Make administrator, create-project a global capability

This gets rid of the special entries in system_config and gerrit.config related to who the Administrators group is, or which groups are permitted to create new projects on this server. An interesting side effect of this change is admins can now actually remove the blessed Administrators group and run the server entirely without it. Fine grained rules can be used for most permissions, and direct access to the All-Projects.git repository can be used for cases where the "Administrate Site" override power is needed. Another benefit is the 'Create Project' capability is now dynamic, and can be modified at runtime without a server restart. Bug: issue 742 Change-Id: I44702010a4a521fd67d986d5b20411002c9481dd
2011-06-16 16:59:59 -07:00
parent c7e736a157
commit 897d9218ac
51 changed files with 511 additions and 410 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
@@ -21,10 +21,8 @@ import com.google.gerrit.common.data.Permission;
 import com.google.gerrit.common.data.PermissionRange;
 import com.google.gerrit.common.data.PermissionRule;
 import com.google.gerrit.reviewdb.AccountGroup;
-import com.google.gerrit.reviewdb.Project;
 import com.google.gerrit.server.CurrentUser;
-import com.google.gerrit.server.config.WildProjectName;
-import com.google.gerrit.server.project.NoSuchProjectException;
+import com.google.gerrit.server.PeerDaemonUser;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.gerrit.server.project.ProjectState;
 import com.google.inject.Inject;
@@ -47,15 +45,11 @@ public class CapabilityControl {
  private final CurrentUser user;
  private Map<String, List<PermissionRule>> permissions;

+  private Boolean canAdministrateServer;
+
  @Inject
-  CapabilityControl(
-      @WildProjectName Project.NameKey wp,
-      ProjectCache projectCache,
-      @Assisted CurrentUser currentUser) throws NoSuchProjectException {
-    state = projectCache.get(wp);
-    if (state == null) {
-      throw new NoSuchProjectException(wp);
-    }
+  CapabilityControl(ProjectCache projectCache, @Assisted CurrentUser currentUser) {
+    state = projectCache.getAllProjects();
    user = currentUser;
  }

@@ -64,44 +58,67 @@ public class CapabilityControl {
    return user;
  }

+  /** @return true if the user can administer this server. */
+  public boolean canAdministrateServer() {
+    if (canAdministrateServer == null) {
+      canAdministrateServer = user instanceof PeerDaemonUser
+          || canPerform(GlobalCapability.ADMINISTRATE_SERVER);
+    }
+    return canAdministrateServer;
+  }
+
  /** @return true if the user can create an account for another user. */
  public boolean canCreateAccount() {
-    return canPerform(GlobalCapability.CREATE_ACCOUNT) || user.isAdministrator();
+    return canPerform(GlobalCapability.CREATE_ACCOUNT)
+      || canAdministrateServer();
  }

  /** @return true if the user can create a group. */
  public boolean canCreateGroup() {
-    return canPerform(GlobalCapability.CREATE_GROUP) || user.isAdministrator();
+    return canPerform(GlobalCapability.CREATE_GROUP)
+      || canAdministrateServer();
+  }
+
+  /** @return true if the user can create a group. */
+  public boolean canCreateProject() {
+    return canPerform(GlobalCapability.CREATE_PROJECT)
+      || canAdministrateServer();
  }

  /** @return true if the user can kill any running task. */
  public boolean canKillTask() {
-    return canPerform(GlobalCapability.KILL_TASK) || user.isAdministrator();
+    return canPerform(GlobalCapability.KILL_TASK)
+      || canAdministrateServer();
  }

  /** @return true if the user can view the server caches. */
  public boolean canViewCaches() {
-    return canPerform(GlobalCapability.VIEW_CACHES) || user.isAdministrator();
+    return canPerform(GlobalCapability.VIEW_CACHES)
+      || canAdministrateServer();
  }

  /** @return true if the user can flush the server's caches. */
  public boolean canFlushCaches() {
-    return canPerform(GlobalCapability.FLUSH_CACHES) || user.isAdministrator();
+    return canPerform(GlobalCapability.FLUSH_CACHES)
+      || canAdministrateServer();
  }

  /** @return true if the user can view open connections. */
  public boolean canViewConnections() {
-    return canPerform(GlobalCapability.VIEW_CONNECTIONS) || user.isAdministrator();
+    return canPerform(GlobalCapability.VIEW_CONNECTIONS)
+        || canAdministrateServer();
  }

  /** @return true if the user can view the entire queue. */
  public boolean canViewQueue() {
-    return canPerform(GlobalCapability.VIEW_QUEUE) || user.isAdministrator();
+    return canPerform(GlobalCapability.VIEW_QUEUE)
+      || canAdministrateServer();
  }

  /** @return true if the user can force replication to any configured destination. */
  public boolean canStartReplication() {
-    return canPerform(GlobalCapability.START_REPLICATION) || user.isAdministrator();
+    return canPerform(GlobalCapability.START_REPLICATION)
+        || canAdministrateServer();
  }

  /** True if the user has this permission. Works only for non labels. */