Describe some GerritPermissions more accurately

Using a lowercase version of the enum value works well in many cases,
but not quite all of them.

Change-Id: I64db2ac1260bcbb0e758ec94e63a8cff5fa3aed3

java/com/google/gerrit/extensions/api/access/GerritPermission.java

@@ -19,7 +19,9 @@ import java.util.Locale;
 /** Gerrit permission for hosts, projects, refs, changes, labels and plugins. */
 public interface GerritPermission {
   /** @return readable identifier of this permission for exception message. */
-  default String describeForException() {
-    return toString().toLowerCase(Locale.US).replace('_', ' ');
+  String describeForException();
+
+  static String describeEnumValue(Enum<?> value) {
+    return value.name().toLowerCase(Locale.US).replace('_', ' ');
   }
 }

java/com/google/gerrit/server/permissions/ChangePermission.java

@@ -14,6 +14,10 @@
 
 package com.google.gerrit.server.permissions;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.gerrit.extensions.api.access.GerritPermission;
+
 public enum ChangePermission implements ChangePermissionOrLabel {
   READ,
   RESTORE,
@@ -27,5 +31,20 @@ public enum ChangePermission implements ChangePermissionOrLabel {
   ADD_PATCH_SET,
   REBASE,
   SUBMIT,
-  SUBMIT_AS;
+  SUBMIT_AS("submit on behalf of other users");
+
+  private final String description;
+
+  private ChangePermission() {
+    this.description = null;
+  }
+
+  private ChangePermission(String description) {
+    this.description = checkNotNull(description);
+  }
+
+  @Override
+  public String describeForException() {
+    return description != null ? description : GerritPermission.describeEnumValue(this);
+  }
 }

java/com/google/gerrit/server/permissions/GlobalPermission.java

@@ -20,6 +20,7 @@ import com.google.gerrit.common.Nullable;
 import com.google.gerrit.extensions.annotations.CapabilityScope;
 import com.google.gerrit.extensions.annotations.RequiresAnyCapability;
 import com.google.gerrit.extensions.annotations.RequiresCapability;
+import com.google.gerrit.extensions.api.access.GerritPermission;
 import com.google.gerrit.extensions.api.access.GlobalOrPluginPermission;
 import com.google.gerrit.extensions.api.access.PluginPermission;
 import java.lang.annotation.Annotation;
@@ -148,4 +149,9 @@ public enum GlobalPermission implements GlobalOrPluginPermission {
     }
     return null;
   }
+
+  @Override
+  public String describeForException() {
+    return GerritPermission.describeEnumValue(this);
+  }
 }

java/com/google/gerrit/server/permissions/LabelPermission.java

@@ -84,7 +84,7 @@ public class LabelPermission implements ChangePermissionOrLabel {
   @Override
   public String describeForException() {
     if (forUser == ON_BEHALF_OF) {
-      return "labelAs " + name;
+      return "label on behalf of " + name;
     }
     return "label " + name;
   }
@@ -217,7 +217,7 @@ public class LabelPermission implements ChangePermissionOrLabel {
     @Override
     public String describeForException() {
       if (forUser == ON_BEHALF_OF) {
-        return "labelAs " + label.formatWithEquals();
+        return "label on behalf of " + label.formatWithEquals();
       }
       return "label " + label.formatWithEquals();
     }

java/com/google/gerrit/server/permissions/ProjectPermission.java

@@ -14,7 +14,10 @@
 
 package com.google.gerrit.server.permissions;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 import com.google.gerrit.extensions.api.access.GerritPermission;
+import com.google.gerrit.reviewdb.client.RefNames;
 
 public enum ProjectPermission implements GerritPermission {
   /**
@@ -23,7 +26,7 @@ public enum ProjectPermission implements GerritPermission {
    * <p>Checking this permission instead of {@link #READ} may require filtering to hide specific
    * references or changes, which can be expensive.
    */
-  ACCESS,
+  ACCESS("access at least one ref"),
 
   /**
    * Can read all references in the repository.
@@ -63,16 +66,16 @@ public enum ProjectPermission implements GerritPermission {
   CREATE_CHANGE,
 
