--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
That sounds interesting (will look into details of proposed changes in the following days) however there is one aspect of existing approach (writing AccessSection entries in refs/meta/config) that seems to be missing in this proposal which is visibility of group's (and particular user as group member) permissions
and also track of its changes (in refs/meta/config history).
When in doubts one can go and immediately check what is currently granted to given group at certain project level - this is not perfect but allows for pretty quick investigation when permissions needs to be examined...
RegardsJacek
On Monday, 20 February 2017 00:26:00 UTC+1, Shawn Pearce wrote:I've started a large refactoring of how Gerrit evaluates permissions, and dubbed the new API PermissionBackend.I think there is some elegance to this approach, for example PutTopic:@Overridepublic Response<String> apply(ChangeResource req, Input input)throws UpdateException, RestApiException, PermissionBackendException {req.permissions().check(ChangePermission.EDIT_TOPIC_NAME);The check method verifies the permission and throws AuthException (403 Forbidden) if the calling user is not permitted. A getDescription method is equally straightforward:public UiAction.Description getDescription(ChangeResource rsrc) {return new UiAction.Description().setLabel("Edit Topic").setVisible(rsrc.permissions().testOrFalse(ChangePermission.EDIT_TOPIC_NAME));}One important aspect is the difference between check and test. The check method should be used early in a state changing operation, where a denial can be returned to the user. The test method should be used in other contexts like computing UI button states, where lack of the permission is not fatal to the read operation completing normally.Later I'd like to make PermissionBackend pluggable(ish), so that an implementation can decide how to handle check and test.This could be useful for integrated systems, where permission management is handled outside of Gerrit. Both CollabNet and GerritHub come to mind as systems that could benefit from being able to swap the PermissionBackend and skip writing permissions with custom GroupBackend associations to refs/meta/config[1].Being able to swap PermissionBackend may also be useful for auditing. A failed check is a user trying to use a permission they do not have. An auditing PermissionBackend could wrap the "real" PermissionBackend and observe check operations, providing a more clear picture of successful and failed permissions, without sorting through the HTTP logs trying to map REST API URLs to permission names. Its especially challenging for the PostReview handler, where labels aren't even visible in the URL and a logger has to dig through the input object.Its going to be a lot of work, but I'd like to have ProjectControl, RefControl and ChangeControl become internal implementation details of DefaultPermissionBackend, and hide these types entirely from the rest of the server (and plugins).My permissionbackend topic contains a lot of changes because I've been going through removing a number of references to see if the PermissionBackend API is suitable for its intended purpose. Thus far its proving to be reasonably straightforward with the PermissionBackend, which suggests this may be a viable API to work with.[1] You can still use a custom GroupBackend to facilitate the implementation. Both check and test have access to a CurrentUser, which obviously has group memberships accessible. What you avoid is writing AccessSection entries to refs/meta/config.
--
--
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.
Looping the GitBlit Team ... because this change is *amazing* from a GitBlit plugin integration perspective.
One of the things that people like about GitBlit, is the ease of setup and use.The GitBlit access control screen is very simple [1] and with this "pluggability" of Gerrit permissions it could be delegated to Gitblit altogether.The result would be:- Gitblit UX for repo browsing and ACL administration- Gerrit as code-review backendThe Gerrit + Gitblit combination could really bring the Gerrit Code Review workflow to a wider audience.
Luca.
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.
On Tue, Feb 21, 2017 at 9:30 AM, Luca Milanesio <luca.mi...@gmail.com> wrote:Looping the GitBlit Team ... because this change is *amazing* from a GitBlit plugin integration perspective.Thanks Luca.One of the things that people like about GitBlit, is the ease of setup and use.The GitBlit access control screen is very simple [1] and with this "pluggability" of Gerrit permissions it could be delegated to Gitblit altogether.The result would be:- Gitblit UX for repo browsing and ACL administration- Gerrit as code-review backendThe Gerrit + Gitblit combination could really bring the Gerrit Code Review workflow to a wider audience.Yes, exactly!The existing Gerrit permission system is very powerful and requires an "advanced user" to make use of it. One of the applications of PermissionBackend that I was thinking of is coupling Gerrit with a system that has less knobs, but still helps the team accomplish its goals. Gitblit is a perfect example.
Luca.
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
I've started a large refactoring of how Gerrit evaluates permissions, and dubbed the new API PermissionBackend.
--
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.
Luca.
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
Just some clarifying questions...If I understand this correctly, there's two parts to this: 1) exposing an API to external applications to take advantage of Gerrit's access control mechanism,
2) make the access control mechanism swap-able such that Gerrit can use external mechanism, is that correct?
For 2), can it accommodate external mechanism that uses a different access control paradigm (like ABAC for example?)
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.