opendev/gerrit
Code Issues Proposed changes

Merge "Add new 'read as' capability."

Browse Source
This commit is contained in:
Martin Fick
2018-09-20 18:44:22 +00:00
committed by Gerrit Code Review
parent 95a6935ff5 b827f87b4a
commit 827968fa80
9 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/com/google/gerrit/common/data/GlobalCapability.java
View File

@@ -90,6 +90,9 @@ public class GlobalCapability {
/** Default result limit per executed query. */ /** Default result limit per executed query. */
public static final int DEFAULT_MAX_QUERY_LIMIT = 500; public static final int DEFAULT_MAX_QUERY_LIMIT = 500;
/** Can impersonate any user to see which refs they can read. */
public static final String READ_AS = "readAs";
/** Ability to impersonate another user. */ /** Ability to impersonate another user. */
public static final String RUN_AS = "runAs"; public static final String RUN_AS = "runAs";
@@ -138,6 +141,7 @@ public class GlobalCapability {
NAMES_ALL.add(MODIFY_ACCOUNT); NAMES_ALL.add(MODIFY_ACCOUNT);
NAMES_ALL.add(PRIORITY); NAMES_ALL.add(PRIORITY);
NAMES_ALL.add(QUERY_LIMIT); NAMES_ALL.add(QUERY_LIMIT);
NAMES_ALL.add(READ_AS);
NAMES_ALL.add(RUN_AS); NAMES_ALL.add(RUN_AS);
NAMES_ALL.add(RUN_GC); NAMES_ALL.add(RUN_GC);
NAMES_ALL.add(STREAM_EVENTS); NAMES_ALL.add(STREAM_EVENTS);

2
java/com/google/gerrit/server/account/CapabilityCollection.java
View File

@@ -48,6 +48,7 @@ public class CapabilityCollection {
public final ImmutableList<PermissionRule> batchChangesLimit; public final ImmutableList<PermissionRule> batchChangesLimit;
public final ImmutableList<PermissionRule> emailReviewers; public final ImmutableList<PermissionRule> emailReviewers;
public final ImmutableList<PermissionRule> priority; public final ImmutableList<PermissionRule> priority;
public final ImmutableList<PermissionRule> readAs;
public final ImmutableList<PermissionRule> queryLimit; public final ImmutableList<PermissionRule> queryLimit;
public final ImmutableList<PermissionRule> createGroup; public final ImmutableList<PermissionRule> createGroup;
@@ -97,6 +98,7 @@ public class CapabilityCollection {
batchChangesLimit = getPermission(GlobalCapability.BATCH_CHANGES_LIMIT); batchChangesLimit = getPermission(GlobalCapability.BATCH_CHANGES_LIMIT);
emailReviewers = getPermission(GlobalCapability.EMAIL_REVIEWERS); emailReviewers = getPermission(GlobalCapability.EMAIL_REVIEWERS);
priority = getPermission(GlobalCapability.PRIORITY); priority = getPermission(GlobalCapability.PRIORITY);
readAs = getPermission(GlobalCapability.READ_AS);
queryLimit = getPermission(GlobalCapability.QUERY_LIMIT); queryLimit = getPermission(GlobalCapability.QUERY_LIMIT);
createGroup = getPermission(GlobalCapability.CREATE_GROUP); createGroup = getPermission(GlobalCapability.CREATE_GROUP);
} }

1
java/com/google/gerrit/server/config/CapabilityConstants.java
View File

@@ -34,6 +34,7 @@ public class CapabilityConstants extends TranslationBundle {
public String maintainServer; public String maintainServer;
public String modifyAccount; public String modifyAccount;
public String priority; public String priority;
public String readAs;
public String queryLimit; public String queryLimit;
public String runAs; public String runAs;
public String runGC; public String runGC;

