Launchpad itself

Merge lp:~twom/launchpad/branch-permissions-for-gitapi into lp:launchpad

branch-permissions-for-gitapi
Merge into devel

Proposed by Tom Wardill on 2018-09-26

Status:

Superseded

Proposed branch:

lp:~twom/launchpad/branch-permissions-for-gitapi

Merge into:

lp:launchpad

Diff against target:

1527 lines (+1208/-4)

20 files modified

database/schema/patch-2209-85-0.sql (+68/-0)
database/schema/security.cfg (+4/-0)
lib/lp/code/configure.zcml (+37/-0)
lib/lp/code/enums.py (+21/-0)
lib/lp/code/interfaces/gitapi.py (+6/-0)
lib/lp/code/interfaces/gitlookup.py (+12/-0)
lib/lp/code/interfaces/gitrepository.py (+23/-0)
lib/lp/code/interfaces/gitrule.py (+172/-0)
lib/lp/code/model/gitlookup.py (+13/-0)
lib/lp/code/model/gitrepository.py (+62/-0)
lib/lp/code/model/gitrule.py (+199/-0)
lib/lp/code/model/tests/test_gitrepository.py (+102/-1)
lib/lp/code/model/tests/test_gitrule.py (+200/-0)
lib/lp/code/xmlrpc/git.py (+43/-0)
lib/lp/code/xmlrpc/tests/test_git.py (+119/-0)
lib/lp/registry/personmerge.py (+22/-1)
lib/lp/registry/tests/test_personmerge.py (+36/-1)
lib/lp/security.py (+40/-0)
lib/lp/testing/factory.py (+25/-0)
scripts/close-account.py (+4/-1)

To merge this branch:

bzr merge lp:~twom/launchpad/branch-permissions-for-gitapi

High

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Launchpad code reviewers		2018-09-26	Pending
Review via email: mp+355715@code.launchpad.net

This proposal has been superseded by a proposal from 2018-09-26.

Commit message

Add GitRuleGrant api to xmlrpc API

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barki Mustapha

Celso Providelo

Christian Reis

Christy Awad

Colin Watson

Harpianto,ANDI

James Troup

John A Meinel

Kevin bush

Launchpad code reviewers

Launchpad code reviewers from Canonical

Matthew Tanner

Maximiliano Bertacchini

Oguz Ersoz

Simon Brakhane

Tom Wardill

Ubuntu-BR DevOps

William Grant

alhawiti

api.ng

pedro cavazos

todaioan

wenjingwen

to status/vote changes:

