Merge changes Ie7c9ba92,I0a220c73

* changes:
  AdminQueryShell: Update Javadoc
  AdminQueryShell: Reduce scope of try-catch to necessary calls

gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/AdminQueryShell.java

@@ -46,17 +46,17 @@ final class AdminQueryShell extends SshCommand {
   protected void run() throws Failure {
     try {
       checkPermission();
-
-      final QueryShell shell = factory.create(in, out);
-      shell.setOutputFormat(format);
-      if (query != null) {
-        shell.execute(query);
-      } else {
-        shell.run();
-      }
     } catch (PermissionDeniedException err) {
       throw new UnloggedFailure("fatal: " + err.getMessage());
     }
+
+    QueryShell shell = factory.create(in, out);
+    shell.setOutputFormat(format);
+    if (query != null) {
+      shell.execute(query);
+    } else {
+      shell.run();
+    }
   }
 
   /**
@@ -65,7 +65,8 @@ final class AdminQueryShell extends SshCommand {
    * As the @RequireCapability guards at various entry points of internal
    * commands implicitly add administrators (which we want to avoid), we also
    * check permissions within QueryShell and grant access only to those who
-   * canPerformRawQuery, regardless of whether they are administrators or not.
+   * can access the database, regardless of whether they are administrators or
+   * not.
    *
    * @throws PermissionDeniedException
    */