Add 'View Plugins' global capability that allows to list plugins

At the moment only the Gerrit administrators can list the installed
plugins. However which plugins are installed may be also interesting
to project owners and users because they want to know which
functionality is available to them. Hiding the 'Plugins' > 'Installed'
menu is bad since this screen is the entry point to the documentation
of the installed plugins. This documentation may be relevant to normal
users.

Since being able to see the list of installed plugin may be considered
as security risk, by default still only administrators are able to
list them, but now the new capability allows to assign this permission
also to other users.

Change-Id: Ifed8ad76354b9a19e8c79edb0c965249b162fdfd
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
This commit is contained in:
Edwin Kempin 2014-05-09 14:18:12 +02:00
parent 4fa7528e65
commit 362b14d11d
12 changed files with 37 additions and 4 deletions

View File

@ -1311,6 +1311,12 @@ capability allows the granted group to
link:cmd-show-connections.html[look at Gerrit's current connections via ssh]. link:cmd-show-connections.html[look at Gerrit's current connections via ssh].
[[capability_viewPlugins]]
=== View Plugins
Allow viewing the list of installed plugins.
[[capability_viewQueue]] [[capability_viewQueue]]
=== View Queue === View Queue

View File

@ -659,6 +659,7 @@ Administrator that has authenticated with digest authentication:
"viewCaches": true, "viewCaches": true,
"flushCaches": true, "flushCaches": true,
"viewConnections": true, "viewConnections": true,
"viewPlugins": true,
"viewQueue": true, "viewQueue": true,
"runGC": true "runGC": true
} }
@ -1145,6 +1146,8 @@ link:access-control.html#capability_viewCaches[View Caches] capability.
|`viewConnections` |not set if `false`|Whether the user has the |`viewConnections` |not set if `false`|Whether the user has the
link:access-control.html#capability_viewConnections[View Connections] link:access-control.html#capability_viewConnections[View Connections]
capability. capability.
|`viewPlugins` |not set if `false`|Whether the user has the
link:access-control.html#capability_viewPlugins[View Plugins] capability.
|`viewQueue` |not set if `false`|Whether the user has the |`viewQueue` |not set if `false`|Whether the user has the
link:access-control.html#capability_viewQueue[View Queue] capability. link:access-control.html#capability_viewQueue[View Queue] capability.
|================================= |=================================

View File

@ -126,6 +126,11 @@ The entries in the map are sorted by capability ID.
"id": "viewConnections", "id": "viewConnections",
"name": "View Connections" "name": "View Connections"
}, },
"viewPlugins": {
"kind": "gerritcodereview#capability",
"id": "viewPlugins",
"name": "View Plugins"
},
"viewQueue": { "viewQueue": {
"kind": "gerritcodereview#capability", "kind": "gerritcodereview#capability",
"id": "viewQueue", "id": "viewQueue",

View File

@ -23,6 +23,10 @@ namespace.
Lists the plugins installed on the Gerrit server. Only the enabled Lists the plugins installed on the Gerrit server. Only the enabled
plugins are returned unless the `all` option is specified. plugins are returned unless the `all` option is specified.
To be allowed to see the installed plugins, a user must be a member of
a group that is granted the 'View Plugins' capability or the
'Administrate Server' capability.
As result a map is returned that maps the plugin IDs to As result a map is returned that maps the plugin IDs to
link:#plugin-info[PluginInfo] entries. The entries in the map are sorted link:#plugin-info[PluginInfo] entries. The entries in the map are sorted
by plugin ID. by plugin ID.

View File

@ -32,6 +32,7 @@ class CapabilityInfo {
public boolean viewAllAccounts; public boolean viewAllAccounts;
public boolean viewCaches; public boolean viewCaches;
public boolean viewConnections; public boolean viewConnections;
public boolean viewPlugins;
public boolean viewQueue; public boolean viewQueue;
static class QueryLimit { static class QueryLimit {

View File

@ -88,6 +88,9 @@ public class GlobalCapability {
/** Can view open connections to the server's SSH port. */ /** Can view open connections to the server's SSH port. */
public static final String VIEW_CONNECTIONS = "viewConnections"; public static final String VIEW_CONNECTIONS = "viewConnections";
/** Can view all installed plugins. */
public static final String VIEW_PLUGINS = "viewPlugins";
/** Can view all pending tasks in the queue (not just the filtered set). */ /** Can view all pending tasks in the queue (not just the filtered set). */
public static final String VIEW_QUEUE = "viewQueue"; public static final String VIEW_QUEUE = "viewQueue";
@ -112,6 +115,7 @@ public class GlobalCapability {
NAMES_ALL.add(VIEW_ALL_ACCOUNTS); NAMES_ALL.add(VIEW_ALL_ACCOUNTS);
NAMES_ALL.add(VIEW_CACHES); NAMES_ALL.add(VIEW_CACHES);
NAMES_ALL.add(VIEW_CONNECTIONS); NAMES_ALL.add(VIEW_CONNECTIONS);
NAMES_ALL.add(VIEW_PLUGINS);
NAMES_ALL.add(VIEW_QUEUE); NAMES_ALL.add(VIEW_QUEUE);
NAMES_LC = new ArrayList<>(NAMES_ALL.size()); NAMES_LC = new ArrayList<>(NAMES_ALL.size());

