opendev/gerrit
Code Issues Proposed changes

Add a Maintain Server global capability

Browse Source 
This capability allows for general maintenance tasks like flushing
caches and reindexing changes, without requiring either Administrate
Server (which is too broad) or a handful of other minor capabilities
(which we don't want to grow out of control).

Change-Id: I3dd75d14e7b0303b23bad24dffb9bfdfb515efc8
This commit is contained in:
Dave Borowitz
2015-06-11 15:35:48 -04:00
parent 4b61a78478
commit 664d040c79
25 changed files with 166 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
View File

@@ -107,7 +107,7 @@ public class CapabilityControl {
/** @return true if the user can kill any running task. */
public boolean canKillTask() {
return canPerform(GlobalCapability.KILL_TASK)
|| canAdministrateServer();
|| canMaintainServer();
}
/** @return true if the user can modify an account for another user. */
@@ -125,12 +125,18 @@ public class CapabilityControl {
/** @return true if the user can view the server caches. */
public boolean canViewCaches() {
return canPerform(GlobalCapability.VIEW_CACHES)
|| canAdministrateServer();
|| canMaintainServer();
}
/** @return true if the user can flush the server's caches. */
public boolean canFlushCaches() {
return canPerform(GlobalCapability.FLUSH_CACHES)
|| canMaintainServer();
}
/** @return true if the user can perform basic server maintenance. */
public boolean canMaintainServer() {
return canPerform(GlobalCapability.MAINTAIN_SERVER)
|| canAdministrateServer();
}
@@ -149,7 +155,7 @@ public class CapabilityControl {
/** @return true if the user can view the entire queue. */
public boolean canViewQueue() {
return canPerform(GlobalCapability.VIEW_QUEUE)
|| canAdministrateServer();
|| canMaintainServer();
}
/** @return true if the user can access the database (with gsql). */
@@ -166,7 +172,7 @@ public class CapabilityControl {
/** @return true if the user can run the Git garbage collection. */
public boolean canRunGC() {
return canPerform(GlobalCapability.RUN_GC)
|| canAdministrateServer();
|| canMaintainServer();
}
/** @return true if the user can impersonate another user. */