From 971caef87ac12df0d1ad6d60db02b67111449966 Mon Sep 17 00:00:00 2001
From: Khai Do <zaro0508@gmail.com>
Date: Mon, 11 Jan 2016 15:41:39 -0800
Subject: [PATCH] Remove required access permission to get account username

Remove the required capability permission to allow any user to
get another user's username.  There is no access restriction
for the account[1] and account detail[2] endpoints which provide
the same info.

[1] http://$host/accounts/$user
[2] http://$host/accounts/$user/detail

bug: issue 3766
Change-Id: I2de5fd3251225d7da8fd203a60fe06ea1fc03174
---
 .../java/com/google/gerrit/server/account/GetUsername.java    | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetUsername.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetUsername.java
index 41622cfc19..aa7793ff81 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetUsername.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetUsername.java
@@ -35,10 +35,6 @@ public class GetUsername implements RestReadView<AccountResource> {
   @Override
   public String apply(AccountResource rsrc) throws AuthException,
       ResourceNotFoundException {
-    if (self.get() != rsrc.getUser()
-        && !self.get().getCapabilities().canAdministrateServer()) {
-      throw new AuthException("not allowed to get username");
-    }
     String username = rsrc.getUser().getAccount().getUserName();
     if (username == null) {
       throw new ResourceNotFoundException();