Tzaddi

Tzaddi Belding

 === added file 'database/schema/patch-2209-85-0.sql'
 --- database/schema/patch-2209-85-0.sql	1970-01-01 00:00:00 +0000
 +++ database/schema/patch-2209-85-0.sql	2018-09-26 15:35:28 +0000
@@ -0,0 +1,68 @@
++-- Copyright 2018 Canonical Ltd.  This software is licensed under the
++-- GNU Affero General Public License version 3 (see the file LICENSE).
++
++SET client_min_messages=ERROR;
++
++CREATE TABLE GitRule (
++    id serial PRIMARY KEY,
++    repository integer NOT NULL REFERENCES gitrepository,
++    position integer NOT NULL,
++    ref_pattern text NOT NULL,
++    creator integer NOT NULL REFERENCES person,
++    date_created timestamp without time zone DEFAULT (CURRENT_TIMESTAMP AT TIME ZONE 'UTC') NOT NULL,
++    date_last_modified timestamp without time zone DEFAULT (CURRENT_TIMESTAMP AT TIME ZONE 'UTC') NOT NULL,
++    CONSTRAINT gitrule__repository__position__key UNIQUE (repository, position) DEFERRABLE INITIALLY DEFERRED,
++    CONSTRAINT gitrule__repository__ref_pattern__key UNIQUE (repository, ref_pattern),
++    -- Used by repository_matches_rule constraint on GitRuleGrant.
++    CONSTRAINT gitrule__repository__id__key UNIQUE (repository, id)
++);
++
++COMMENT ON TABLE GitRule IS 'An access rule for a Git repository.';
++COMMENT ON COLUMN GitRule.repository IS 'The repository that this rule is for.';
++COMMENT ON COLUMN GitRule.position IS 'The position of this rule in its repository''s rule order.';
++COMMENT ON COLUMN GitRule.ref_pattern IS 'The pattern of references matched by this rule.';
++COMMENT ON COLUMN GitRule.creator IS 'The user who created this rule.';
++COMMENT ON COLUMN GitRule.date_created IS 'The time when this rule was created.';
++COMMENT ON COLUMN GitRule.date_last_modified IS 'The time when this rule was last modified.';
++
++CREATE TABLE GitRuleGrant (
++    id serial PRIMARY KEY,
++    repository integer NOT NULL REFERENCES gitrepository,
++    rule integer NOT NULL REFERENCES gitrule,
++    grantee_type integer NOT NULL,
++    grantee integer REFERENCES person,
++    can_create boolean DEFAULT false NOT NULL,
++    can_push boolean DEFAULT false NOT NULL,
++    can_force_push boolean DEFAULT false NOT NULL,
++    grantor integer NOT NULL REFERENCES person,
++    date_created timestamp without time zone DEFAULT (CURRENT_TIMESTAMP AT TIME ZONE 'UTC') NOT NULL,
++    date_last_modified timestamp without time zone DEFAULT (CURRENT_TIMESTAMP AT TIME ZONE 'UTC') NOT NULL,
++    CONSTRAINT repository_matches_rule FOREIGN KEY (repository, rule) REFERENCES gitrule (repository, id),
++    -- 2 == PERSON
++    CONSTRAINT has_grantee CHECK ((grantee_type = 2) = (grantee IS NOT NULL))
++);
++
++CREATE INDEX gitrulegrant__repository__idx
++    ON GitRuleGrant(repository);
++CREATE UNIQUE INDEX gitrulegrant__rule__grantee_type__key
++    ON GitRuleGrant(rule, grantee_type)
++    -- 2 == PERSON
++    WHERE grantee_type != 2;
++CREATE UNIQUE INDEX gitrulegrant__rule__grantee_type__grantee_key
++    ON GitRuleGrant(rule, grantee_type, grantee)
++    -- 2 == PERSON
++    WHERE grantee_type = 2;
++
++COMMENT ON TABLE GitRuleGrant IS 'An access grant for a Git repository rule.';
++COMMENT ON COLUMN GitRuleGrant.repository IS 'The repository that this grant is for.';
++COMMENT ON COLUMN GitRuleGrant.rule IS 'The rule that this grant is for.';
++COMMENT ON COLUMN GitRuleGrant.grantee_type IS 'The type of entity being granted access.';
++COMMENT ON COLUMN GitRuleGrant.grantee IS 'The person or team being granted access.';
++COMMENT ON COLUMN GitRuleGrant.can_create IS 'Whether creating references is allowed.';
++COMMENT ON COLUMN GitRuleGrant.can_push IS 'Whether pushing references is allowed.';
++COMMENT ON COLUMN GitRuleGrant.can_force_push IS 'Whether force-pushing references is allowed.';
++COMMENT ON COLUMN GitRuleGrant.grantor IS 'The user who created this grant.';
++COMMENT ON COLUMN GitRuleGrant.date_created IS 'The time when this grant was created.';
++COMMENT ON COLUMN GitRuleGrant.date_last_modified IS 'The time when this grant was last modified.';
++
++INSERT INTO LaunchpadDatabaseRevision VALUES (2209, 85, 0);
 === modified file 'database/schema/security.cfg'
 --- database/schema/security.cfg	2018-09-10 12:45:07 +0000
 +++ database/schema/security.cfg	2018-09-26 15:35:28 +0000
@@ -190,6 +190,8 @@
  public.gitjob                           = SELECT, INSERT, UPDATE, DELETE
  public.gitref                           = SELECT, INSERT, UPDATE, DELETE
  public.gitrepository                    = SELECT, INSERT, UPDATE, DELETE
++public.gitrule                          = SELECT, INSERT, UPDATE, DELETE
++public.gitrulegrant                     = SELECT, INSERT, UPDATE, DELETE
  public.gitsubscription                  = SELECT, INSERT, UPDATE, DELETE
  public.hwdevice                         = SELECT
  public.hwdeviceclass                    = SELECT, INSERT, DELETE
@@ -2210,6 +2212,8 @@
  public.faq                              = SELECT, UPDATE
  public.featureflagchangelogentry        = SELECT, UPDATE
  public.gitrepository                    = SELECT, UPDATE
++public.gitrule                          = SELECT, UPDATE
++public.gitrulegrant                     = SELECT, UPDATE, DELETE
  public.gitsubscription                  = SELECT, UPDATE, DELETE
  public.gpgkey                           = SELECT, UPDATE
  public.hwsubmission                     = SELECT, UPDATE
 === modified file 'lib/lp/code/configure.zcml'
 --- lib/lp/code/configure.zcml	2018-05-16 17:33:18 +0000
 +++ lib/lp/code/configure.zcml	2018-09-26 15:35:28 +0000
@@ -919,6 +919,35 @@
      <allow interface="lp.code.interfaces.gitref.IGitRefRemoteSet" />
    </securedutility>
++  <!-- Git repository access rules -->
++
++  <class class="lp.code.model.gitrule.GitRule">
++    <require
++        permission="launchpad.View"
++        interface="lp.code.interfaces.gitrule.IGitRuleView
++                   lp.code.interfaces.gitrule.IGitRuleEditableAttributes" />
++    <require
++        permission="launchpad.Edit"
++        interface="lp.code.interfaces.gitrule.IGitRuleEdit"
++        set_schema="lp.code.interfaces.gitrule.IGitRuleEditableAttributes" />
++  </class>
++  <subscriber
++      for="lp.code.interfaces.gitrule.IGitRule zope.lifecycleevent.interfaces.IObjectModifiedEvent"
++      handler="lp.code.model.gitrule.git_rule_modified"/>
++  <class class="lp.code.model.gitrule.GitRuleGrant">
++    <require
++        permission="launchpad.View"
++        interface="lp.code.interfaces.gitrule.IGitRuleGrantView
++                   lp.code.interfaces.gitrule.IGitRuleGrantEditableAttributes" />
++    <require
++        permission="launchpad.Edit"
++        interface="lp.code.interfaces.gitrule.IGitRuleGrantEdit"
++        set_schema="lp.code.interfaces.gitrule.IGitRuleGrantEditableAttributes" />
++  </class>
++  <subscriber
++      for="lp.code.interfaces.gitrule.IGitRuleGrant zope.lifecycleevent.interfaces.IObjectModifiedEvent"
++      handler="lp.code.model.gitrule.git_rule_grant_modified"/>
++
    <!-- GitCollection -->
    <class class="lp.code.model.gitcollection.GenericGitCollection">
@@ -975,6 +1004,9 @@
    <adapter factory="lp.code.model.defaultgit.OwnerProjectDefaultGitRepository" />
    <adapter factory="lp.code.model.defaultgit.OwnerPackageDefaultGitRepository" />
++  <class class="lp.code.model.gitlookup.GitRuleGrantLookup">
++    <allow interface="lp.code.interfaces.gitlookup.IGitRuleGrantLookup" />
++  </class>
    <class class="lp.code.model.gitlookup.GitLookup">
      <allow interface="lp.code.interfaces.gitlookup.IGitLookup" />
    </class>
@@ -984,6 +1016,11 @@
      <allow interface="lp.code.interfaces.gitlookup.IGitLookup" />
    </securedutility>
    <securedutility
++      class="lp.code.model.gitlookup.GitRuleGrantLookup"
++      provides="lp.code.interfaces.gitlookup.IGitRuleGrantLookup">
++    <allow interface="lp.code.interfaces.gitlookup.IGitRuleGrantLookup" />
++  </securedutility>
++  <securedutility
        class="lp.code.model.gitlookup.GitTraverser"
        provides="lp.code.interfaces.gitlookup.IGitTraverser">
      <allow interface="lp.code.interfaces.gitlookup.IGitTraverser" />
 === modified file 'lib/lp/code/enums.py'
 --- lib/lp/code/enums.py	2017-06-15 01:02:11 +0000
 +++ lib/lp/code/enums.py	2018-09-26 15:35:28 +0000
@@ -21,6 +21,7 @@
      'CodeImportReviewStatus',
      'CodeReviewNotificationLevel',
      'CodeReviewVote',
++    'GitGranteeType',
      'GitObjectType',
