// Copyright (C) 2012 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.git;
import static com.google.gerrit.reviewdb.client.RefNames.REFS_REJECT_COMMITS;
import static java.nio.charset.StandardCharsets.UTF_8;
import com.google.gerrit.common.errors.PermissionDeniedException;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.reviewdb.client.RefNames;
import com.google.gerrit.server.GerritPersonIdent;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.project.ProjectControl;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.Date;
import java.util.List;
import java.util.TimeZone;
import org.eclipse.jgit.api.errors.ConcurrentRefUpdateException;
import org.eclipse.jgit.errors.IncorrectObjectTypeException;
import org.eclipse.jgit.errors.MissingObjectException;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.ObjectInserter;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.notes.Note;
import org.eclipse.jgit.notes.NoteMap;
import org.eclipse.jgit.revwalk.RevCommit;
import org.eclipse.jgit.revwalk.RevWalk;
@Singleton
public class BanCommit {
/**
* Loads a list of commits to reject from {@code refs/meta/reject-commits}.
*
* @param repo repository from which the rejected commits should be loaded
* @param walk open revwalk on repo.
* @return NoteMap of commits to be rejected, null if there are none.
* @throws IOException the map cannot be loaded.
*/
public static NoteMap loadRejectCommitsMap(Repository repo, RevWalk walk) throws IOException {
try {
Ref ref = repo.getRefDatabase().exactRef(RefNames.REFS_REJECT_COMMITS);
if (ref == null) {
return NoteMap.newEmptyMap();
}
RevCommit map = walk.parseCommit(ref.getObjectId());
return NoteMap.read(walk.getObjectReader(), map);
} catch (IOException badMap) {
throw new IOException("Cannot load " + RefNames.REFS_REJECT_COMMITS, badMap);
}
}
private final Provider<IdentifiedUser> currentUser;
private final GitRepositoryManager repoManager;
private final TimeZone tz;
private NotesBranchUtil.Factory notesBranchUtilFactory;
@Inject
BanCommit(
final Provider<IdentifiedUser> currentUser,
final GitRepositoryManager repoManager,
@GerritPersonIdent final PersonIdent gerritIdent,
final NotesBranchUtil.Factory notesBranchUtilFactory) {
this.currentUser = currentUser;
this.repoManager = repoManager;
this.notesBranchUtilFactory = notesBranchUtilFactory;
this.tz = gerritIdent.getTimeZone();
}
public BanCommitResult ban(
final ProjectControl projectControl, final List<ObjectId> commitsToBan, final String reason)
throws PermissionDeniedException, IOException, ConcurrentRefUpdateException {
if (!projectControl.isOwner()) {
throw new PermissionDeniedException("Not project owner: not permitted to ban commits");
}
final BanCommitResult result = new BanCommitResult();
NoteMap banCommitNotes = NoteMap.newEmptyMap();
// Add a note for each banned commit to notes.
final Project.NameKey project = projectControl.getProject().getNameKey();
try (Repository repo = repoManager.openRepository(project);
RevWalk revWalk = new RevWalk(repo);
ObjectInserter inserter = repo.newObjectInserter()) {
ObjectId noteId = null;
for (final ObjectId commitToBan : commitsToBan) {
try {
revWalk.parseCommit(commitToBan);
} catch (MissingObjectException e) {
// Ignore exception, non-existing commits can be banned.
} catch (IncorrectObjectTypeException e) {
result.notACommit(commitToBan);
continue;
}
if (noteId == null) {
noteId = createNoteContent(reason, inserter);
}
banCommitNotes.set(commitToBan, noteId);
}
NotesBranchUtil notesBranchUtil = notesBranchUtilFactory.create(project, repo, inserter);
NoteMap newlyCreated =
notesBranchUtil.commitNewNotes(
banCommitNotes,
REFS_REJECT_COMMITS,
createPersonIdent(),
buildCommitMessage(commitsToBan, reason));
for (Note n : banCommitNotes) {
if (newlyCreated.contains(n)) {
result.commitBanned(n);
} else {
result.commitAlreadyBanned(n);
}
}
return result;
}
}
private ObjectId createNoteContent(String reason, ObjectInserter inserter) throws IOException {
String noteContent = reason != null ? reason : "";
if (noteContent.length() > 0 && !noteContent.endsWith("\n")) {
noteContent = noteContent + "\n";
}
return inserter.insert(Constants.OBJ_BLOB, noteContent.getBytes(UTF_8));
}
private PersonIdent createPersonIdent() {
Date now = new Date();
return currentUser.get().newCommitterIdent(now, tz);
}
private static String buildCommitMessage(
final List<ObjectId> bannedCommits, final String reason) {
final StringBuilder commitMsg = new StringBuilder();
commitMsg.append("Banning ");
commitMsg.append(bannedCommits.size());
commitMsg.append(" ");
commitMsg.append(bannedCommits.size() == 1 ? "commit" : "commits");
commitMsg.append("\n\n");
if (reason != null) {
commitMsg.append("Reason: ");
commitMsg.append(reason);
commitMsg.append("\n\n");
}
commitMsg.append("The following commits are banned:\n");
final StringBuilder commitList = new StringBuilder();
for (final ObjectId c : bannedCommits) {
if (commitList.length() > 0) {
commitList.append(",\n");
}
commitList.append(c.getName());
}
commitMsg.append(commitList);
return commitMsg.toString();
}
}