Require 'Administrate Server' capability to see server summary

The show-caches SSH command now only prints out the summary information if the caller is an administrator. This is done because the summary information contains system information which must not be exposed to non-administrators. This means that the behaviour is changed and users that only have the 'View Caches' capability are not anymore able to see the summary information as they did before. Change-Id: I3b5433b456d3b5f9d5de872a731470d2fe20623f Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
2014-06-30 16:21:28 +02:00
parent a3c6d039c2
commit 4279d4b9c3
2 changed files with 26 additions and 14 deletions
--- a/Documentation/cmd-show-caches.txt
+++ b/Documentation/cmd-show-caches.txt
@@ -30,9 +30,15 @@ Display statistics about the size and hit ratio of in-memory caches.
 	Width of the output table.

 == ACCESS
-Caller must be a member of the privileged 'Administrators' group,
-or have been granted
-link:access-control.html#capability_viewCaches[the 'View Caches' global capability].
+The caller must be a member of a group that is granted the
+link:access-control.html#capability_viewCaches[View Caches] capability
+or the link:access-control.html#capability_administrateServer[
+Administrate Server] capability.
+
+The summary information about SSH, threads, tasks, memory and JVM are
+only printed out if the caller is a member of a group that is granted
+the link:access-control.html#capability_administrateServer[Administrate
+Server] capability.

 == SCRIPTING
 Intended for interactive use only.
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/ShowCaches.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/ShowCaches.java
@@ -23,6 +23,7 @@ import com.google.gerrit.common.Version;
 import com.google.gerrit.common.data.GlobalCapability;
 import com.google.gerrit.extensions.annotations.RequiresCapability;
 import com.google.gerrit.extensions.events.LifecycleListener;
+import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.config.ConfigResource;
 import com.google.gerrit.server.config.ListCaches;
 import com.google.gerrit.server.config.ListCaches.CacheInfo;
@@ -100,6 +101,9 @@ final class ShowCaches extends SshCommand {
  @Inject
  private Provider<ListCaches> listCaches;

+  @Inject
+  private Provider<CurrentUser> self;
+
  @Option(name = "--width", aliases = {"-w"}, metaVar = "COLS", usage = "width of output table")
  private int columns = 80;
  private int nw;
@@ -163,19 +167,21 @@ final class ShowCaches extends SshCommand {
    printDiskCaches(caches);
    stdout.print('\n');

-    if (gc) {
-      System.gc();
-      System.runFinalization();
-      System.gc();
-    }
+    if (self.get().getCapabilities().canAdministrateServer()) {
+      if (gc) {
+        System.gc();
+        System.runFinalization();
+        System.gc();
+      }

-    sshSummary();
-    taskSummary();
-    memSummary();
-    threadSummary();
+      sshSummary();
+      taskSummary();
+      memSummary();
+      threadSummary();

-    if (showJVM) {
-      jvmSummary();
+      if (showJVM) {
+        jvmSummary();
+      }
    }

    stdout.flush();