      'GitRepositoryType',
      'NON_CVS_RCS_TYPES',
@@ -175,6 +176,26 @@
          """)
++class GitGranteeType(DBEnumeratedType):
++    """Git Grantee Type
++
++    Access grants for Git repositories can be made to various kinds of
++    grantees.
++    """
++
++    REPOSITORY_OWNER = DBItem(1, """
++        Repository owner
++
++        A grant to the owner of the associated repository.
++        """)
++
++    PERSON = DBItem(2, """
++        Person
++
++        A grant to a particular person or team.
++        """)
++
++
  class BranchLifecycleStatusFilter(EnumeratedType):
      """Branch Lifecycle Status Filter
 === modified file 'lib/lp/code/interfaces/gitapi.py'
 --- lib/lp/code/interfaces/gitapi.py	2015-03-31 04:18:22 +0000
 +++ lib/lp/code/interfaces/gitapi.py	2018-09-26 15:35:28 +0000
@@ -67,3 +67,9 @@
          :returns: An `Unauthorized` fault, as password authentication is
              not yet supported.
          """
++
++    def listRefRules(self, repository, user):
++        """Return the list of RefRules for `user` in `repository`
++
++        :returns: A List of rules for the user in the specified repository
++        """
 === modified file 'lib/lp/code/interfaces/gitlookup.py'
 --- lib/lp/code/interfaces/gitlookup.py	2015-03-30 14:47:22 +0000
 +++ lib/lp/code/interfaces/gitlookup.py	2018-09-26 15:35:28 +0000
@@ -6,6 +6,7 @@
  __metaclass__ = type
  __all__ = [
      'IGitLookup',
++    'IGitRuleGrantLookup',
      'IGitTraversable',
      'IGitTraverser',
+     ]
@@ -145,3 +146,14 @@
              leading part of a path as a repository, such as external code
              browsers.
          """
++
++
++class IGitRuleGrantLookup(Interface):
++    """Utility for looking up a GitRuleGrant by properties"""
++
++    def getByRulesAffectingPerson(repository, grantee_id):
++        """Find all the rules for a repository that affect a Person.
++
++        :param repository: An instance of a GitRepository
++        :param granteed_id: An integer of the id of the Person
++        """
 === modified file 'lib/lp/code/interfaces/gitrepository.py'
 --- lib/lp/code/interfaces/gitrepository.py	2018-08-23 17:03:05 +0000
 +++ lib/lp/code/interfaces/gitrepository.py	2018-09-26 15:35:28 +0000
@@ -266,6 +266,10 @@
          # Really ICodeImport, patched in _schema_circular_imports.py.
          schema=Interface))
++    rules = Attribute("The access rules for this repository.")
++
++    grants = Attribute("The access grants for this repository.")
++
      @operation_parameters(
          path=TextLine(title=_("A string to look up as a path.")))
      # Really IGitRef, patched in _schema_circular_imports.py.
@@ -715,6 +719,25 @@
          This may be helpful in cases where a previous scan crashed.
          """
++    def addRule(ref_pattern, creator, position=None):
++        """Add an access rule to this repository.
++
++        :param ref_pattern: The reference pattern that the new rule should
++            match.
++        :param creator: The `IPerson` who is adding the rule.
++        :param position: The list position at which to insert the rule, or
++            None to append it.
++        """
++
++    def moveRule(rule, position):
++        """Move a rule to a new position in its repository's rule order.
++
++        :param rule: The `IGitRule` to move.
++        :param position: The new position.  For example, 0 puts the rule at
++            the start, while `len(repository.rules)` puts the rule at the
++            end.
++        """
++
      @export_read_operation()
      @operation_for_version("devel")
      def canBeDeleted():
 === added file 'lib/lp/code/interfaces/gitrule.py'
 --- lib/lp/code/interfaces/gitrule.py	1970-01-01 00:00:00 +0000
 +++ lib/lp/code/interfaces/gitrule.py	2018-09-26 15:35:28 +0000
@@ -0,0 +1,172 @@
++# Copyright 2018 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++"""Git repository access rules."""
++
++from __future__ import absolute_import, print_function, unicode_literals
++
++__metaclass__ = type
++__all__ = [
++    'IGitRule',
++    'IGitRuleGrant',
++    ]
++
++from lazr.restful.fields import Reference
++from zope.interface import (
++    Attribute,
++    Interface,
++    )
++from zope.schema import (
++    Bool,
++    Choice,
++    Datetime,
++    Int,
++    TextLine,
++    )
++
++from lp import _
++from lp.code.enums import GitGranteeType
++from lp.code.interfaces.gitrepository import IGitRepository
++from lp.services.fields import (
++    PersonChoice,
++    PublicPersonChoice,
++    )
++
++
++class IGitRuleView(Interface):
++    """`IGitRule` attributes that require launchpad.View."""
++
++    id = Int(title=_("ID"), readonly=True, required=True)
++
++    repository = Reference(
++        title=_("Repository"), required=True, readonly=True,
++        schema=IGitRepository,
++        description=_("The repository that this rule is for."))
++
++    position = Int(
++        title=_("Position"), required=True, readonly=True,
++        description=_(
++            "The position of this rule in its repository's rule order."))
++
++    creator = PublicPersonChoice(
++        title=_("Creator"), required=True, readonly=True,
++        vocabulary="ValidPerson",
++        description=_("The user who created this rule."))
++
++    date_created = Datetime(
++        title=_("Date created"), required=True, readonly=True,
++        description=_("The time when this rule was created."))
++
++    grants = Attribute("The access grants for this rule.")
++
++
++class IGitRuleEditableAttributes(Interface):
++    """`IGitRule` attributes that can be edited.
++
++    These attributes need launchpad.View to see, and launchpad.Edit to change.
++    """
++
++    ref_pattern = TextLine(
++        title=_("Pattern"), required=True, readonly=False,
++        description=_("The pattern of references matched by this rule."))
++
++    date_last_modified = Datetime(
++        title=_("Date last modified"), required=True, readonly=True,
++        description=_("The time when this rule was last modified."))
++
++
++class IGitRuleEdit(Interface):
++    """`IGitRule` attributes that require launchpad.Edit."""
++
++    def addGrant(grantee, grantor, can_create=False, can_push=False,
++                 can_force_push=False):
++        """Add an access grant to this rule.
++
++        :param grantee: The `IPerson` who is being granted permission, or an
++            item of `GitGranteeType` other than `GitGranteeType.PERSON` to
++            grant permission to some other kind of entity.
++        :param grantor: The `IPerson` who is granting permission.
++        :param can_create: Whether the grantee can create references
++            matching this rule.
++        :param can_push: Whether the grantee can push references matching
++            this rule.
++        :param can_force_push: Whether the grantee can force-push references
++            matching this rule.
++        """
++
++    def destroySelf():
++        """Delete this rule."""
++
++
++class IGitRule(IGitRuleView, IGitRuleEditableAttributes, IGitRuleEdit):
++    """An access rule for a Git repository."""
++
++
++class IGitRuleGrantView(Interface):
++    """`IGitRuleGrant` attributes that require launchpad.View."""
++
++    id = Int(title=_("ID"), readonly=True, required=True)
++
++    repository = Reference(
++        title=_("Repository"), required=True, readonly=True,
++        schema=IGitRepository,
++        description=_("The repository that this grant is for."))
++
++    rule = Reference(
++        title=_("Rule"), required=True, readonly=True,
++        schema=IGitRule,
++        description=_("The rule that this grant is for."))
++
++    grantor = PublicPersonChoice(
++        title=_("Grantor"), required=True, readonly=True,
++        vocabulary="ValidPerson",
++        description=_("The user who created this grant."))
++
++    grantee_type = Choice(
++        title=_("Grantee type"), required=True, readonly=True,
++        vocabulary=GitGranteeType,
++        description=_("The type of grantee for this grant."))
++
++    grantee = PersonChoice(
++        title=_("Grantee"), required=False, readonly=True,
++        vocabulary="ValidPersonOrTeam",
++        description=_("The person being granted access."))
++
++    date_created = Datetime(
++        title=_("Date created"), required=True, readonly=True,
++        description=_("The time when this grant was created."))
++
++
++class IGitRuleGrantEditableAttributes(Interface):
