A gerrit program permission control method and device

By capturing program file information and submitter information from the submission terminal in Gerrit, and using hash value comparison and permission verification, the accuracy of Gerrit program permission control is solved, improving the reliability of the code repository and the efficiency of modification.

CN116186738BActive Publication Date: 2026-06-16INDUSTRIAL AND COMMERCIAL BANK OF CHINA

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
INDUSTRIAL AND COMMERCIAL BANK OF CHINA
Filing Date
2023-03-10
Publication Date
2026-06-16

AI Technical Summary

Technical Problem

Gerrit's program access control cannot precisely restrict program permissions in the codebase, making it difficult to guarantee program quality when inexperienced developers modify critical or security programs. At the same time, too many people restricting permissions will reduce the efficiency of program modification.

Method used

The program file information and submitter information of the submitting terminal are captured by the code submission listening interface. The hash value comparison and preset permission information are used to verify whether the code submitter has modification permissions, and the review process is carried out when necessary.

Benefits of technology

It implements precise permission verification when program code is submitted, improving the reliability and modification efficiency of code in the code repository and preventing unqualified personnel from conducting reviews.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116186738B_ABST
    Figure CN116186738B_ABST
Patent Text Reader

Abstract

The application provides a Gerrit program permission control method and device, which can be used in the financial field or other technical fields. The method comprises the following steps: capturing first program file information and code submitter information through a code submission monitoring interface; obtaining a second hash value according to a code library name and a first program identifier; if it is determined that the first program code corresponding to the first program identifier is different from the second program code according to the first hash value and the second hash value, then verifying whether the code submitter has the modification permission of the program file corresponding to the first program identifier according to the code submitter information and the first program identifier; and if the code submitter has the modification permission of the program file corresponding to the first program identifier, then performing subsequent processing on the first program code corresponding to the first program identifier. The device is used for executing the above method. The Gerrit program permission control method and device provided in the application embodiment improve the reliability of the code in the code library.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of computer technology, and specifically to a Gerrit program permission control method and apparatus. Background Technology

[0002] Gerrit is a source code management software with an access control mechanism that supports program permission control for operations such as code repository cloning, code submission, and code review, which can help enterprises manage code repositories.

[0003] Gerrit's program access control is granular down to the codebase level. This means that anyone with modification and review permissions within a codebase can modify and review all program files within that codebase. Since anyone with these permissions can modify and review any code within the codebase, it's problematic for certain programs, such as critical or security programs. If someone with insufficient development experience modifies these programs, the quality cannot be guaranteed. However, if the number of people with modification permissions is limited, and there are many developers, modifications to general programs outside of critical and security programs still require authorization from authorized personnel, reducing modification efficiency. Therefore, developing a Gerrit-based program access control method that can more precisely restrict program permissions is a pressing issue in this field. Summary of the Invention

[0004] To address the problems in the prior art, embodiments of the present invention provide a method and apparatus for controlling program permissions in Gerrit, which can at least partially solve the problems existing in the prior art.

[0005] In a first aspect, the present invention proposes a Gerrit program permission control method, comprising:

[0006] The code submission monitoring interface captures the first program file information and code submitter information submitted by the submission terminal. The first program file information includes the code repository name, the first program identifier, and the first hash value. The first hash value is the hash value of the first program code corresponding to the first program identifier.

[0007] The second hash value is obtained from the code library corresponding to the code library name based on the code library name and the first program identifier. The second hash value is the hash value of the second program code corresponding to the first program identifier.

[0008] If, based on the first hash value and the second hash value, it is determined that the first program code corresponding to the first program identifier is different from the second program code, then based on the code submitter information and the first program identifier, it is verified whether the code submitter has the permission to modify the program file corresponding to the first program identifier.

[0009] If the code submitter has modification permissions for the program file corresponding to the first program identifier, then the first program code corresponding to the first program identifier will be processed subsequently.

[0010] Secondly, the present invention provides a Gerrit program permission control device, comprising:

[0011] The capture module is used to capture the first program file information and code submitter information submitted by the submission terminal through the code submission listening interface. The first program file information includes the code repository name, the first program identifier, and the first hash value; wherein, the first hash value is the hash value of the first program code corresponding to the first program identifier.

[0012] The module is configured to obtain a second hash value from the code library corresponding to the code library name based on the code library name and the first program identifier, wherein the second hash value is the hash value of the second program code corresponding to the first program identifier;

[0013] The verification module is used to verify whether the code submitter has the right to modify the program file corresponding to the first program identifier if the first program code corresponding to the first program identifier is different from the second program code based on the first hash value and the second hash value.

[0014] The processing module is used to perform subsequent processing on the first program code corresponding to the first program identifier if the code submitter has modification permissions for the program file corresponding to the first program identifier.

[0015] Thirdly, the present invention provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the Gerrit program access control method described in any of the above embodiments.

[0016] Fourthly, the present invention provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the Gerrit program access control method described in any of the above embodiments.

[0017] Fifthly, the present invention provides a computer program product, the computer program product comprising a computer program, which, when executed by a processor, implements the Gerrit program access control method described in any of the above embodiments.

[0018] The Gerrit program permission control method and apparatus provided in this invention captures first program file information and code submitter information submitted by a submission terminal through a code submission monitoring interface. The first program file information includes a code repository name, a first program identifier, and a first hash value. A second hash value is obtained from the code repository corresponding to the code repository name based on the code repository name and the first program identifier. The second hash value is the hash value of the second program code corresponding to the first program identifier. If, based on the first hash value and the second hash value, it is determined that the first program code corresponding to the first program identifier is different from the second program code, then, based on the code submitter information and the first program identifier, it verifies whether the code submitter has modification permissions for the program file corresponding to the first program identifier. If the code submitter has modification permissions for the program file corresponding to the first program identifier, then the first program code corresponding to the first program identifier is further processed. This achieves accurate program permission verification during program code submission, improving the reliability of code in the code repository. Attached Figure Description

[0019] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort. In the drawings:

[0020] Figure 1 This is a flowchart illustrating the Gerrit program permission control method provided in the first embodiment of the present invention.

