Make administrator, create-project a global capability

This gets rid of the special entries in system_config and gerrit.config related to who the Administrators group is, or which groups are permitted to create new projects on this server. An interesting side effect of this change is admins can now actually remove the blessed Administrators group and run the server entirely without it. Fine grained rules can be used for most permissions, and direct access to the All-Projects.git repository can be used for cases where the "Administrate Site" override power is needed. Another benefit is the 'Create Project' capability is now dynamic, and can be modified at runtime without a server restart. Bug: issue 742 Change-Id: I44702010a4a521fd67d986d5b20411002c9481dd
2011-06-16 16:59:59 -07:00
parent c7e736a157
commit 897d9218ac
51 changed files with 511 additions and 410 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/mail/ChangeEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/mail/ChangeEmail.java
@@ -336,7 +336,7 @@ public abstract class ChangeEmail extends OutgoingEmail {
    }

    for (AccountProjectWatch w : args.db.get().accountProjectWatches()
-        .byProject(args.wildProject)) {
+        .byProject(args.allProjectsName)) {
      if (!projectWatchers.contains(w.getAccountId())) {
        add(matching, w);
      }
--- a/gerrit-server/src/main/java/com/google/gerrit/server/mail/EmailArguments.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/mail/EmailArguments.java
@@ -14,15 +14,14 @@

 package com.google.gerrit.server.mail;

-import com.google.gerrit.reviewdb.Project;
 import com.google.gerrit.reviewdb.ReviewDb;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.IdentifiedUser.GenericFactory;
 import com.google.gerrit.server.account.AccountCache;
 import com.google.gerrit.server.account.GroupCache;
+import com.google.gerrit.server.config.AllProjectsName;
 import com.google.gerrit.server.config.CanonicalWebUrl;
 import com.google.gerrit.server.config.SitePaths;
-import com.google.gerrit.server.config.WildProjectName;
 import com.google.gerrit.server.git.GitRepositoryManager;
 import com.google.gerrit.server.patch.PatchListCache;
 import com.google.gerrit.server.patch.PatchSetInfoFactory;
@@ -45,7 +44,7 @@ class EmailArguments {
  final PatchSetInfoFactory patchSetInfoFactory;
  final IdentifiedUser.GenericFactory identifiedUserFactory;
  final Provider<String> urlProvider;
-  final Project.NameKey wildProject;
+  final AllProjectsName allProjectsName;

  final ChangeQueryBuilder.Factory queryBuilder;
  final Provider<ChangeQueryRewriter> queryRewriter;
@@ -59,7 +58,7 @@ class EmailArguments {
      EmailSender emailSender, PatchSetInfoFactory patchSetInfoFactory,
      GenericFactory identifiedUserFactory,
      @CanonicalWebUrl @Nullable Provider<String> urlProvider,
-      @WildProjectName Project.NameKey wildProject,
+      AllProjectsName allProjectsName,
      ChangeQueryBuilder.Factory queryBuilder,
      Provider<ChangeQueryRewriter> queryRewriter, Provider<ReviewDb> db,
      SitePaths site) {
@@ -73,7 +72,7 @@ class EmailArguments {
    this.patchSetInfoFactory = patchSetInfoFactory;
    this.identifiedUserFactory = identifiedUserFactory;
    this.urlProvider = urlProvider;
-    this.wildProject = wildProject;
+    this.allProjectsName = allProjectsName;
    this.queryBuilder = queryBuilder;
    this.queryRewriter = queryRewriter;
    this.db = db;