++    """`IGitRuleGrant` attributes that can be edited.
++
++    These attributes need launchpad.View to see, and launchpad.Edit to change.
++    """
++
++    can_create = Bool(
++        title=_("Can create"), required=True, readonly=False,
++        description=_("Whether creating references is allowed."))
++
++    can_push = Bool(
++        title=_("Can push"), required=True, readonly=False,
++        description=_("Whether pushing references is allowed."))
++
++    can_force_push = Bool(
++        title=_("Can force-push"), required=True, readonly=False,
++        description=_("Whether force-pushing references is allowed."))
++
++    date_last_modified = Datetime(
++        title=_("Date last modified"), required=True, readonly=True,
++        description=_("The time when this grant was last modified."))
++
++
++class IGitRuleGrantEdit(Interface):
++    """`IGitRuleGrant` attributes that require launchpad.Edit."""
++
++    def destroySelf():
++        """Delete this access grant."""
++
++
++class IGitRuleGrant(IGitRuleGrantView, IGitRuleGrantEditableAttributes,
++                    IGitRuleGrantEdit):
++    """An access grant for a Git repository rule."""
 === modified file 'lib/lp/code/model/gitlookup.py'
 --- lib/lp/code/model/gitlookup.py	2018-07-23 10:28:33 +0000
 +++ lib/lp/code/model/gitlookup.py	2018-09-26 15:35:28 +0000
@@ -27,6 +27,7 @@
+     )
  from lp.code.interfaces.gitlookup import (
      IGitLookup,
++    IGitRuleGrantLookup,
      IGitTraversable,
      IGitTraverser,
+     )
@@ -34,6 +35,7 @@
  from lp.code.interfaces.gitrepository import IGitRepositorySet
  from lp.code.interfaces.hasgitrepositories import IHasGitRepositories
  from lp.code.model.gitrepository import GitRepository
++from lp.code.model.gitrule import GitRuleGrant
  from lp.registry.errors import NoSuchSourcePackageName
  from lp.registry.interfaces.distribution import IDistribution
  from lp.registry.interfaces.distributionsourcepackage import (
@@ -372,3 +374,14 @@
          if trailing:
              trailing_segments.insert(0, trailing)
          return repository, "/".join(trailing_segments)
++
++
++@implementer(IGitRuleGrantLookup)
++class GitRuleGrantLookup:
++
++    def getByRulesAffectingPerson(self, repository, grantee):
++        grants = IStore(GitRuleGrant).find(
++            GitRuleGrant,
++            GitRuleGrant.repository == repository)
++        grants = [grant for grant in grants if grantee.inTeam(grant.grantee)]
++        return grants
 === modified file 'lib/lp/code/model/gitrepository.py'
 --- lib/lp/code/model/gitrepository.py	2018-09-06 14:25:46 +0000
 +++ lib/lp/code/model/gitrepository.py	2018-09-26 15:35:28 +0000
@@ -41,6 +41,7 @@
      Bool,
      DateTime,
      Int,
++    List,
      Reference,
      Unicode,
+     )
@@ -112,6 +113,10 @@
      GitRef,
      GitRefDefault,
+     )
++from lp.code.model.gitrule import (
++    GitRule,
++    GitRuleGrant,
++    )
  from lp.code.model.gitsubscription import GitSubscription
  from lp.registry.enums import PersonVisibility
  from lp.registry.errors import CannotChangeInformationType
@@ -1121,6 +1126,61 @@
      def code_import(self):
          return getUtility(ICodeImportSet).getByGitRepository(self)
++    @property
++    def rules(self):
++        """See `IGitRepository`."""
++        return Store.of(self).find(
++            GitRule, GitRule.repository == self).order_by(GitRule.position)
++
++    def _syncRulePositions(self, rules):
++        """Synchronise rule positions with their order in a provided list.
++
++        :param rules: A sequence of `IGitRule`s in the desired order.
++        """
++        # This approach requires fetching all this repository's rules, which
++        # is potentially more work than necessary.  However, it has the
++        # benefit of being simple, and because it ensures the correct
++        # position of all rules it tends to be self-correcting.
++        for position, rule in enumerate(rules):
++            if rule.repository != self:
++                raise AssertionError("%r does not belong to %r" % (rule, self))
++            if rule.position != position:
++                removeSecurityProxy(rule).position = position
++
++    def addRule(self, ref_pattern, creator, position=None):
++        """See `IGitRepository`."""
++        rules = list(self.rules)
++        rule = GitRule(
++            repository=self,
++            # -1 isn't a valid position, but _syncRulePositions will correct
++            # it in a moment.
++            position=position if position is not None else -1,
++            ref_pattern=ref_pattern, creator=creator, date_created=DEFAULT)
++        if position is None:
++            rules.append(rule)
++        else:
++            rules.insert(position, rule)
++        self._syncRulePositions(rules)
++        return rule
++
++    def moveRule(self, rule, position):
++        """See `IGitRepository`."""
++        if rule.repository != self:
++            raise ValueError("%r does not belong to %r" % (rule, self))
++        if position < 0:
++            raise ValueError("Negative positions are not supported")
++        if position != rule.position:
++            rules = list(self.rules)
++            rules.remove(rule)
++            rules.insert(position, rule)
++            self._syncRulePositions(rules)
++
++    @property
++    def grants(self):
++        """See `IGitRepository`."""
++        return Store.of(self).find(
++            GitRuleGrant, GitRuleGrant.repository_id == self.id)
++
      def canBeDeleted(self):
          """See `IGitRepository`."""
          # Can't delete if the repository is associated with anything.
@@ -1252,6 +1312,8 @@
          self._deleteRepositorySubscriptions()
          self._deleteJobs()
          getUtility(IWebhookSet).delete(self.webhooks)
++        self.grants.remove()
++        self.rules.remove()
          # Now destroy the repository.
          repository_name = self.unique_name
 === added file 'lib/lp/code/model/gitrule.py'
 --- lib/lp/code/model/gitrule.py	1970-01-01 00:00:00 +0000
 +++ lib/lp/code/model/gitrule.py	2018-09-26 15:35:28 +0000
@@ -0,0 +1,199 @@
++# Copyright 2018 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++"""Git repository access rules."""
++
++from __future__ import absolute_import, print_function, unicode_literals
++
++__metaclass__ = type
++__all__ = [
++    'GitRule',
++    'GitRuleGrant',
++    ]
++
++from lazr.enum import DBItem
++import pytz
++from storm.locals import (
++    Bool,
++    DateTime,
++    Int,
++    Reference,
++    Store,
++    Unicode,
++    )
++from zope.interface import implementer
++from zope.security.proxy import removeSecurityProxy
++
++from lp.code.enums import GitGranteeType
++from lp.code.interfaces.gitrule import (
++    IGitRule,
++    IGitRuleGrant,
++    )
++from lp.registry.interfaces.person import (
++    validate_person,
++    validate_public_person,
++    )
++from lp.services.database.constants import (
++    DEFAULT,
++    UTC_NOW,
++    )
++from lp.services.database.enumcol import DBEnum
++from lp.services.database.stormbase import StormBase
++
++
++def git_rule_modified(rule, event):
++    """Update date_last_modified when a GitRule is modified.
++
++    This method is registered as a subscriber to `IObjectModifiedEvent`
++    events on Git repository rules.
++    """
++    if event.edited_fields:
++        rule.date_last_modified = UTC_NOW
++
++
++@implementer(IGitRule)
++class GitRule(StormBase):
++    """See `IGitRule`."""
++
++    __storm_table__ = 'GitRule'
++
++    id = Int(primary=True)
++
++    repository_id = Int(name='repository', allow_none=False)
++    repository = Reference(repository_id, 'GitRepository.id')
++
++    position = Int(name='position', allow_none=False)
++
++    ref_pattern = Unicode(name='ref_pattern', allow_none=False)
++
++    creator_id = Int(
++        name='creator', allow_none=False, validator=validate_public_person)
++    creator = Reference(creator_id, 'Person.id')
++
++    date_created = DateTime(
++        name='date_created', tzinfo=pytz.UTC, allow_none=False)
++    date_last_modified = DateTime(
++        name='date_last_modified', tzinfo=pytz.UTC, allow_none=False)
++
++    def __init__(self, repository, position, ref_pattern, creator,
++                 date_created):
++        super(GitRule, self).__init__()
++        self.repository = repository
++        self.position = position
++        self.ref_pattern = ref_pattern
++        self.creator = creator
