From b827f87b4ac1e3901e36223f845765e73a8d7ce2 Mon Sep 17 00:00:00 2001
From: Martin Fick <mfick@codeaurora.org>
Date: Fri, 8 Jun 2018 16:19:24 -0600
Subject: [PATCH] Add new 'read as' capability.

Provides capability to impersonate any user to see which refs they can
read.

Change-Id: Id6ae99c45d8310d8e7620008021785df3ebb5d0b
---
 java/com/google/gerrit/common/data/GlobalCapability.java      | 4 ++++
 .../google/gerrit/server/account/CapabilityCollection.java    | 2 ++
 java/com/google/gerrit/server/config/CapabilityConstants.java | 1 +
 .../gerrit/server/permissions/DefaultPermissionBackend.java   | 1 +
 .../gerrit/server/permissions/DefaultPermissionMappings.java  | 1 +
 .../google/gerrit/server/permissions/GlobalPermission.java    | 1 +
 java/com/google/gerrit/sshd/commands/LsUserRefs.java          | 2 +-
 .../google/gerrit/acceptance/rest/account/CapabilityInfo.java | 1 +
 .../gerrit/server/config/CapabilityConstants.properties       | 1 +
 9 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/java/com/google/gerrit/common/data/GlobalCapability.java b/java/com/google/gerrit/common/data/GlobalCapability.java
index e613d21ce0..3e112568da 100644
--- a/java/com/google/gerrit/common/data/GlobalCapability.java
+++ b/java/com/google/gerrit/common/data/GlobalCapability.java
@@ -90,6 +90,9 @@ public class GlobalCapability {
   /** Default result limit per executed query. */
   public static final int DEFAULT_MAX_QUERY_LIMIT = 500;
 
+  /** Can impersonate any user to see which refs they can read. */
+  public static final String READ_AS = "readAs";
+
   /** Ability to impersonate another user. */
   public static final String RUN_AS = "runAs";
 
@@ -138,6 +141,7 @@ public class GlobalCapability {
     NAMES_ALL.add(MODIFY_ACCOUNT);
     NAMES_ALL.add(PRIORITY);
     NAMES_ALL.add(QUERY_LIMIT);
+    NAMES_ALL.add(READ_AS);
     NAMES_ALL.add(RUN_AS);
     NAMES_ALL.add(RUN_GC);
     NAMES_ALL.add(STREAM_EVENTS);
diff --git a/java/com/google/gerrit/server/account/CapabilityCollection.java b/java/com/google/gerrit/server/account/CapabilityCollection.java
index ee74f47ed7..1abc33f726 100644
--- a/java/com/google/gerrit/server/account/CapabilityCollection.java
+++ b/java/com/google/gerrit/server/account/CapabilityCollection.java
@@ -48,6 +48,7 @@ public class CapabilityCollection {
   public final ImmutableList<PermissionRule> batchChangesLimit;
   public final ImmutableList<PermissionRule> emailReviewers;
   public final ImmutableList<PermissionRule> priority;
+  public final ImmutableList<PermissionRule> readAs;
   public final ImmutableList<PermissionRule> queryLimit;
   public final ImmutableList<PermissionRule> createGroup;
 