1
java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
View File

@@ -172,6 +172,7 @@ public class DefaultPermissionBackend extends PermissionBackend {
case CREATE_PROJECT: case CREATE_PROJECT:
case MAINTAIN_SERVER: case MAINTAIN_SERVER:
case MODIFY_ACCOUNT: case MODIFY_ACCOUNT:
case READ_AS:
case STREAM_EVENTS: case STREAM_EVENTS:
case VIEW_ALL_ACCOUNTS: case VIEW_ALL_ACCOUNTS:
case VIEW_CONNECTIONS: case VIEW_CONNECTIONS:

1
java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java
View File

@@ -50,6 +50,7 @@ public class DefaultPermissionMappings {
.put(GlobalPermission.KILL_TASK, GlobalCapability.KILL_TASK) .put(GlobalPermission.KILL_TASK, GlobalCapability.KILL_TASK)
.put(GlobalPermission.MAINTAIN_SERVER, GlobalCapability.MAINTAIN_SERVER) .put(GlobalPermission.MAINTAIN_SERVER, GlobalCapability.MAINTAIN_SERVER)
.put(GlobalPermission.MODIFY_ACCOUNT, GlobalCapability.MODIFY_ACCOUNT) .put(GlobalPermission.MODIFY_ACCOUNT, GlobalCapability.MODIFY_ACCOUNT)
.put(GlobalPermission.READ_AS, GlobalCapability.READ_AS)
.put(GlobalPermission.RUN_AS, GlobalCapability.RUN_AS) .put(GlobalPermission.RUN_AS, GlobalCapability.RUN_AS)
.put(GlobalPermission.RUN_GC, GlobalCapability.RUN_GC) .put(GlobalPermission.RUN_GC, GlobalCapability.RUN_GC)
.put(GlobalPermission.STREAM_EVENTS, GlobalCapability.STREAM_EVENTS) .put(GlobalPermission.STREAM_EVENTS, GlobalCapability.STREAM_EVENTS)

1
java/com/google/gerrit/server/permissions/GlobalPermission.java
View File

@@ -43,6 +43,7 @@ public enum GlobalPermission implements GlobalOrPluginPermission {
KILL_TASK, KILL_TASK,
MAINTAIN_SERVER, MAINTAIN_SERVER,
MODIFY_ACCOUNT, MODIFY_ACCOUNT,
READ_AS,
RUN_AS, RUN_AS,
RUN_GC, RUN_GC,
STREAM_EVENTS, STREAM_EVENTS,

2
java/com/google/gerrit/sshd/commands/LsUserRefs.java
View File

@@ -42,7 +42,7 @@ import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository; import org.eclipse.jgit.lib.Repository;
import org.kohsuke.args4j.Option; import org.kohsuke.args4j.Option;
@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER) @RequiresCapability(GlobalCapability.READ_AS)
@CommandMetaData( @CommandMetaData(
name = "ls-user-refs", name = "ls-user-refs",
description = "List refs visible to a specific user", description = "List refs visible to a specific user",

1
javatests/com/google/gerrit/acceptance/rest/account/CapabilityInfo.java
View File

@@ -28,6 +28,7 @@ class CapabilityInfo {
public boolean modifyAccount; public boolean modifyAccount;
public boolean priority; public boolean priority;
public QueryLimit queryLimit; public QueryLimit queryLimit;
public boolean readAs;
public boolean runAs; public boolean runAs;
public boolean runGC; public boolean runGC;
public boolean streamEvents; public boolean streamEvents;

1
resources/com/google/gerrit/server/config/CapabilityConstants.properties
View File

@@ -10,6 +10,7 @@ killTask = Kill Task
maintainServer = Maintain Server maintainServer = Maintain Server
modifyAccount = Modify Account modifyAccount = Modify Account
priority = Priority priority = Priority
readAs = Read As
queryLimit = Query Limit queryLimit = Query Limit
runAs = Run As runAs = Run As
runGC = Run Garbage Collection runGC = Run Garbage Collection