++        self.date_created = date_created
++        self.date_last_modified = date_created
++
++    def __repr__(self):
++        return "<GitRule '%s'> for %r" % (self.ref_pattern, self.repository)
++
++    @property
++    def grants(self):
++        """See `IGitRule`."""
++        return Store.of(self).find(
++            GitRuleGrant, GitRuleGrant.rule_id == self.id)
++
++    def addGrant(self, grantee, grantor, can_create=False, can_push=False,
++                 can_force_push=False):
++        """See `IGitRule`."""
++        return GitRuleGrant(
++            rule=self, grantee=grantee, can_create=can_create,
++            can_push=can_push, can_force_push=can_force_push, grantor=grantor,
++            date_created=DEFAULT)
++
++    def destroySelf(self):
++        """See `IGitRule`."""
++        for grant in self.grants:
++            grant.destroySelf()
++        rules = list(self.repository.rules)
++        Store.of(self).remove(self)
++        rules.remove(self)
++        removeSecurityProxy(self.repository)._syncRulePositions(rules)
++
++
++def git_rule_grant_modified(grant, event):
++    """Update date_last_modified when a GitRuleGrant is modified.
++
++    This method is registered as a subscriber to `IObjectModifiedEvent`
++    events on Git repository grants.
++    """
++    if event.edited_fields:
++        grant.date_last_modified = UTC_NOW
++
++
++@implementer(IGitRuleGrant)
++class GitRuleGrant(StormBase):
++    """See `IGitRuleGrant`."""
++
++    __storm_table__ = 'GitRuleGrant'
++
++    id = Int(primary=True)
++
++    repository_id = Int(name='repository', allow_none=False)
++    repository = Reference(repository_id, 'GitRepository.id')
++
++    rule_id = Int(name='rule', allow_none=False)
++    rule = Reference(rule_id, 'GitRule.id')
++
++    grantee_type = DBEnum(
++        name='grantee_type', enum=GitGranteeType, allow_none=False)
++
++    grantee_id = Int(
++        name='grantee', allow_none=True, validator=validate_person)
++    grantee = Reference(grantee_id, 'Person.id')
++
++    can_create = Bool(name='can_create', allow_none=False)
++    can_push = Bool(name='can_push', allow_none=False)
++    can_force_push = Bool(name='can_force_push', allow_none=False)
++
++    grantor_id = Int(
++        name='grantor', allow_none=False, validator=validate_public_person)
++    grantor = Reference(grantor_id, 'Person.id')
++
++    date_created = DateTime(
++        name='date_created', tzinfo=pytz.UTC, allow_none=False)
++    date_last_modified = DateTime(
++        name='date_last_modified', tzinfo=pytz.UTC, allow_none=False)
++
++    def __init__(self, rule, grantee, can_create, can_push, can_force_push,
++                 grantor, date_created):
++        if isinstance(grantee, DBItem) and grantee.enum == GitGranteeType:
++            if grantee == GitGranteeType.PERSON:
++                raise ValueError(
++                    "grantee may not be GitGranteeType.PERSON; pass a person "
++                    "object instead")
++            grantee_type = grantee
++            grantee = None
++        else:
++            grantee_type = GitGranteeType.PERSON
++
++        self.repository = rule.repository
++        self.rule = rule
++        self.grantee_type = grantee_type
++        self.grantee = grantee
++        self.can_create = can_create
++        self.can_push = can_push
++        self.can_force_push = can_force_push
++        self.grantor = grantor
++        self.date_created = date_created
++        self.date_last_modified = date_created
++
++    def __repr__(self):
++        permissions = []
++        if self.can_create:
++            permissions.append("create")
++        if self.can_push:
++            permissions.append("push")
++        if self.can_force_push:
++            permissions.append("force-push")
++        if self.grantee_type == GitGranteeType.PERSON:
++            grantee_name = "~%s" % self.grantee.name
++        else:
++            grantee_name = self.grantee_type.title.lower()
++        return "<GitRuleGrant [%s] to %s> for %r" % (
++            ", ".join(permissions), grantee_name, self.rule)
++
++    def destroySelf(self):
++        """See `IGitRuleGrant`."""
++        Store.of(self).remove(self)
 === modified file 'lib/lp/code/model/tests/test_gitrepository.py'
 --- lib/lp/code/model/tests/test_gitrepository.py	2018-08-31 14:25:40 +0000
 +++ lib/lp/code/model/tests/test_gitrepository.py	2018-09-26 15:35:28 +0000
@@ -1,4 +1,4 @@
--# Copyright 2015-2017 Canonical Ltd.  This software is licensed under the
++# Copyright 2015-2018 Canonical Ltd.  This software is licensed under the
  # GNU Affero General Public License version 3 (see the file LICENSE).
  """Tests for Git repositories."""
@@ -23,6 +23,7 @@
  from testtools.matchers import (
      EndsWith,
      LessThan,
++    MatchesListwise,
      MatchesSetwise,
      MatchesStructure,
+     )
@@ -537,6 +538,14 @@
          transaction.commit()
          self.assertRaises(LostObjectError, getattr, webhook, 'target')
++    def test_related_rules_and_grants_deleted(self):
++        rule = self.factory.makeGitRule(repository=self.repository)
++        grant = self.factory.makeGitRuleGrant(rule=rule)
++        self.repository.destroySelf()
++        transaction.commit()
++        self.assertRaises(LostObjectError, getattr, grant, 'rule')
++        self.assertRaises(LostObjectError, getattr, rule, 'repository')
++
  class TestGitRepositoryDeletionConsequences(TestCaseWithFactory):
      """Test determination and application of repository deletion
@@ -2179,6 +2188,98 @@
          self.assertEqual('Some text', ret)
++class TestGitRepositoryRules(TestCaseWithFactory):
++
++    layer = DatabaseFunctionalLayer
++
++    def test_rules(self):
++        repository = self.factory.makeGitRepository()
++        other_repository = self.factory.makeGitRepository()
++        self.factory.makeGitRule(
++            repository=repository, ref_pattern="refs/heads/*")
++        self.factory.makeGitRule(
++            repository=repository, ref_pattern="refs/heads/stable/*")
++        self.factory.makeGitRule(
++            repository=other_repository, ref_pattern="refs/heads/*")
++        self.assertThat(list(repository.rules), MatchesListwise([
++            MatchesStructure.byEquality(
++                repository=repository,
++                ref_pattern="refs/heads/*"),
++            MatchesStructure.byEquality(
++                repository=repository,
++                ref_pattern="refs/heads/stable/*"),
++            ]))
++
++    def test_addRule_append(self):
++        repository = self.factory.makeGitRepository()
++        initial_rule = self.factory.makeGitRule(
++            repository=repository, ref_pattern="refs/heads/*")
++        self.assertEqual(0, initial_rule.position)
++        with person_logged_in(repository.owner):
++            new_rule = repository.addRule(
++                "refs/heads/stable/*", repository.owner)
++        self.assertEqual(1, new_rule.position)
++        self.assertEqual([initial_rule, new_rule], list(repository.rules))
++
++    def test_addRule_insert(self):
++        repository = self.factory.makeGitRepository()
++        initial_rules = [
++            self.factory.makeGitRule(
++                repository=repository, ref_pattern="refs/heads/*"),
++            self.factory.makeGitRule(
++                repository=repository, ref_pattern="refs/heads/protected"),
++            self.factory.makeGitRule(
++                repository=repository, ref_pattern="refs/heads/another"),
++            ]
++        self.assertEqual([0, 1, 2], [rule.position for rule in initial_rules])
++        with person_logged_in(repository.owner):
++            new_rule = repository.addRule(
++                "refs/heads/stable/*", repository.owner, position=1)
++        self.assertEqual(1, new_rule.position)
++        self.assertEqual([0, 2, 3], [rule.position for rule in initial_rules])
++        self.assertEqual(
++            [initial_rules[0], new_rule, initial_rules[1], initial_rules[2]],
++            list(repository.rules))
++
++    def test_moveRule(self):
++        repository = self.factory.makeGitRepository()
++        rules = [
++            self.factory.makeGitRule(
++                repository=repository,
++                ref_pattern=self.factory.getUniqueUnicode(
++                    prefix="refs/heads/"))
++            for _ in range(5)]
++        with person_logged_in(repository.owner):