View File

@ -14,9 +14,9 @@
package com.google.gerrit.client; package com.google.gerrit.client;
import static com.google.gerrit.common.data.GlobalCapability.ADMINISTRATE_SERVER;
import static com.google.gerrit.common.data.GlobalCapability.CREATE_GROUP; import static com.google.gerrit.common.data.GlobalCapability.CREATE_GROUP;
import static com.google.gerrit.common.data.GlobalCapability.CREATE_PROJECT; import static com.google.gerrit.common.data.GlobalCapability.CREATE_PROJECT;
import static com.google.gerrit.common.data.GlobalCapability.VIEW_PLUGINS;
import com.google.gerrit.client.account.AccountCapabilities; import com.google.gerrit.client.account.AccountCapabilities;
import com.google.gerrit.client.account.AccountInfo; import com.google.gerrit.client.account.AccountInfo;
@ -649,14 +649,14 @@ public class Gerrit implements EntryPoint {
PageLinks.ADMIN_CREATE_GROUP, PageLinks.ADMIN_CREATE_GROUP,
peopleBar.getWidgetIndex(groupsListMenuItem) + 1); peopleBar.getWidgetIndex(groupsListMenuItem) + 1);
} }
if (result.canPerform(ADMINISTRATE_SERVER)) { if (result.canPerform(VIEW_PLUGINS)) {
insertLink(pluginsBar, C.menuPluginsInstalled(), insertLink(pluginsBar, C.menuPluginsInstalled(),
PageLinks.ADMIN_PLUGINS, 0); PageLinks.ADMIN_PLUGINS, 0);
menuLeft.insert(pluginsBar, C.menuPlugins(), menuLeft.insert(pluginsBar, C.menuPlugins(),
menuLeft.getWidgetIndex(peopleBar) + 1); menuLeft.getWidgetIndex(peopleBar) + 1);
} }
} }
}, CREATE_PROJECT, CREATE_GROUP, ADMINISTRATE_SERVER); }, CREATE_PROJECT, CREATE_GROUP, VIEW_PLUGINS);
} }
if (getConfig().isDocumentationAvailable()) { if (getConfig().isDocumentationAvailable()) {

View File

@ -134,6 +134,12 @@ public class CapabilityControl {
|| canAdministrateServer(); || canAdministrateServer();
} }
/** @return true if the user can view the installed plugins. */
public boolean canViewPlugins() {
return canPerform(GlobalCapability.VIEW_PLUGINS)
|| canAdministrateServer();
}
/** @return true if the user can view the entire queue. */ /** @return true if the user can view the entire queue. */
public boolean canViewQueue() { public boolean canViewQueue() {
return canPerform(GlobalCapability.VIEW_QUEUE) return canPerform(GlobalCapability.VIEW_QUEUE)

View File

@ -27,6 +27,7 @@ import static com.google.gerrit.common.data.GlobalCapability.STREAM_EVENTS;
import static com.google.gerrit.common.data.GlobalCapability.VIEW_ALL_ACCOUNTS; import static com.google.gerrit.common.data.GlobalCapability.VIEW_ALL_ACCOUNTS;
import static com.google.gerrit.common.data.GlobalCapability.VIEW_CACHES; import static com.google.gerrit.common.data.GlobalCapability.VIEW_CACHES;
import static com.google.gerrit.common.data.GlobalCapability.VIEW_CONNECTIONS; import static com.google.gerrit.common.data.GlobalCapability.VIEW_CONNECTIONS;
import static com.google.gerrit.common.data.GlobalCapability.VIEW_PLUGINS;
import static com.google.gerrit.common.data.GlobalCapability.VIEW_QUEUE; import static com.google.gerrit.common.data.GlobalCapability.VIEW_QUEUE;
import com.google.common.collect.Iterables; import com.google.common.collect.Iterables;
@ -117,6 +118,7 @@ class GetCapabilities implements RestReadView<AccountResource> {
have.put(VIEW_ALL_ACCOUNTS, cc.canViewAllAccounts()); have.put(VIEW_ALL_ACCOUNTS, cc.canViewAllAccounts());
have.put(VIEW_CACHES, cc.canViewCaches()); have.put(VIEW_CACHES, cc.canViewCaches());
have.put(VIEW_CONNECTIONS, cc.canViewConnections()); have.put(VIEW_CONNECTIONS, cc.canViewConnections());
have.put(VIEW_PLUGINS, cc.canViewPlugins());
have.put(VIEW_QUEUE, cc.canViewQueue()); have.put(VIEW_QUEUE, cc.canViewQueue());
QueueProvider.QueueType queue = cc.getQueueType(); QueueProvider.QueueType queue = cc.getQueueType();

View File

@ -38,5 +38,6 @@ public class CapabilityConstants extends TranslationBundle {
public String viewAllAccounts; public String viewAllAccounts;
public String viewCaches; public String viewCaches;
public String viewConnections; public String viewConnections;
public String viewPlugins;
public String viewQueue; public String viewQueue;
} }

View File

@ -40,7 +40,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
/** List the installed plugins. */ /** List the installed plugins. */
@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER) @RequiresCapability(GlobalCapability.VIEW_PLUGINS)
public class ListPlugins implements RestReadView<TopLevelResource> { public class ListPlugins implements RestReadView<TopLevelResource> {
private final PluginLoader pluginLoader; private final PluginLoader pluginLoader;

View File

@ -14,4 +14,5 @@ streamEvents = Stream Events
viewAllAccounts = View All Accounts viewAllAccounts = View All Accounts
viewCaches = View Caches viewCaches = View Caches
viewConnections = View Connections viewConnections = View Connections
viewPlugins = View Plugins
viewQueue = View Queue viewQueue = View Queue