Add 'View Plugins' global capability that allows to list plugins
At the moment only the Gerrit administrators can list the installed plugins. However which plugins are installed may be also interesting to project owners and users because they want to know which functionality is available to them. Hiding the 'Plugins' > 'Installed' menu is bad since this screen is the entry point to the documentation of the installed plugins. This documentation may be relevant to normal users. Since being able to see the list of installed plugin may be considered as security risk, by default still only administrators are able to list them, but now the new capability allows to assign this permission also to other users. Change-Id: Ifed8ad76354b9a19e8c79edb0c965249b162fdfd Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
This commit is contained in:
parent
4fa7528e65
commit
362b14d11d
@ -1311,6 +1311,12 @@ capability allows the granted group to
|
||||
link:cmd-show-connections.html[look at Gerrit's current connections via ssh].
|
||||
|
||||
|
||||
[[capability_viewPlugins]]
|
||||
=== View Plugins
|
||||
|
||||
Allow viewing the list of installed plugins.
|
||||
|
||||
|
||||
[[capability_viewQueue]]
|
||||
=== View Queue
|
||||
|
||||
|
@ -659,6 +659,7 @@ Administrator that has authenticated with digest authentication:
|
||||
"viewCaches": true,
|
||||
"flushCaches": true,
|
||||
"viewConnections": true,
|
||||
"viewPlugins": true,
|
||||
"viewQueue": true,
|
||||
"runGC": true
|
||||
}
|
||||
@ -1145,6 +1146,8 @@ link:access-control.html#capability_viewCaches[View Caches] capability.
|
||||
|`viewConnections` |not set if `false`|Whether the user has the
|
||||
link:access-control.html#capability_viewConnections[View Connections]
|
||||
capability.
|
||||
|`viewPlugins` |not set if `false`|Whether the user has the
|
||||
link:access-control.html#capability_viewPlugins[View Plugins] capability.
|
||||
|`viewQueue` |not set if `false`|Whether the user has the
|
||||
link:access-control.html#capability_viewQueue[View Queue] capability.
|
||||
|=================================
|
||||
|
@ -126,6 +126,11 @@ The entries in the map are sorted by capability ID.
|
||||
"id": "viewConnections",
|
||||
"name": "View Connections"
|
||||
},
|
||||
"viewPlugins": {
|
||||
"kind": "gerritcodereview#capability",
|
||||
"id": "viewPlugins",
|
||||
"name": "View Plugins"
|
||||
},
|
||||
"viewQueue": {
|
||||
"kind": "gerritcodereview#capability",
|
||||
"id": "viewQueue",
|
||||
|
@ -23,6 +23,10 @@ namespace.
|
||||
Lists the plugins installed on the Gerrit server. Only the enabled
|
||||
plugins are returned unless the `all` option is specified.
|
||||
|
||||
To be allowed to see the installed plugins, a user must be a member of
|
||||
a group that is granted the 'View Plugins' capability or the
|
||||
'Administrate Server' capability.
|
||||
|
||||
As result a map is returned that maps the plugin IDs to
|
||||
link:#plugin-info[PluginInfo] entries. The entries in the map are sorted
|
||||
by plugin ID.
|
||||
|
@ -32,6 +32,7 @@ class CapabilityInfo {
|
||||
public boolean viewAllAccounts;
|
||||
public boolean viewCaches;
|
||||
public boolean viewConnections;
|
||||
public boolean viewPlugins;
|
||||
public boolean viewQueue;
|
||||
|
||||
static class QueryLimit {
|
||||
|
@ -88,6 +88,9 @@ public class GlobalCapability {
|
||||
/** Can view open connections to the server's SSH port. */
|
||||
public static final String VIEW_CONNECTIONS = "viewConnections";
|
||||
|
||||
/** Can view all installed plugins. */
|
||||
public static final String VIEW_PLUGINS = "viewPlugins";
|
||||
|
||||
/** Can view all pending tasks in the queue (not just the filtered set). */
|
||||
public static final String VIEW_QUEUE = "viewQueue";
|
||||
|
||||
@ -112,6 +115,7 @@ public class GlobalCapability {
|
||||
NAMES_ALL.add(VIEW_ALL_ACCOUNTS);