[0021] Figure 2 This is a flowchart illustrating the Gerrit program permission control method provided in the second embodiment of the present invention.

[0022] Figure 3 This is a flowchart illustrating the Gerrit program permission control method provided in the third embodiment of the present invention.

[0023] Figure 4 This is a flowchart illustrating the Gerrit program permission control method provided in the fourth embodiment of the present invention.

[0024] Figure 5This is a flowchart illustrating the Gerrit program permission control method provided in the fifth embodiment of the present invention.

[0025] Figure 6 This is a flowchart illustrating the Gerrit program permission control method provided in the sixth embodiment of the present invention.

[0026] Figure 7 This is a schematic diagram of the Gerrit program permission control device provided in the seventh embodiment of the present invention.

[0027] Figure 8 This is a schematic diagram of the Gerrit program permission control device provided in the eighth embodiment of the present invention.

[0028] Figure 9 This is a schematic diagram of the Gerrit program permission control device provided in the ninth embodiment of the present invention.

[0029] Figure 10 This is a schematic diagram of the Gerrit program permission control device provided in the tenth embodiment of the present invention.

[0030] Figure 11 This is a schematic diagram of the Gerrit program permission control device provided in the eleventh embodiment of the present invention.

[0031] Figure 12 This is a schematic diagram of the Gerrit program permission control device provided in the twelfth embodiment of the present invention.

[0032] Figure 13 This is a schematic diagram of the physical structure of the electronic device provided in the thirteenth embodiment of the present invention. Detailed Implementation

[0033] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the embodiments of the present invention will be further described in detail below with reference to the accompanying drawings. Here, the illustrative embodiments and descriptions of the present invention are used to explain the present invention, but are not intended to limit the present invention. It should be noted that, unless otherwise specified, the embodiments and features in the embodiments of this application can be arbitrarily combined with each other.

[0034] The following describes the specific implementation process of the Gerrit program permission control method provided in this embodiment of the invention, taking the server as the execution subject as an example.

[0035] Figure 1 This is a flowchart illustrating the Gerrit program permission control method provided in the first embodiment of the present invention, as shown below. Figure 1 As shown, the Gerrit program permission control method provided in this embodiment of the invention includes:

[0036] S101. Capture the first program file information and code submitter information submitted by the submission terminal through the code submission listening interface. The first program file information includes the code repository name, the first program identifier, and the first hash value. The first hash value is the hash value of the first program code corresponding to the first program identifier.

[0037] Specifically, after completing code modifications, the code submitter can send a first program file and submitter information to the server via a submission terminal. The server can capture the first program file and submitter information through a code submission listening port. The first program file information includes a code repository name, a first program identifier, and a first hash value. The code repository name is used to uniquely identify the code repository. The first program identifier corresponds to the first program code. The first hash value is the hash value of the first program code corresponding to the first program identifier. The submission terminal includes, but is not limited to, desktop computers, laptops, and other terminals capable of program development.

[0038] For example, the Gerrit commit listener interface class `CommitValidationListener` can be used to capture the first program file information and committer information submitted by the commit terminal. The repository name can be obtained using `receiveEvent.getProjectNameKey().get()`, the first hash value using `receiveEvent.commit.getName()`, and the committer information using `receiveEvent.user.state().userName().get()`. The committer information can include the committer's name.

[0039] S102. Obtain a second hash value from the code library corresponding to the code library name according to the code library name and the first program identifier. The second hash value is the hash value of the second program code corresponding to the first program identifier.

[0040] Specifically, the server queries the latest version of the program code corresponding to the first program identifier in the code library corresponding to the code library name, based on the first program identifier, and uses it as the second program code corresponding to the first program identifier, and obtains the second hash value based on the second program code corresponding to the first program identifier.

[0041] S103. If, based on the first hash value and the second hash value, it is determined that the first program code corresponding to the first program identifier is different from the second program code, then based on the code submitter information and the first program identifier, it is verified whether the code submitter has the permission to modify the program file corresponding to the first program identifier.

[0042] Specifically, the server compares the first hash value and the second hash value. If the first hash value and the second hash value are different, then the first program code corresponding to the first program identifier is different from the second program code. The server will verify whether the code submitter has modification permissions for the program file corresponding to the first program identifier based on the code submitter information and the first program identifier.

[0043] Understandably, if the first hash value and the second hash value are the same, it means that the first program code corresponding to the first program identifier is the same as the second program code. In this case, the server does not need to verify the submitter's permissions and can return a message to the submitting terminal indicating that the code has not been modified.

[0044] For example, the server queries the modification personnel information corresponding to the first program identifier based on the first program identifier. If the modification personnel information corresponding to the first program identifier includes the code submitter information, then the code submitter has modification permissions for the program file corresponding to the first program identifier. If the modification personnel information corresponding to the first program identifier does not include the code submitter information, then the code submitter does not have modification permissions for the program file corresponding to the first program identifier. The modification personnel information corresponding to the first program identifier is preset.

[0045] S104. If the code submitter has modification rights to the program file corresponding to the first program identifier, then the first program code corresponding to the first program identifier shall be processed subsequently.

