Add new ACL for abandoning changes

Bug: Issue 930 Change-Id: I9275cc8de218953dc9f5c211f0c60e8008b8efb9
2012-06-07 16:10:14 -04:00
parent ec9911568a
commit 029c85aa82
5 changed files with 18 additions and 0 deletions
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@@ -444,6 +444,14 @@ have false-negatives that shouldn't block the change.
 A restart is required after making database changes.
 See <<restart_changes,below>>.

+[[category_abandon]]
+Abandon
+~~~~
+
+This category controls whether users are allowed to abandon changes
+to projects in Gerrit. It can give permission to abandon a specific
+change to a given ref.
+
 [[category_create]]
 Create reference
 ~~~~~~~~~~~~~~~~
--- a/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java
+++ b/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java
@@ -20,6 +20,7 @@ import java.util.List;

 /** A single permission within an {@link AccessSection} of a project. */
 public class Permission implements Comparable<Permission> {
+  public static final String ABANDON = "abandon";
  public static final String CREATE = "create";
  public static final String FORGE_AUTHOR = "forgeAuthor";
  public static final String FORGE_COMMITTER = "forgeCommitter";
@@ -40,6 +41,7 @@ public class Permission implements Comparable<Permission> {
    NAMES_LC = new ArrayList<String>();
    NAMES_LC.add(OWNER.toLowerCase());
    NAMES_LC.add(READ.toLowerCase());
+    NAMES_LC.add(ABANDON.toLowerCase());
    NAMES_LC.add(CREATE.toLowerCase());
    NAMES_LC.add(FORGE_AUTHOR.toLowerCase());
    NAMES_LC.add(FORGE_COMMITTER.toLowerCase());
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
@@ -98,6 +98,7 @@ addPermission = Add Permission ...

 # Permission Names
 permissionNames = \
+	abandon, \
 	create, \
 	forgeAuthor, \
 	forgeCommitter, \
@@ -109,6 +110,7 @@ permissionNames = \
 	read, \
 	rebase, \
 	submit
+abandon = Abandon
 create = Create Reference
 forgeAuthor = Forge Author Identity
 forgeCommitter = Forge Committer Identity
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
@@ -189,6 +189,7 @@ public class ChangeControl {
        || getRefControl().isOwner() // branch owner can abandon
        || getProjectControl().isOwner() // project owner can abandon
        || getCurrentUser().getCapabilities().canAdministrateServer() // site administers are god
+        || getRefControl().canAbandon() // user can abandon a specific ref
    ;
  }

--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
@@ -310,6 +310,11 @@ public class RefControl {
    return canPerform(Permission.FORGE_SERVER);
  }

+  /** @return true if this user can abandon a change for this ref */
+  public boolean canAbandon() {
+    return canPerform(Permission.ABANDON);
+  }
+
  /** All value ranges of any allowed label permission. */
  public List<PermissionRange> getLabelRanges() {
    List<PermissionRange> r = new ArrayList<PermissionRange>();