   /** Can run receive pack. */
-  RUN_RECEIVE_PACK,
+  RUN_RECEIVE_PACK("run receive-pack"),
 
   /** Can run upload pack. */
-  RUN_UPLOAD_PACK,
+  RUN_UPLOAD_PACK("run upload-pack"),
 
   /** Allow read access to refs/meta/config. */
-  READ_CONFIG,
+  READ_CONFIG("read " + RefNames.REFS_CONFIG),
 
   /** Allow write access to refs/meta/config. */
-  WRITE_CONFIG,
+  WRITE_CONFIG("write " + RefNames.REFS_CONFIG),
 
   /** Allow banning commits from Gerrit preventing pushes of these commits. */
   BAN_COMMIT,
@@ -81,5 +84,20 @@ public enum ProjectPermission implements GerritPermission {
   READ_REFLOG,
 
   /** Can push to at least one reference within the repository. */
-  PUSH_AT_LEAST_ONE_REF;
+  PUSH_AT_LEAST_ONE_REF("push to at least one ref");
+
+  private final String description;
+
+  private ProjectPermission() {
+    this.description = null;
+  }
+
+  private ProjectPermission(String description) {
+    this.description = checkNotNull(description);
+  }
+
+  @Override
+  public String describeForException() {
+    return description != null ? description : GerritPermission.describeEnumValue(this);
+  }
 }

java/com/google/gerrit/server/permissions/RefPermission.java

@@ -14,6 +14,8 @@
 
 package com.google.gerrit.server.permissions;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 import com.google.gerrit.extensions.api.access.GerritPermission;
 
 public enum RefPermission implements GerritPermission {
@@ -30,7 +32,7 @@ public enum RefPermission implements GerritPermission {
   DELETE,
   UPDATE,
   FORCE_UPDATE,
-  SET_HEAD,
+  SET_HEAD("set HEAD"),
 
   FORGE_AUTHOR,
   FORGE_COMMITTER,
@@ -67,8 +69,23 @@ public enum RefPermission implements GerritPermission {
   READ_PRIVATE_CHANGES,
 
   /** Read access to ref's config section in {@code project.config}. */
-  READ_CONFIG,
+  READ_CONFIG("read ref config"),
 
   /** Write access to ref's config section in {@code project.config}. */
-  WRITE_CONFIG;
+  WRITE_CONFIG("write ref config");
+
+  private final String description;
+
+  private RefPermission() {
+    this.description = null;
+  }
+
+  private RefPermission(String description) {
+    this.description = checkNotNull(description);
+  }
+
+  @Override
+  public String describeForException() {
+    return description != null ? description : GerritPermission.describeEnumValue(this);
+  }
 }

javatests/com/google/gerrit/acceptance/api/project/ProjectIT.java

@@ -324,7 +324,7 @@ public class ProjectIT extends AbstractDaemonTest {
     ConfigInput input = createTestConfigInput();
     setApiUser(user);
     exception.expect(AuthException.class);
-    exception.expectMessage("write config not permitted");
+    exception.expectMessage("write refs/meta/config not permitted");
     gApi.projects().name(project.get()).config(input);
   }
 
@@ -359,7 +359,7 @@ public class ProjectIT extends AbstractDaemonTest {
     gApi.projects().name(project.get()).branch("test").create(new BranchInput());
     setApiUser(user);
     exception.expect(AuthException.class);
-    exception.expectMessage("set head not permitted");
+    exception.expectMessage("set HEAD not permitted for refs/heads/test");
     gApi.projects().name(project.get()).head("test");
   }
 

javatests/com/google/gerrit/acceptance/rest/account/ImpersonationIT.java

@@ -373,7 +373,7 @@ public class ImpersonationIT extends AbstractDaemonTest {
     SubmitInput in = new SubmitInput();
     in.onBehalfOf = admin2.email;
     exception.expect(AuthException.class);
-    exception.expectMessage("submit as not permitted");
+    exception.expectMessage("submit on behalf of other users not permitted");
     gApi.changes().id(project.get() + "~master~" + r.getChangeId()).current().submit(in);
   }