[0046] Specifically, after verifying whether the code submitter has modification permissions for the program file corresponding to the first program identifier, if the code submitter has modification permissions for the program file corresponding to the first program identifier, the server will continue to process the first program code corresponding to the first program identifier. For the first program code corresponding to the first program identifier that requires review before being added to the database, the first program code corresponding to the first program identifier is temporarily stored for review by reviewers. For the first program code corresponding to the first program identifier that can be added to the database without review, the server will store the first program code corresponding to the first program identifier in the code database corresponding to the code database name.

[0047] The Gerrit program permission control method provided in this embodiment of the invention captures the first program file information and code submitter information submitted by the submission terminal through a code submission monitoring interface. The first program file information includes a code repository name, a first program identifier, and a first hash value. A second hash value is obtained from the code repository corresponding to the code repository name based on the code repository name and the first program identifier. The second hash value is the hash value of the second program code corresponding to the first program identifier. If, based on the first hash value and the second hash value, it is determined that the first program code corresponding to the first program identifier is different from the second program code, then, based on the code submitter information and the first program identifier, it verifies whether the code submitter has modification permissions for the program file corresponding to the first program identifier. If the code submitter has modification permissions for the program file corresponding to the first program identifier, then the first program code corresponding to the first program identifier is further processed. This achieves accurate program permission verification during program code submission and improves the reliability of code in the code repository.

[0048] Figure 2 This is a flowchart illustrating the Gerrit program permission control method provided in the second embodiment of the present invention, as shown below. Figure 2 As shown, based on the above embodiments, the Gerrit program permission control method provided by the embodiments of the present invention further includes:

[0049] S201. Capture the third program file information and code reviewer information submitted by the review terminal through the code review monitoring interface. The third program file information includes the code library name, the third program identifier, and the third hash value. The third hash value is the hash value of the third program code corresponding to the third program identifier.

[0050] Specifically, after completing the code review, the code reviewer can send third-party program file information and code reviewer information to the server through the review terminal. The server can capture the third-party program file information and code reviewer information through the code review listening port. The third-party program file information includes the code repository name, the third-party program identifier, and the third hash value. The third-party program identifier corresponds to the third-party program code. The third hash value is the hash value of the third-party program code corresponding to the third-party program identifier. The review terminal includes, but is not limited to, desktop computers, laptops, and other terminals capable of program review.

[0051] For example, Gerrit's code review listener interface class MergeValidationListener can be used to capture information about third-party application files and code reviewers submitted by the review terminal. The code reviewer information may include a code reviewer identifier. The repository name can be obtained using `destProject.getName()`, and the third hash value can be obtained using `revWalk.parseCommit(commit.notes().getCurrentPatchSet().commitId()).getName()`.

[0052] S202. Based on the code reviewer information and the third program identifier, determine whether the code reviewer has the authority to review the program file corresponding to the third program identifier;

[0053] Specifically, the server will verify whether the code reviewer has the authority to review the program file corresponding to the third program identifier based on the code reviewer information and the third program identifier.

[0054] For example, the server queries the reviewer information corresponding to the third program identifier. If the reviewer information includes the code reviewer information, then the code reviewer has review permissions for the program file corresponding to the third program identifier. If the reviewer information does not include the code reviewer information, then the code reviewer does not have review permissions for the program file corresponding to the third program identifier. The reviewer information corresponding to the third program identifier is preset.

[0055] S203. If the code reviewer has review permissions for the program file corresponding to the third program identifier, then the third program code corresponding to the third program identifier is stored in the code library corresponding to the code library name.

[0056] Specifically, after verifying whether the code reviewer has review permissions for the program file corresponding to the third program identifier, if the code reviewer has review permissions for the program file corresponding to the third program identifier, the server will add the third program code corresponding to the third program identifier to the database, that is, store the third program code corresponding to the third program identifier in the database corresponding to the database name.

[0057] The Gerrit program permission control method provided in this embodiment of the invention verifies the review permissions of code reviewers to prevent unqualified personnel from reviewing the program, thereby further improving the reliability of the program code.

[0058] Based on the above embodiments, the Gerrit program permission control method provided in this embodiment of the invention further includes:

[0059] Before determining whether the code reviewer has review authority over the program file corresponding to the third program identifier based on the code reviewer information and the third program identifier, it is determined whether the third program identifier corresponds to a preset type program file.

[0060] Specifically, before determining whether the code reviewer has review permissions for the program file corresponding to the third program identifier based on the code reviewer information and the third program identifier, the server determines whether the program file corresponding to the third program identifier is a program file of a preset type. If it is a program file of a preset type, then it is necessary to verify whether the code reviewer has review permissions for the program file corresponding to the third program identifier. If the program file corresponding to the third program identifier is not a program file of a preset type, then it is not necessary to review permissions for the program file corresponding to the third program identifier. Preset type program files, such as critical program files or security program files, are program files that require permission verification, and are set according to actual needs; this embodiment of the invention does not impose limitations.

[0061] By judging the program files of preset types, the program files that require permission verification are verified, while those that do not require permission verification are not verified. This reduces the number of permissions that need to be verified and improves data processing efficiency.

[0062] Figure 3 This is a flowchart illustrating the Gerrit program permission control method provided in the third embodiment of the present invention, as shown below. Figure 3 As shown, based on the above embodiments, the Gerrit program permission control method provided by the embodiments of the present invention further includes:

[0063] S301. Obtain a fourth hash value from the code library corresponding to the code library name based on the code library name and the third program identifier. The fourth hash value is the hash value of the fourth program code corresponding to the third program identifier.

[0064] Specifically, the server queries the code repository corresponding to the code repository name based on the third program identifier to find the latest version of the program code corresponding to the third program identifier, which is used as the fourth program code corresponding to the third program identifier, and obtains the fourth hash value based on the fourth program code corresponding to the third program identifier.

