects --' 'Code Review -2/+2' privilege to
'Project Owners'
3. Assigning for '-- All Projects --' 'Verified -1/+1' privilege to
'Project Owners'
4. Assigning for '-- All Projects --' 'Submit +1' privilege to 'Project Owners'
Then the creation of new projects can be done very easily within 1 or 2
commands from the command line:
1. Creation of a new group for the team that owns the project, 'Team X' (if not
already existing)
2. Creation of a new project 'Project Y' with group 'Team X' as project owner.
'Project Y' will inherit the rights assigned to the group 'Project Owner' which
will be resolved for 'Project Y' to rights for the group 'Team X' which is
owning 'Project Y'.
Signed-off-by: Edwin Kempin <edwin.kempin@gmail.com>
Change-Id: Ia233a1ae9138b833aab5d5a53525bbdf6539580e
Diffstat (limited to 'gerrit-reviewdb')
| -rw-r--r-- | gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/RefRight.java | 11 | ||||
| -rw-r--r-- | gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/SystemConfig.java | 5 |
2 files changed, 15 insertions, 1 deletions
diff --git a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/RefRight.java b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/RefRight.java index ec70051a..97ee2199 100644 --- a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/RefRight.java +++ b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/RefRight.java @@ -96,6 +96,10 @@ public final class RefRight { return refPattern.get(); } + public void setGroupId(AccountGroup.Id groupId) { + this.groupId = groupId; + } + @Override public com.google.gwtorm.client.Key<?>[] members() { return new com.google.gwtorm.client.Key<?>[] {refPattern, categoryId, @@ -119,6 +123,13 @@ public final class RefRight { this.key = key; } + public RefRight(final RefRight refRight, final AccountGroup.Id groupId) { + this(new RefRight.Key(refRight.getKey().projectName, + refRight.getKey().refPattern, refRight.getKey().categoryId, groupId)); + setMinValue(refRight.getMinValue()); + setMaxValue(refRight.getMaxValue()); + } + public RefRight.Key getKey() { return key; } diff --git a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/SystemConfig.java b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/SystemConfig.java index f9b6a2df..6ff23ed7 100644 --- a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/SystemConfig.java +++ b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/SystemConfig.java @@ -14,7 +14,6 @@ package com.google.gerrit.reviewdb; -import com.google.gerrit.reviewdb.AccountGroup.Id; import com.google.gwtorm.client.Column; import com.google.gwtorm.client.StringKey; @@ -83,6 +82,10 @@ public final class SystemConfig { @Column(id = 8) public AccountGroup.Id batchUsersGroupId; + /** Identity of the owner group, which permits any project owner. */ + @Column(id = 9) + public AccountGroup.Id ownerGroupId; + protected SystemConfig() { } } |