++            self.assertEqual(rules, list(repository.rules))
++            repository.moveRule(rules[0], 4)
++            self.assertEqual(rules[1:] + [rules[0]], list(repository.rules))
++            repository.moveRule(rules[0], 0)
++            self.assertEqual(rules, list(repository.rules))
++            repository.moveRule(rules[2], 1)
++            self.assertEqual(
++                [rules[0], rules[2], rules[1], rules[3], rules[4]],
++                list(repository.rules))
++
++    def test_moveRule_non_negative(self):
++        rule = self.factory.makeGitRule()
++        with person_logged_in(rule.repository.owner):
++            self.assertRaises(ValueError, rule.repository.moveRule, rule, -1)
++
++    def test_grants(self):
++        repository = self.factory.makeGitRepository()
++        other_repository = self.factory.makeGitRepository()
++        rule = self.factory.makeGitRule(repository=repository)
++        other_rule = self.factory.makeGitRule(repository=other_repository)
++        grants = [
++            self.factory.makeGitRuleGrant(
++                rule=rule, grantee=self.factory.makePerson())
++            for _ in range(2)
++            ]
++        self.factory.makeGitRuleGrant(
++            rule=other_rule, grantee=self.factory.makePerson())
++        self.assertContentEqual(grants, repository.grants)
++
++
  class TestGitRepositorySet(TestCaseWithFactory):
      layer = DatabaseFunctionalLayer
 === added file 'lib/lp/code/model/tests/test_gitrule.py'
 --- lib/lp/code/model/tests/test_gitrule.py	1970-01-01 00:00:00 +0000
 +++ lib/lp/code/model/tests/test_gitrule.py	2018-09-26 15:35:28 +0000
@@ -0,0 +1,200 @@
++# Copyright 2018 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++"""Tests for Git repository access rules."""
++
++from __future__ import absolute_import, print_function, unicode_literals
++
++__metaclass__ = type
++
++from storm.store import Store
++from testtools.matchers import (
++    Equals,
++    Is,
++    MatchesSetwise,
++    MatchesStructure,
++    )
++
++from lp.code.enums import GitGranteeType
++from lp.code.interfaces.gitrule import (
++    IGitRule,
++    IGitRuleGrant,
++    )
++from lp.services.database.sqlbase import get_transaction_timestamp
++from lp.testing import (
++    person_logged_in,
++    TestCaseWithFactory,
++    verifyObject,
++    )
++from lp.testing.layers import DatabaseFunctionalLayer
++
++
++class TestGitRule(TestCaseWithFactory):
++
++    layer = DatabaseFunctionalLayer
++
++    def test_implements_IGitRule(self):
++        rule = self.factory.makeGitRule()
++        verifyObject(IGitRule, rule)
++
++    def test_properties(self):
++        owner = self.factory.makeTeam()
++        member = self.factory.makePerson(member_of=[owner])
++        repository = self.factory.makeGitRepository(owner=owner)
++        rule = self.factory.makeGitRule(
++            repository=repository, ref_pattern="refs/heads/stable/*",
++            creator=member)
++        now = get_transaction_timestamp(Store.of(rule))
++        self.assertThat(rule, MatchesStructure.byEquality(
++            repository=repository,
++            ref_pattern="refs/heads/stable/*",
++            creator=member,
++            date_created=now,
++            date_last_modified=now))
++
++    def test_repr(self):
++        repository = self.factory.makeGitRepository()
++        rule = self.factory.makeGitRule(repository=repository)
++        self.assertEqual(
++            "<GitRule 'refs/heads/*'> for %r" % repository, repr(rule))
++
++    def test_grants(self):
++        rule = self.factory.makeGitRule()
++        other_rule = self.factory.makeGitRule(
++            repository=rule.repository, ref_pattern="refs/heads/stable/*")
++        grantees = [self.factory.makePerson() for _ in range(2)]
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER,
++            can_create=True)
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=grantees[0], can_push=True)
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=grantees[1], can_force_push=True)
++        self.factory.makeGitRuleGrant(
++            rule=other_rule, grantee=grantees[0], can_push=True)
++        self.assertThat(rule.grants, MatchesSetwise(
++            MatchesStructure(
++                rule=Equals(rule),
++                grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER),
++                grantee=Is(None),
++                can_create=Is(True),
++                can_push=Is(False),
++                can_force_push=Is(False)),
++            MatchesStructure(
++                rule=Equals(rule),
++                grantee_type=Equals(GitGranteeType.PERSON),
++                grantee=Equals(grantees[0]),
++                can_create=Is(False),
++                can_push=Is(True),
++                can_force_push=Is(False)),
++            MatchesStructure(
++                rule=Equals(rule),
++                grantee_type=Equals(GitGranteeType.PERSON),
++                grantee=Equals(grantees[1]),
++                can_create=Is(False),
++                can_push=Is(False),
++                can_force_push=Is(True))))
++
++    def test_destroySelf(self):
++        repository = self.factory.makeGitRepository()
++        rules = [
++            self.factory.makeGitRule(
++                repository=repository,
++                ref_pattern=self.factory.getUniqueUnicode(
++                    prefix="refs/heads/"))
++            for _ in range(4)]
++        self.assertEqual([0, 1, 2, 3], [rule.position for rule in rules])
++        self.assertEqual(rules, list(repository.rules))
++        with person_logged_in(repository.owner):
++            rules[1].destroySelf()
++        del rules[1]
++        self.assertEqual([0, 1, 2], [rule.position for rule in rules])
++        self.assertEqual(rules, list(repository.rules))
++
++    def test_destroySelf_removes_grants(self):
++        repository = self.factory.makeGitRepository()
++        rule = self.factory.makeGitRule(repository=repository)
++        grant = self.factory.makeGitRuleGrant(rule=rule)
++        self.assertEqual([grant], list(repository.grants))
++        with person_logged_in(repository.owner):
++            rule.destroySelf()
++        self.assertEqual([], list(repository.grants))
++
++
++class TestGitRuleGrant(TestCaseWithFactory):
++
++    layer = DatabaseFunctionalLayer
++
++    def test_implements_IGitRuleGrant(self):
++        grant = self.factory.makeGitRuleGrant()
++        verifyObject(IGitRuleGrant, grant)
++
++    def test_properties_owner(self):
++        owner = self.factory.makeTeam()
++        member = self.factory.makePerson(member_of=[owner])
++        rule = self.factory.makeGitRule(owner=owner)
++        grant = self.factory.makeGitRuleGrant(
++            rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER, grantor=member,
++            can_create=True, can_force_push=True)
++        now = get_transaction_timestamp(Store.of(grant))
++        self.assertThat(grant, MatchesStructure(
++            repository=Equals(rule.repository),
++            rule=Equals(rule),
++            grantee_type=Equals(GitGranteeType.REPOSITORY_OWNER),
++            grantee=Is(None),
++            can_create=Is(True),
++            can_push=Is(False),
++            can_force_push=Is(True),
++            grantor=Equals(member),
++            date_created=Equals(now),
++            date_last_modified=Equals(now)))
++
++    def test_properties_person(self):
++        owner = self.factory.makeTeam()
++        member = self.factory.makePerson(member_of=[owner])
++        rule = self.factory.makeGitRule(owner=owner)
++        grantee = self.factory.makePerson()
++        grant = self.factory.makeGitRuleGrant(
++            rule=rule, grantee=grantee, grantor=member, can_push=True)
++        now = get_transaction_timestamp(Store.of(rule))
++        self.assertThat(grant, MatchesStructure(
++            repository=Equals(rule.repository),
++            rule=Equals(rule),
++            grantee_type=Equals(GitGranteeType.PERSON),
++            grantee=Equals(grantee),
++            can_create=Is(False),
++            can_push=Is(True),
++            can_force_push=Is(False),
++            grantor=Equals(member),
++            date_created=Equals(now),
++            date_last_modified=Equals(now)))
++
++    def test_repr_owner(self):
++        rule = self.factory.makeGitRule()
++        grant = self.factory.makeGitRuleGrant(
++            rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER,