[0065] S302. Based on the third hash value and the fourth hash value, determine whether the third program code corresponding to the third program identifier is different from the fourth program code.

[0066] Specifically, the server compares the third hash value and the fourth hash value. If the third hash value and the fourth hash value are different, then the third program code corresponding to the third program identifier is different from the fourth program code.

[0067] Figure 4 This is a flowchart illustrating the Gerrit program permission control method provided in the fourth embodiment of the present invention, as shown below. Figure 4 As shown, based on the above embodiments, the Gerrit program permission control method provided by the embodiments of the present invention further includes:

[0068] S401. Receive an audit permission query request sent by the requesting terminal. The audit permission query request includes audit code information and audit requester information. The audit code information includes code library name and second program identifier.

[0069] Specifically, when a requester is unsure whether they have the authority to review the program file corresponding to the second program identifier, they can send a review authority query request to the server via a requesting terminal. The server can receive the review authority query request, which includes review code information and requester information. The review code information includes the code repository name and the second program identifier. The requesting terminal includes, but is not limited to, desktop computers, laptops, and other similar devices.

[0070] S402. Based on the review requester information and the second program identifier, verify whether the review requester has review permissions for the program file corresponding to the second program identifier.

[0071] Specifically, the server will verify whether the requester has the authority to review the program file corresponding to the second program identifier based on the requester information and the second program identifier.

[0072] For example, the server queries the reviewer information corresponding to the second program identifier based on the second program identifier. If the reviewer information corresponding to the second program identifier includes the review requester information, then the review requester has review permissions for the program file corresponding to the second program identifier. If the reviewer information corresponding to the second program identifier does not include the review requester information, then the code reviewer does not have review permissions for the program file corresponding to the second program identifier. The reviewer information corresponding to the second program identifier is preset.

[0073] S403. If the requester has the authority to review the program file corresponding to the second program identifier, a notification message indicating that the requester has the authority to review is sent to the requesting terminal.

[0074] Specifically, after verifying whether the requester has review permissions for the program file corresponding to the second program identifier, if the server determines that the requester has review permissions, it will send a notification message indicating that the requester has review permissions to the requesting terminal. After seeing the notification message indicating that the requester has review permissions, the requester can review the program code in the program file corresponding to the second program identifier.

[0075] Figure 5 This is a flowchart illustrating the Gerrit program permission control method provided in the fifth embodiment of the present invention, as shown below. Figure 5 As shown, based on the above embodiments, further, the step of determining that the first program code corresponding to the first program identifier is different from the second program code based on the first hash value and the second hash value includes:

[0076] S501. Call a third-party plugin to perform code difference query and obtain code difference query results; wherein, the third-party plugin is provided with the code library name, the first hash value and the second hash value;

[0077] Specifically, the server can perform a difference query on the first program code and the second program code through a third-party plugin. The server provides the code repository name, the first hash value, and the second hash value to the third-party plugin, and the third-party plugin can return a code difference query result to the server based on the code repository name, the first hash value, and the second hash value. The code difference query result indicates whether a difference exists or not.

[0078] The third-party plugin mentioned above is, for example, DiffCommand.java from the JGit third-party tool JAR package. Using an existing third-party plugin to verify the similarity between the first and second program codes reduces the workload of program development. The JGit third-party tool JAR package is a plugin supported by Gerrit itself, making it easy to use and requiring no modification to the Gerrit source code.

[0079] S502. If the code difference query result indicates that there is a difference, then it is determined that the first program code and the second program code are different.

[0080] Specifically, after the code difference query result shows that there is a difference, the server can determine that the first program code and the second program code are different, indicating that the code submitter has modified the first program code, and the code submitter's modification permission needs to be reviewed.

[0081] Figure 6 This is a flowchart illustrating the Gerrit program permission control method provided in the sixth embodiment of the present invention, as shown below. Figure 6 As shown, based on the above embodiments, further, the step of verifying whether the code submitter has modification permissions for the program file corresponding to the first program identifier based on the code submitter information and the first program identifier includes:

[0082] S601. Based on the code submitter information, query the program identifier for which the code submitter has modification permissions;

[0083] Specifically, the server queries the program identifiers of the code submitter's modification permissions based on the code submitter information. These program identifiers represent which program files the code submitter has modification permissions for. The correspondence between the code submitter information and the program identifiers of the code submitter's modification permissions is preset. The program identifiers of the code submitter's modification permissions may include one program identifier, or two or more program identifiers.

[0084] S602. If it is determined that the program identifier for which the code submitter has modification rights includes the first program identifier, then the code submitter has modification rights to the program file corresponding to the first program identifier.

[0085] Specifically, the server determines whether the program identifiers for which the code submitter has modification rights include the first program identifier. That is, it compares each program identifier in the program identifiers for which the code submitter has modification rights with the first program identifier. If any program identifier in the program identifiers for which the code submitter has modification rights is the same as the first program identifier, then the program identifiers for which the code submitter has modification rights include the first program identifier, and the code submitter has modification rights to the program file corresponding to the first program identifier. If no program identifier in the program identifiers for which the code submitter has modification rights is the same as the first program identifier, then the program identifiers for which the code submitter has modification rights do not include the first program identifier, and the code submitter does not have modification rights to the program file corresponding to the first program identifier.

[0086] Based on the above embodiments, the subsequent processing of the first program code corresponding to the first program identifier further includes:

[0087] If the first program code corresponding to the first program identifier needs to be reviewed, then the first program code corresponding to the first program identifier is stored in the temporary library corresponding to the code library name for review.

[0088] If the first program code corresponding to the first program identifier does not require review, then the first program code corresponding to the first program identifier is stored in the code library corresponding to the code library name.