|
||||
NAMES_ALL.add(VIEW_CACHES);
|
||||
NAMES_ALL.add(VIEW_CONNECTIONS);
|
||||
NAMES_ALL.add(VIEW_PLUGINS);
|
||||
NAMES_ALL.add(VIEW_QUEUE);
|
||||
|
||||
NAMES_LC = new ArrayList<>(NAMES_ALL.size());
|
||||
|
@ -14,9 +14,9 @@
|
||||
|
||||
package com.google.gerrit.client;
|
||||
|
||||
import static com.google.gerrit.common.data.GlobalCapability.ADMINISTRATE_SERVER;
|
||||
import static com.google.gerrit.common.data.GlobalCapability.CREATE_GROUP;
|
||||
import static com.google.gerrit.common.data.GlobalCapability.CREATE_PROJECT;
|
||||
import static com.google.gerrit.common.data.GlobalCapability.VIEW_PLUGINS;
|
||||
|
||||
import com.google.gerrit.client.account.AccountCapabilities;
|
||||
import com.google.gerrit.client.account.AccountInfo;
|
||||
@ -649,14 +649,14 @@ public class Gerrit implements EntryPoint {
|
||||
PageLinks.ADMIN_CREATE_GROUP,
|
||||
peopleBar.getWidgetIndex(groupsListMenuItem) + 1);
|
||||
}
|
||||
if (result.canPerform(ADMINISTRATE_SERVER)) {
|
||||
if (result.canPerform(VIEW_PLUGINS)) {
|
||||
insertLink(pluginsBar, C.menuPluginsInstalled(),
|
||||
PageLinks.ADMIN_PLUGINS, 0);
|
||||
menuLeft.insert(pluginsBar, C.menuPlugins(),
|
||||
menuLeft.getWidgetIndex(peopleBar) + 1);
|
||||
}
|
||||
}
|
||||
}, CREATE_PROJECT, CREATE_GROUP, ADMINISTRATE_SERVER);
|
||||
}, CREATE_PROJECT, CREATE_GROUP, VIEW_PLUGINS);
|
||||
}
|
||||
|
||||
if (getConfig().isDocumentationAvailable()) {
|
||||
|
@ -134,6 +134,12 @@ public class CapabilityControl {
|
||||
|| canAdministrateServer();
|
||||
}
|
||||
|
||||
/** @return true if the user can view the installed plugins. */
|
||||
public boolean canViewPlugins() {
|
||||
return canPerform(GlobalCapability.VIEW_PLUGINS)
|
||||
|| canAdministrateServer();
|
||||
}
|
||||
|
||||
/** @return true if the user can view the entire queue. */
|
||||
public boolean canViewQueue() {
|
||||
return canPerform(GlobalCapability.VIEW_QUEUE)
|
||||
|
@ -27,6 +27,7 @@ import static com.google.gerrit.common.data.GlobalCapability.STREAM_EVENTS;
|
||||
import static com.google.gerrit.common.data.GlobalCapability.VIEW_ALL_ACCOUNTS;
|
||||
import static com.google.gerrit.common.data.GlobalCapability.VIEW_CACHES;
|
||||
import static com.google.gerrit.common.data.GlobalCapability.VIEW_CONNECTIONS;
|
||||
import static com.google.gerrit.common.data.GlobalCapability.VIEW_PLUGINS;
|
||||
import static com.google.gerrit.common.data.GlobalCapability.VIEW_QUEUE;
|
||||
|
||||
import com.google.common.collect.Iterables;
|
||||
@ -117,6 +118,7 @@ class GetCapabilities implements RestReadView<AccountResource> {
|
||||
have.put(VIEW_ALL_ACCOUNTS, cc.canViewAllAccounts());
|
||||
have.put(VIEW_CACHES, cc.canViewCaches());
|
||||
have.put(VIEW_CONNECTIONS, cc.canViewConnections());
|
||||
have.put(VIEW_PLUGINS, cc.canViewPlugins());
|
||||
have.put(VIEW_QUEUE, cc.canViewQueue());
|
||||
|
||||
QueueProvider.QueueType queue = cc.getQueueType();
|
||||
|
@ -38,5 +38,6 @@ public class CapabilityConstants extends TranslationBundle {
|
||||
public String viewAllAccounts;
|
||||
public String viewCaches;
|
||||
public String viewConnections;
|
||||
public String viewPlugins;
|
||||
public String viewQueue;
|
||||
}
|
||||
|
@ -40,7 +40,7 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/** List the installed plugins. */
|
||||
@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
|
||||
@RequiresCapability(GlobalCapability.VIEW_PLUGINS)
|
||||
public class ListPlugins implements RestReadView<TopLevelResource> {
|
||||
private final PluginLoader pluginLoader;
|
||||
|
||||
|
@ -14,4 +14,5 @@ streamEvents = Stream Events
|
||||
viewAllAccounts = View All Accounts
|
||||
viewCaches = View Caches
|
||||
viewConnections = View Connections
|
||||
viewPlugins = View Plugins
|
||||
viewQueue = View Queue
|
||||
|
Loading…
x
Reference in New Issue
Block a user