++            can_create=True, can_push=True)
++        self.assertEqual(
++            "<GitRuleGrant [create, push] to repository owner> for %r" % rule,
++            repr(grant))
++
++    def test_repr_person(self):
++        rule = self.factory.makeGitRule()
++        grantee = self.factory.makePerson()
++        grant = self.factory.makeGitRuleGrant(
++            rule=rule, grantee=grantee, can_push=True)
++        self.assertEqual(
++            "<GitRuleGrant [push] to ~%s> for %r" % (grantee.name, rule),
++            repr(grant))
++
++    def test_destroySelf(self):
++        rule = self.factory.makeGitRule()
++        grants = [
++            self.factory.makeGitRuleGrant(
++                rule=rule, grantee=GitGranteeType.REPOSITORY_OWNER,
++                can_create=True),
++            self.factory.makeGitRuleGrant(rule=rule, can_push=True),
++            ]
++        with person_logged_in(rule.repository.owner):
++            grants[1].destroySelf()
++        self.assertThat(rule.grants, MatchesSetwise(Equals(grants[0])))
 === modified file 'lib/lp/code/xmlrpc/git.py'
 --- lib/lp/code/xmlrpc/git.py	2018-08-28 13:58:37 +0000
 +++ lib/lp/code/xmlrpc/git.py	2018-09-26 15:35:28 +0000
@@ -40,6 +40,7 @@
  from lp.code.interfaces.gitjob import IGitRefScanJobSource
  from lp.code.interfaces.gitlookup import (
      IGitLookup,
++    IGitRuleGrantLookup,
      IGitTraverser,
+     )
  from lp.code.interfaces.gitnamespace import (
@@ -325,3 +326,45 @@
          else:
              # Only macaroons are supported for password authentication.
              return faults.Unauthorized()
++
++    def _isRepositoryOwner(self, requester, repository):
++        try:
++            return requester.inTeam(repository.owner)
++        except Unauthorized:
++            return False
++
++    def _listRefRules(self, requester, translated_path):
++        repository = getUtility(IGitLookup).getByHostingPath(translated_path)
++        grants = getUtility(IGitRuleGrantLookup).getByRulesAffectingPerson(
++            repository, requester)
++
++        lines = []
++        for grant in grants:
++            permissions = []
++            if grant.can_create:
++                permissions.append("create")
++            if grant.can_push:
++                permissions.append("push")
++            if grant.can_force_push:
++                permissions.append("force-push")
++            lines.append(
++                {'ref_pattern': grant.rule.ref_pattern,
++                'permissions': permissions})
++
++        if self._isRepositoryOwner(requester, repository):
++            lines.append({
++                'ref_pattern': '*',
++                'permissions': ['create', 'push', 'force-push']})
++        return lines
++
++    def listRefRules(self, translated_path, auth_params):
++        """See `IGitAPI`"""
++        requester_id = auth_params.get("uid")
++        if requester_id is None:
++            requester_id = LAUNCHPAD_ANONYMOUS
++
++        return run_with_login(
++            requester_id,
++            self._listRefRules,
++            translated_path,
++        )
 === modified file 'lib/lp/code/xmlrpc/tests/test_git.py'
 --- lib/lp/code/xmlrpc/tests/test_git.py	2018-08-28 14:07:38 +0000
 +++ lib/lp/code/xmlrpc/tests/test_git.py	2018-09-26 15:35:28 +0000
@@ -260,6 +260,125 @@
          self.assertEqual(
              initial_count, getUtility(IAllGitRepositories).count())
++    def test_listRefRules(self):
++        # Test that GitGrantRule (ref rule) can be retrieved for a user
++        requester = self.factory.makePerson()
++        repository = removeSecurityProxy(
++            self.factory.makeGitRepository(
++                owner=requester, information_type=InformationType.USERDATA))
++
++        rule = self.factory.makeGitRule(repository)
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=requester, can_push=True, can_create=True)
++
++        results = self.git_api.listRefRules(
++            repository.getInternalPath(),
++            {'uid': requester.id})
++        self.assertEqual(len(results), 2)
++        self.assertEqual(results[0]['ref_pattern'], 'refs/heads/*')
++        self.assertEqual(results[0]['permissions'], ['create', 'push'])
++
++    def test_listRefRules_no_grants(self):
++        # User that has no grants and is not the owner
++        requester = self.factory.makePerson()
++        owner = self.factory.makePerson()
++        repository = removeSecurityProxy(
++            self.factory.makeGitRepository(
++                owner=owner, information_type=InformationType.USERDATA))
++
++        rule = self.factory.makeGitRule(repository)
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=owner, can_push=True, can_create=True)
++
++        results = self.git_api.listRefRules(
++            repository.getInternalPath(),
++            {'uid': requester.id})
++        self.assertEqual(len(results), 0)
++
++    def test_listRefRules_owner_has_default(self):
++        owner = self.factory.makePerson()
++        repository = removeSecurityProxy(
++            self.factory.makeGitRepository(
++                owner=owner, information_type=InformationType.USERDATA))
++
++        rule = self.factory.makeGitRule(
++            repository=repository, ref_pattern=u'refs/heads/master')
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=owner, can_push=True, can_create=True)
++
++        results = self.git_api.listRefRules(
++            repository.getInternalPath(),
++            {'uid': owner.id})
++        self.assertEqual(len(results), 2)
++        # Default grant should be last in pattern
++        self.assertEqual(results[-1]['ref_pattern'], '*')
++
++    def test_listRefRules_owner_is_team(self):
++        member = self.factory.makePerson()
++        owner = self.factory.makeTeam(members=[member])
++        repository = removeSecurityProxy(
++            self.factory.makeGitRepository(
++                owner=owner, information_type=InformationType.USERDATA))
++
++        results = self.git_api.listRefRules(
++            repository.getInternalPath(),
++            {'uid': member.id})
++
++        # Should have default grant as member of owning team
++        self.assertEqual(len(results), 1)
++        self.assertEqual(results[-1]['ref_pattern'], '*')
++
++    def test_listRefRules_owner_is_team_with_grants(self):
++        member = self.factory.makePerson()
++        owner = self.factory.makeTeam(members=[member])
++        repository = removeSecurityProxy(
++            self.factory.makeGitRepository(
++                owner=owner, information_type=InformationType.USERDATA))
++
++        rule = self.factory.makeGitRule(
++            repository=repository, ref_pattern=u'refs/heads/master')
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=owner, can_push=True, can_create=True)
++
++        results = self.git_api.listRefRules(
++            repository.getInternalPath(),
++            {'uid': member.id})
++
++        # Should have default grant as member of owning team
++        self.assertEqual(len(results), 2)
++        self.assertEqual(results[-1]['ref_pattern'], '*')
++
++    def test_listRefRules_owner_is_team_with_grants_to_person(self):
++        member = self.factory.makePerson()
++        other_member = self.factory.makePerson()
++        owner = self.factory.makeTeam(members=[member, other_member])
++        repository = removeSecurityProxy(
++            self.factory.makeGitRepository(
++                owner=owner, information_type=InformationType.USERDATA))
++
++        rule = self.factory.makeGitRule(
++            repository=repository, ref_pattern=u'refs/heads/master')
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=owner, can_push=True, can_create=True)
++
++        rule = self.factory.makeGitRule(
++            repository=repository, ref_pattern=u'refs/heads/tags')
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=member, can_create=True)
++
++        # This should not appear
++        self.factory.makeGitRuleGrant(
++            rule=rule, grantee=other_member, can_push=True)
++
++        results = self.git_api.listRefRules(
++            repository.getInternalPath(),
++            {'uid': member.id})
++
++        # Should have default grant as member of owning team
++        self.assertEqual(len(results), 3)
++        self.assertEqual(results[-1]['ref_pattern'], '*')
++        tags_rule = results[1]