[0089] Specifically, the server determines whether the first program code corresponding to the first program identifier needs to be reviewed. If review is required, the first program code corresponding to the first program identifier is stored in a temporary library corresponding to the code library name. The temporary library is used to store program code that needs review but has not yet been reviewed. If review is not required, the first program code corresponding to the first program identifier is stored in the code library corresponding to the code library name. Whether the program code corresponding to the first program identifier needs to be reviewed is preset.

[0090] For example, code administrators can specify program code that requires review and store the program identifiers corresponding to these code entries in a review query table. The server checks the review query table to see if the first program identifier exists. If the first program identifier exists in the review query table, the corresponding first program code needs to be reviewed. If the first program identifier does not exist in the review query table, the corresponding first program code does not need to be reviewed.

[0091] The repository administrator can maintain the modification and review permissions for program files. Information about personnel with modification permissions for program files corresponding to a program identifier is stored, along with the program identifier itself. Information about personnel with review permissions for program files corresponding to a program identifier is also stored, along with the program identifier itself. Furthermore, the repository administrator can categorize program files, for example, into level one and level two categories. Level one program files do not require modification and review permission verification, while level two program files must undergo modification and review permission verification.

[0092] A Gerrit program access control module is established to maintain the modification and review permissions corresponding to the program files. This module also provides a query interface to easily check whether the code submitter has modification permissions for the program files and whether the code reviewer has review permissions.

[0093] To implement Gerrit's program permission management functionality, a program information management module can be established first. This module can resolve the issue of which program files require permission management. The code repository administrator maintains the user permission information for programs in the code repository, including the code repository name, program path, users who can modify the code, and users who can approve the code. The Gerrit program permission control method provided in this embodiment is a Gerrit-based extended program permission control system, which solves the problem of Gerrit lacking program permission control functionality. Gerrit's program permission control can be implemented by creating Gerrit plugins, without requiring secondary modifications to the Gerrit source code, thus avoiding impact on the official code logic and facilitating maintenance.

[0094] You can use the plugin generation command provided by Gerrit to create new plugin projects (Java language projects).

[0095] The following is the process of extending code commit permission control.

[0096] (1) Implement the Gerrit code submission listener interface class CommitValidationListener using implementations, and create a code submission program permission control class. The CommitValidationListener code submission listener interface class can be extended using Java implementations to create a code submission program permission control class, implementing program permission verification during code submission, thereby controlling the success and failure of code submission and achieving the effect of program permission control during the code submission stage.

[0097] Code commit listener interface class name: CommitValidationListener

[0098] The name of the listener function in the interface class is: onCommitReceived

[0099] The parameters of the listener function are: CommitReceivedEvent and receiveEvent.

[0100] The return type of the listener function is: List <commitvalidationmessage>The function returns `returnImmutableList.of()`, indicating that the code submission was successful.

[0101] The exception throwing class of the listener function is CommitValidationException. Throwing an exception like newCommitValidationException(xxx) indicates that the code submission failed and returns the error message xxx to the code submitter.

[0102] (2) Use the CommitValidationListener code to submit the function parameters of the listener interface class to obtain the following key information.

[0103] Code repository name: receiveEvent.getProjectNameKey().get()

[0104] Current commit ID hash: receiveEvent.commit.getName()

[0105] And obtain the hash value of the parent commit ID through receiveEvent.commit.getParent(0).getId().getName().

[0106] Using the above information, the DiffCommand.java code submission difference query class in the JGit third-party tool JAR package can be used to obtain the differences between the currently committed code and the corresponding code in the code repository.

[0107] (3) Utilize the obtained program file information, as well as the code submitter information provided by the following CommitValidationListener code submission listener interface class:

[0108] Get the submitter's name: receiveEvent.user.state().userName().get()

[0109] The program information management module queries the modification permission information of the current program file and verifies whether the current code submitter has the necessary permissions. If not, the CommitValidationException exception class and error message are thrown to prevent the code submission.

[0110] throw new CommitValidationException(error message).

[0111] The following is the process of extending code review access control.

[0112] (1) Implement the Gerrit code submission listener interface class MergeValidationListener using implementations to create a code review program permission control class. The code submission listener interface class MergeValidationListener can be extended using Java implementations to create a code review program permission control class, implementing program permission verification during code review, thereby controlling the success and failure of code review and submission to the repository, achieving the effect of program permission control during the code review stage.

[0113] Code submission listener interface class name: MergeValidationListener

[0114] The name of the listener function in the interface class is: onPreMerge

[0115] The exception throwing class of the listener function is MergeValidationException. Throwing an exception like `throw newMergeValidationException(xxx)` indicates that the code review and entry into the database failed, and returns the error message xxx to the code reviewer. If no exception is thrown, it means that the code review and entry into the database was successful.

[0116] The parameters of the listening function can be set according to actual needs, and this embodiment of the invention does not impose any limitations.

[0117] (2) In the code review program permission control class, the following key information is obtained by using the function parameters of the MergeValidationListener code review and database entry listening interface class.

[0118] Code repository name: destProject.getName()

[0119] Current commit ID hash:

[0120] revWalk.parseCommit(commit.notes().getCurrentPatchSet().commitId()).getName();

[0121] Parent commit ID hash: revWalk.parseCommit(commit.notes().getCurrentPatchSet().commitId()).getParent(0).getName();

[0122] Using the above information, the DiffCommand.java code submission difference query class in the JGit third-party tool JAR package can be used to obtain the differences between the currently committed code and the corresponding code in the code repository.