@@ -97,6 +98,7 @@ public class CapabilityCollection {
     batchChangesLimit = getPermission(GlobalCapability.BATCH_CHANGES_LIMIT);
     emailReviewers = getPermission(GlobalCapability.EMAIL_REVIEWERS);
     priority = getPermission(GlobalCapability.PRIORITY);
+    readAs = getPermission(GlobalCapability.READ_AS);
     queryLimit = getPermission(GlobalCapability.QUERY_LIMIT);
     createGroup = getPermission(GlobalCapability.CREATE_GROUP);
   }
diff --git a/java/com/google/gerrit/server/config/CapabilityConstants.java b/java/com/google/gerrit/server/config/CapabilityConstants.java
index 961dbbd958..4ab97f841e 100644
--- a/java/com/google/gerrit/server/config/CapabilityConstants.java
+++ b/java/com/google/gerrit/server/config/CapabilityConstants.java
@@ -34,6 +34,7 @@ public class CapabilityConstants extends TranslationBundle {
   public String maintainServer;
   public String modifyAccount;
   public String priority;
+  public String readAs;
   public String queryLimit;
   public String runAs;
   public String runGC;
diff --git a/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java b/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
index 490b45e96e..3f25562f71 100644
--- a/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
+++ b/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
@@ -168,6 +168,7 @@ public class DefaultPermissionBackend extends PermissionBackend {
         case CREATE_PROJECT:
         case MAINTAIN_SERVER:
         case MODIFY_ACCOUNT:
+        case READ_AS:
         case STREAM_EVENTS:
         case VIEW_ALL_ACCOUNTS:
         case VIEW_CONNECTIONS:
diff --git a/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java b/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java
index 9593521570..cee42adbdb 100644
--- a/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java
+++ b/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java
@@ -50,6 +50,7 @@ public class DefaultPermissionMappings {
           .put(GlobalPermission.KILL_TASK, GlobalCapability.KILL_TASK)
           .put(GlobalPermission.MAINTAIN_SERVER, GlobalCapability.MAINTAIN_SERVER)
           .put(GlobalPermission.MODIFY_ACCOUNT, GlobalCapability.MODIFY_ACCOUNT)
+          .put(GlobalPermission.READ_AS, GlobalCapability.READ_AS)
           .put(GlobalPermission.RUN_AS, GlobalCapability.RUN_AS)
           .put(GlobalPermission.RUN_GC, GlobalCapability.RUN_GC)
           .put(GlobalPermission.STREAM_EVENTS, GlobalCapability.STREAM_EVENTS)
diff --git a/java/com/google/gerrit/server/permissions/GlobalPermission.java b/java/com/google/gerrit/server/permissions/GlobalPermission.java
index 71718fb7bd..211180f938 100644
--- a/java/com/google/gerrit/server/permissions/GlobalPermission.java
+++ b/java/com/google/gerrit/server/permissions/GlobalPermission.java
@@ -42,6 +42,7 @@ public enum GlobalPermission implements GlobalOrPluginPermission {
   KILL_TASK,
   MAINTAIN_SERVER,
   MODIFY_ACCOUNT,
+  READ_AS,
   RUN_AS,
   RUN_GC,
   STREAM_EVENTS,
diff --git a/java/com/google/gerrit/sshd/commands/LsUserRefs.java b/java/com/google/gerrit/sshd/commands/LsUserRefs.java
index 781679d399..2c15e78870 100644
--- a/java/com/google/gerrit/sshd/commands/LsUserRefs.java
+++ b/java/com/google/gerrit/sshd/commands/LsUserRefs.java
@@ -42,7 +42,7 @@ import org.eclipse.jgit.lib.Ref;
 import org.eclipse.jgit.lib.Repository;
 import org.kohsuke.args4j.Option;
 
-@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
+@RequiresCapability(GlobalCapability.READ_AS)
 @CommandMetaData(
     name = "ls-user-refs",
     description = "List refs visible to a specific user",
diff --git a/javatests/com/google/gerrit/acceptance/rest/account/CapabilityInfo.java b/javatests/com/google/gerrit/acceptance/rest/account/CapabilityInfo.java
index 5404fdd480..1ca019ef3d 100644
--- a/javatests/com/google/gerrit/acceptance/rest/account/CapabilityInfo.java
+++ b/javatests/com/google/gerrit/acceptance/rest/account/CapabilityInfo.java
@@ -28,6 +28,7 @@ class CapabilityInfo {
   public boolean modifyAccount;
   public boolean priority;
   public QueryLimit queryLimit;
+  public boolean readAs;
   public boolean runAs;
   public boolean runGC;
   public boolean streamEvents;
diff --git a/resources/com/google/gerrit/server/config/CapabilityConstants.properties b/resources/com/google/gerrit/server/config/CapabilityConstants.properties
index 6654837253..ba590eec3c 100644
--- a/resources/com/google/gerrit/server/config/CapabilityConstants.properties
+++ b/resources/com/google/gerrit/server/config/CapabilityConstants.properties
@@ -10,6 +10,7 @@ killTask = Kill Task
 maintainServer = Maintain Server
 modifyAccount = Modify Account
 priority = Priority
+readAs = Read As
 queryLimit = Query Limit
 runAs = Run As
 runGC = Run Garbage Collection