++        self.assertEqual(tags_rule['permissions'], ['create'])
  class TestGitAPI(TestGitAPIMixin, TestCaseWithFactory):
      """Tests for the implementation of `IGitAPI`."""
 === modified file 'lib/lp/registry/personmerge.py'
 --- lib/lp/registry/personmerge.py	2015-09-16 13:30:33 +0000
 +++ lib/lp/registry/personmerge.py	2018-09-26 15:35:28 +0000
@@ -1,4 +1,4 @@
--# Copyright 2009-2015 Canonical Ltd.  This software is licensed under the
++# Copyright 2009-2018 Canonical Ltd.  This software is licensed under the
  # GNU Affero General Public License version 3 (see the file LICENSE).
  """Person/team merger implementation."""
@@ -141,6 +141,25 @@
          ''' % vars())
++def _mergeGitRuleGrant(cur, from_id, to_id):
++    # Update only the GitRuleGrants that will not conflict.
++    cur.execute('''
++        UPDATE GitRuleGrant
++        SET grantee=%(to_id)d
++        WHERE
++            grantee = %(from_id)d
++            AND rule NOT IN (
++                SELECT rule
++                FROM GitRuleGrant
++                WHERE grantee = %(to_id)d
++                )
++        ''' % vars())
++    # and delete those left over.
++    cur.execute('''
++        DELETE FROM GitRuleGrant WHERE grantee = %(from_id)d
++        ''' % vars())
++
++
  def _mergeBranches(from_person, to_person):
      # This shouldn't use removeSecurityProxy.
      branches = getUtility(IBranchCollection).ownedBy(from_person)
@@ -771,8 +790,10 @@
      _mergeAccessArtifactGrant(cur, from_id, to_id)
      _mergeAccessPolicyGrant(cur, from_id, to_id)
++    _mergeGitRuleGrant(cur, from_id, to_id)
      skip.append(('accessartifactgrant', 'grantee'))
      skip.append(('accesspolicygrant', 'grantee'))
++    skip.append(('gitrulegrant', 'grantee'))
      # Update the Branches that will not conflict, and fudge the names of
      # ones that *do* conflict.
 === modified file 'lib/lp/registry/tests/test_personmerge.py'
 --- lib/lp/registry/tests/test_personmerge.py	2016-06-28 21:10:18 +0000
 +++ lib/lp/registry/tests/test_personmerge.py	2018-09-26 15:35:28 +0000
@@ -1,4 +1,4 @@
--# Copyright 2009-2015 Canonical Ltd.  This software is licensed under the
++# Copyright 2009-2018 Canonical Ltd.  This software is licensed under the
  # GNU Affero General Public License version 3 (see the file LICENSE).
  """Tests for merge_people."""
@@ -494,6 +494,41 @@
                  grantee=person,
                  date_created=person_grant_date))
++    def test_merge_gitrulegrants(self):
++        # GitRuleGrants are transferred from the duplicate.
++        rule = self.factory.makeGitRule()
++        person = self.factory.makePerson()
++        grant = self.factory.makeGitRuleGrant(rule=rule)
++        self._do_premerge(grant.grantee, person)
++
++        self.assertEqual(grant.grantee, rule.grants.one().grantee)
++        with person_logged_in(person):
++            self._do_merge(grant.grantee, person)
++        self.assertEqual(person, rule.grants.one().grantee)
++
++    def test_merge_gitrulegrants_conflicts(self):
++        # Conflicting GitRuleGrants are deleted.
++        rule = self.factory.makeGitRule()
++
++        person = self.factory.makePerson()
++        person_grant = self.factory.makeGitRuleGrant(rule=rule, grantee=person)
++        person_grant_date = person_grant.date_created
++
++        duplicate = self.factory.makePerson()
++        self.factory.makeGitRuleGrant(rule=rule, grantee=duplicate)
++
++        self._do_premerge(duplicate, person)
++        with person_logged_in(person):
++            self._do_merge(duplicate, person)
++
++        # Only one grant for the rule exists: the retained person's.
++        self.assertThat(
++            rule.grants.one(),
++            MatchesStructure.byEquality(
++                rule=rule,
++                grantee=person,
++                date_created=person_grant_date))
++
      def test_mergeAsync(self):
          # mergeAsync() creates a new `PersonMergeJob`.
          from_person = self.factory.makePerson()
 === modified file 'lib/lp/security.py'
 --- lib/lp/security.py	2018-09-15 11:38:45 +0000
 +++ lib/lp/security.py	2018-09-26 15:35:28 +0000
@@ -87,6 +87,10 @@
      IGitRepository,
      user_has_special_git_repository_access,
+     )
++from lp.code.interfaces.gitrule import (
++    IGitRule,
++    IGitRuleGrant,
++    )
  from lp.code.interfaces.sourcepackagerecipe import ISourcePackageRecipe
  from lp.code.interfaces.sourcepackagerecipebuild import (
      ISourcePackageRecipeBuild,
@@ -2343,6 +2347,42 @@
          super(EditGitRef, self).__init__(obj, obj.repository)
++class ViewGitRule(DelegatedAuthorization):
++    """Anyone who can see a Git repository can see its access rules."""
++    permission = 'launchpad.View'
++    usedfor = IGitRule
++
++    def __init__(self, obj):
++        super(ViewGitRule, self).__init__(obj, obj.repository)
++
++
++class EditGitRule(DelegatedAuthorization):
++    """Anyone who can edit a Git repository can edit its access rules."""
++    permission = 'launchpad.Edit'
++    usedfor = IGitRule
++
++    def __init__(self, obj):
++        super(EditGitRule, self).__init__(obj, obj.repository)
++
++
++class ViewGitRuleGrant(DelegatedAuthorization):
++    """Anyone who can see a Git repository can see its access grants."""
++    permission = 'launchpad.View'
++    usedfor = IGitRuleGrant
++
++    def __init__(self, obj):
++        super(ViewGitRuleGrant, self).__init__(obj, obj.repository)
++
++
++class EditGitRuleGrant(DelegatedAuthorization):
++    """Anyone who can edit a Git repository can edit its access grants."""
++    permission = 'launchpad.Edit'
++    usedfor = IGitRuleGrant
++
++    def __init__(self, obj):
++        super(EditGitRuleGrant, self).__init__(obj, obj.repository)
++
++
  class AdminDistroSeriesTranslations(AuthorizationBase):
      permission = 'launchpad.TranslationsAdmin'
      usedfor = IDistroSeries
 === modified file 'lib/lp/testing/factory.py'
 --- lib/lp/testing/factory.py	2018-09-13 15:21:05 +0000
 +++ lib/lp/testing/factory.py	2018-09-26 15:35:28 +0000
@@ -1828,6 +1828,31 @@
              path = self.getUniqueString('refs/heads/path').decode('utf-8')
          return getUtility(IGitRefRemoteSet).new(repository_url, path)
++    def makeGitRule(self, repository=None, ref_pattern=u"refs/heads/*",
++                    creator=None, position=None, **repository_kwargs):
++        """Create a Git repository access rule."""
++        if repository is None:
++            repository = self.makeGitRepository(**repository_kwargs)
++        if creator is None:
++            creator = repository.owner
++        with person_logged_in(creator):
++            return repository.addRule(ref_pattern, creator, position=position)
++
++    def makeGitRuleGrant(self, rule=None, grantee=None, grantor=None,
++                         can_create=False, can_push=False,
++                         can_force_push=False):
++        """Create a Git repository access grant."""
++        if rule is None:
++            rule = self.makeGitRule()
++        if grantee is None:
++            grantee = self.makePerson()
++        if grantor is None:
++            grantor = rule.repository.owner
++        with person_logged_in(grantor):
++            return rule.addGrant(
++                grantee, grantor, can_create=can_create, can_push=can_push,
++                can_force_push=can_force_push)
++
      def makeBug(self, target=None, owner=None, bug_watch_url=None,
                  information_type=None, date_closed=None, title=None,
                  date_created=None, description=None, comment=None,
 === modified file 'scripts/close-account.py'
 --- scripts/close-account.py	2018-05-08 13:44:21 +0000
 +++ scripts/close-account.py	2018-09-26 15:35:28 +0000
@@ -1,6 +1,6 @@
  #!/usr/bin/python -S
+ #
--# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
++# Copyright 2009-2018 Canonical Ltd.  This software is licensed under the
  # GNU Affero General Public License version 3 (see the file LICENSE).
  """Remove personal details of a user from the database, leaving a stub."""
@@ -162,6 +162,9 @@
          # Pending items in queues
          ('POExportRequest', 'person'),
++
++        # Access grants
++        ('GitRuleGrant', 'grantee'),
+         ]
      for table, person_id_column in removals:
          table_notification(table)

Launchpad itself

Merge lp:~twom/launchpad/branch-permissions-for-gitapi into lp:launchpad

Commit message

Description of the change

Preview Diff

Subscribers