[0123] (3) The program file information currently being reviewed, and the code reviewer information provided by the MergeValidationListener code review submission interface class:

[0124] Get the approver's name: caller.state().userName().get()

[0125] The plugin queries the current program file's review permission information from the program information management module, verifies whether the current code reviewer has the necessary permissions, and if not, throws the following exception and error message to prevent the code from being reviewed and added to the repository.

[0126] throw new MergeValidationException(error message).

[0127] Figure 7 This is a schematic diagram of the Gerrit program permission control device provided in the seventh embodiment of the present invention, as shown below. Figure 7 As shown, the Gerrit program permission control device provided in this embodiment of the invention includes a capture module 701, an acquisition module 702, a verification module 703, and a processing module 704, wherein:

[0128] The capture module 701 is used to capture the first program file information and code submitter information submitted by the submission terminal through the code submission listening interface. The first program file information includes a code repository name, a first program identifier, and a first hash value. The first hash value is the hash value of the first program code corresponding to the first program identifier. The obtaining module 702 is used to obtain a second hash value from the code repository corresponding to the code repository name based on the code repository name and the first program identifier. The second hash value is the hash value of the second program code corresponding to the first program identifier. The verification module 703 is used to verify whether the code submitter has modification permissions for the program file corresponding to the first program identifier if the first program code corresponding to the first program identifier is different from the second program code based on the first hash value and the second hash value. The processing module 704 is used to perform subsequent processing on the first program code corresponding to the first program identifier if the code submitter has modification permissions for the program file corresponding to the first program identifier.

[0129] Specifically, after completing the code modifications, the code submitter can send the first program file and code submitter information to the capture module 701 via the submission terminal. The capture module 701 can capture the first program file and code submitter information through the code submission listening port. The first program file information includes a code repository name, a first program identifier, and a first hash value. The code repository name is used to uniquely identify the code repository. The first program identifier corresponds to the first program code. The first hash value is the hash value of the first program code corresponding to the first program identifier. The submission terminal includes, but is not limited to, desktop computers, laptops, and other terminals capable of program development.

[0130] The module 702 queries the latest version of the program code corresponding to the first program identifier in the code library corresponding to the code library name, based on the first program identifier, and uses it as the second program code corresponding to the first program identifier, and obtains the second hash value based on the second program code corresponding to the first program identifier.

[0131] The verification module 703 compares the first hash value and the second hash value. If the first hash value and the second hash value are different, then the first program code corresponding to the first program identifier is different from the second program code. The server will verify whether the code submitter has modification permissions for the program file corresponding to the first program identifier based on the code submitter information and the first program identifier.

[0132] After verifying whether the code submitter has modification permissions for the program file corresponding to the first program identifier, processing module 704 will continue processing the first program code corresponding to the first program identifier if the code submitter has such permissions. For the first program code corresponding to the first program identifier that requires review before being added to the database, the first program code corresponding to the first program identifier is temporarily stored for review. For the first program code corresponding to the first program identifier that can be added to the database without review, the server will store the first program code corresponding to the first program identifier in the database corresponding to the database name.

[0133] The Gerrit program permission control device provided in this embodiment of the invention captures first program file information and code submitter information submitted by a submission terminal through a code submission monitoring interface. The first program file information includes a code repository name, a first program identifier, and a first hash value. A second hash value is obtained from the code repository corresponding to the code repository name based on the code repository name and the first program identifier. The second hash value is the hash value of the second program code corresponding to the first program identifier. If, based on the first hash value and the second hash value, it is determined that the first program code corresponding to the first program identifier is different from the second program code, then, based on the code submitter information and the first program identifier, it verifies whether the code submitter has modification permissions for the program file corresponding to the first program identifier. If the code submitter has modification permissions for the program file corresponding to the first program identifier, then the first program code corresponding to the first program identifier is further processed. This achieves permission verification during program code submission and improves the reliability of code in the code repository.

[0134] Figure 8 This is a schematic diagram of the Gerrit program permission control device provided in the eighth embodiment of the present invention, as shown below. Figure 8 As shown, based on the above embodiments, the Gerrit program permission control device provided in this embodiment of the invention further includes an information capture module 705, a first permission verification module 706, and an input module 707, wherein:

[0135] The information capture module 705 is used to capture the third program file information and code reviewer information submitted by the review terminal through the code review monitoring interface. The third program file information includes the code library name, the third program identifier, and the third hash value. The third hash value is the hash value of the third program code corresponding to the third program identifier. The first permission verification module 706 is used to verify whether the code reviewer has the review permission for the program file corresponding to the third program identifier based on the code reviewer information and the third program identifier. The storage module 707 is used to store the third program code corresponding to the third program identifier into the code library corresponding to the code library name if the code reviewer has the review permission for the program file corresponding to the third program identifier.

[0136] Figure 9 This is a schematic diagram of the Gerrit program permission control device provided in the ninth embodiment of the present invention, as shown below. Figure 9 As shown, based on the above embodiments, the Gerrit program permission control device provided in this embodiment of the invention further includes a hash value acquisition module 708 and a determination module 709, wherein:

[0137] The hash value acquisition module 708 is used to obtain a fourth hash value from the code library corresponding to the code library name based on the code library name and the third program identifier, wherein the fourth hash value is the hash value of the fourth program code corresponding to the third program identifier; the determination module 709 is used to determine whether the third program code corresponding to the third program identifier and the fourth program code are different based on the third hash value and the fourth hash value.

[0138] Figure 10 This is a schematic diagram of the Gerrit program permission control device provided in the tenth embodiment of the present invention, as shown below. Figure 10 As shown, based on the above embodiments, the Gerrit program permission control device provided in this embodiment of the invention further includes a receiving module 710, a second permission verification module 711, and a sending module 712, wherein:

[0139] The receiving module 710 is used to receive an audit permission query request sent by the requesting terminal. The audit permission query request includes audit code information and audit requester information. The audit code information includes a code library name and a second program identifier. The second permission verification module 711 is used to verify whether the audit requester has audit permission for the program file corresponding to the second program identifier based on the audit requester information and the second program identifier. The sending module 712 is used to send a prompt message indicating that the audit requester has audit permission to the requesting terminal if the audit requester has audit permission for the program file corresponding to the second program identifier.

[0140] Figure 11 This is a schematic diagram of the Gerrit program permission control device provided in the eleventh embodiment of the present invention, as shown below. Figure 11 As shown, based on the above embodiments, the verification module 703 further includes a calling unit 7031 and a determining unit 7032, wherein:

[0141] The calling unit 7031 is used to call a third-party plugin to perform code difference query and obtain code difference query results; wherein, the third-party plugin is provided with the code library name, the first hash value and the second hash value; the determining unit 7032 is used to determine that the first program code and the second program code are different if the code difference query result is that there is a difference.

[0142] Figure 12 This is a schematic diagram of the Gerrit program permission control device provided in the twelfth embodiment of the present invention, as shown below. Figure 12 As shown, based on the above embodiments, the verification module 703 further includes a query unit 7033 and a judgment unit 7034, wherein:

[0143] The query unit 7033 is used to query the program identifier that the code submitter has modification permission for based on the code submitter information; the judgment unit 7034 is used to determine that if the program identifier that the code submitter has modification permission for includes the first program identifier, then the code submitter has modification permission for the program file corresponding to the first program identifier.

[0144] Based on the above embodiments, the processing module 704 is further specifically used for:

[0145] If the first program code corresponding to the first program identifier needs to be reviewed, then the first program code corresponding to the first program identifier is stored in the temporary library corresponding to the code library name for review; if the first program code corresponding to the first program identifier does not need to be reviewed, then the first program code corresponding to the first program identifier is stored in the code library corresponding to the code library name.

[0146] The embodiments of the device provided in this invention can be used to execute the processing flow of the above-described method embodiments. Its functions will not be repeated here, but can be referred to the detailed description of the above-described method embodiments.

[0147] It should be noted that the Gerrit program access control method and device provided in the embodiments of the present invention can be used in the financial field, or in any technical field other than the financial field. The embodiments of the present invention do not limit the application field of the Gerrit program access control method and device.

[0148] Figure 13 This is a schematic diagram of the physical structure of an electronic device provided in an embodiment of the present invention, as shown below. Figure 13 As shown, the electronic device may include: a processor 1301, a communications interface 1302, a memory 1303, and a communications bus 1304, wherein the processor 1301, the communications interface 1302, and the memory 1303 communicate with each other through the communications bus 1304. The processor 1301 can invoke logical instructions in the memory 1303 to execute the following method: capturing first program file information and code submitter information submitted by a submission terminal through a code submission monitoring interface, wherein the first program file information includes a code repository name, a first program identifier, and a first hash value; wherein the first hash value is the hash value of the first program code corresponding to the first program identifier; obtaining a second hash value from the code repository corresponding to the code repository name based on the code repository name and the first program identifier, wherein the second hash value is the hash value of the second program code corresponding to the first program identifier; if it is determined from the first hash value and the second hash value that the first program code corresponding to the first program identifier is different from the second program code, then verifying whether the code submitter has modification permission for the program file corresponding to the first program identifier based on the code submitter information and the first program identifier; if the code submitter has modification permission for the program file corresponding to the first program identifier, then performing subsequent processing on the first program code corresponding to the first program identifier.

[0149] Furthermore, the logical instructions in the aforementioned memory 1303 can be implemented as software functional units and, when sold or used as independent products, can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0150] This embodiment discloses a computer program product, which includes a computer program stored on a computer-readable storage medium. The computer program includes program instructions, and when the program instructions are executed by a computer, the computer can execute the methods provided in the above-described method embodiments, such as: capturing first program file information and code submitter information submitted by a submission terminal through a code submission monitoring interface, wherein the first program file information includes a code repository name, a first program identifier, and a first hash value; wherein the first hash value is the hash value of the first program code corresponding to the first program identifier; obtaining a second hash value from the code repository corresponding to the code repository name based on the code repository name and the first program identifier, wherein the second hash value is the hash value of the second program code corresponding to the first program identifier; if it is determined from the first hash value and the second hash value that the first program code corresponding to the first program identifier is different from the second program code, then verifying whether the code submitter has modification rights to the program file corresponding to the first program identifier based on the code submitter information and the first program identifier; if the code submitter has modification rights to the program file corresponding to the first program identifier, then performing subsequent processing on the first program code corresponding to the first program identifier.

[0151] This embodiment provides a computer-readable storage medium storing a computer program that causes a computer to execute the methods provided in the above-described method embodiments. For example, the method includes: capturing first program file information and code submitter information submitted by a submission terminal through a code submission monitoring interface; the first program file information including a code repository name, a first program identifier, and a first hash value; wherein the first hash value is the hash value of the first program code corresponding to the first program identifier; obtaining a second hash value from the code repository corresponding to the code repository name based on the code repository name and the first program identifier; the second hash value being the hash value of the second program code corresponding to the first program identifier; if, based on the first hash value and the second hash value, it is determined that the first program code corresponding to the first program identifier is different from the second program code, then, based on the code submitter information and the first program identifier, verifying whether the code submitter has modification permissions for the program file corresponding to the first program identifier; if the code submitter has modification permissions for the program file corresponding to the first program identifier, then performing subsequent processing on the first program code corresponding to the first program identifier.

[0152] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0153] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0154] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0155] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0156] In the description of this specification, references to terms such as "an embodiment," "a specific embodiment," "some embodiments," "for example," "example," "specific example," or "some examples," etc., indicate that a specific feature, structure, material, or characteristic described in connection with that embodiment or example is included in at least one embodiment or example of the invention. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples.

[0157] The specific embodiments described above further illustrate the purpose, technical solution, and beneficial effects of the present invention. It should be understood that the above descriptions are merely specific embodiments of the present invention and are not intended to limit the scope of protection of the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the scope of protection of the present invention.< / commitvalidationmessage>

Claims

1. A Gerrit program access control method, characterized in that, include: The code submission monitoring interface captures the first program file information and code submitter information submitted by the submission terminal. The first program file information includes the code repository name, the first program identifier, and the first hash value. The first hash value is the hash value of the first program code corresponding to the first program identifier. The second hash value is obtained from the code library corresponding to the code library name based on the code library name and the first program identifier. The second hash value is the hash value of the second program code corresponding to the first program identifier. If, based on the first hash value and the second hash value, it is determined that the first program code corresponding to the first program identifier is different from the second program code, then based on the code submitter information and the first program identifier, it is verified whether the code submitter has the permission to modify the program file corresponding to the first program identifier. If the code submitter has modification permissions for the program file corresponding to the first program identifier, then the first program code corresponding to the first program identifier is further processed; wherein, the code submission monitoring interface is extended by creating a Gerrit plugin; wherein, the Gerrit program permission control method further includes: capturing the third program file information and code reviewer information submitted by the review terminal through the code review monitoring interface, wherein the third program file information includes the code repository name, the third program identifier, and the third hash value; wherein, the third hash value is the hash value of the third program code corresponding to the third program identifier; based on the code reviewer information and the third program identifier, verifying whether the code reviewer has review permissions for the program file corresponding to the third program identifier; if the code reviewer has review permissions for the program file corresponding to the third program identifier, then storing the third program code corresponding to the third program identifier in the code repository corresponding to the code repository name.

2. The method according to claim 1, characterized in that, Also includes: The fourth hash value is obtained from the code library corresponding to the code library name based on the code library name and the third program identifier. The fourth hash value is the hash value of the fourth program code corresponding to the third program identifier. Based on the third hash value and the fourth hash value, determine whether the third program code corresponding to the third program identifier is different from the fourth program code.

3. The method according to claim 1, characterized in that, Also includes: The system receives an audit permission query request sent by a requesting terminal. The audit permission query request includes audit code information and audit requester information. The audit code information includes the code library name and the second program identifier. Based on the review requester information and the second program identifier, verify whether the review requester has review permissions for the program file corresponding to the second program identifier; If the requester has review permission for the program file corresponding to the second program identifier, a notification message indicating that the requester has review permission is sent to the requesting terminal.

4. The method according to claim 1, characterized in that, The step of determining that the first program code corresponding to the first program identifier is different from the second program code based on the first hash value and the second hash value includes: A third-party plugin is invoked to perform a code difference query and obtain the code difference query results; wherein, the code library name, the first hash value, and the second hash value are provided to the third-party plugin. If the code difference query result indicates that there is a difference, then it is determined that the first program code and the second program code are different.

5. The method according to claim 1, characterized in that, The step of verifying whether the code submitter has modification permissions for the program file corresponding to the first program identifier based on the code submitter information and the first program identifier includes: Based on the code submitter information, query the program identifier for which the code submitter has modification permissions; If it is determined that the program identifier for which the code submitter has modification rights includes the first program identifier, then the code submitter has modification rights to the program file corresponding to the first program identifier.

6. The method according to any one of claims 1 to 5, characterized in that, The subsequent processing of the first program code corresponding to the first program identifier includes: If the first program code corresponding to the first program identifier needs to be reviewed, then the first program code corresponding to the first program identifier is stored in the temporary library corresponding to the code library name for review. If the first program code corresponding to the first program identifier does not require review, then the first program code corresponding to the first program identifier is stored in the code library corresponding to the code library name.

7. A Gerrit program access control device, characterized in that, include: The capture module is used to capture the first program file information and code submitter information submitted by the submission terminal through the code submission listening interface. The first program file information includes the code repository name, the first program identifier, and the first hash value; wherein, the first hash value is the hash value of the first program code corresponding to the first program identifier. The module is configured to obtain a second hash value from the code library corresponding to the code library name based on the code library name and the first program identifier, wherein the second hash value is the hash value of the second program code corresponding to the first program identifier; The verification module is used to verify whether the code submitter has the right to modify the program file corresponding to the first program identifier if the first program code corresponding to the first program identifier is different from the second program code based on the first hash value and the second hash value. The processing module is used to perform subsequent processing on the first program code corresponding to the first program identifier if the code submitter has modification permissions for the program file corresponding to the first program identifier; wherein, the code submission listening interface is extended and implemented by creating a Gerrit plugin; The Gerrit program permission control device further includes: an information capture module, used to capture third program file information and code reviewer information submitted by the review terminal through a code review monitoring interface, wherein the third program file information includes a code repository name, a third program identifier, and a third hash value; wherein the third hash value is the hash value of the third program code corresponding to the third program identifier; a first permission verification module, used to verify whether the code reviewer has review permission for the program file corresponding to the third program identifier based on the code reviewer information and the third program identifier; and a database entry module, used to store the third program code corresponding to the third program identifier into the code repository corresponding to the code repository name if the code reviewer has review permission for the program file corresponding to the third program identifier.

8. A computer device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the computer program, it implements the method according to any one of claims 1 to 6.

9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the method according to any one of claims 1 to 6.

10. A computer program product, characterized in that, The computer program product includes a computer program that, when executed by a processor, implements the method according to any one of claims 1 to 6.