Make administrator, create-project a global capability

This gets rid of the special entries in system_config and gerrit.config related to who the Administrators group is, or which groups are permitted to create new projects on this server. An interesting side effect of this change is admins can now actually remove the blessed Administrators group and run the server entirely without it. Fine grained rules can be used for most permissions, and direct access to the All-Projects.git repository can be used for cases where the "Administrate Site" override power is needed. Another benefit is the 'Create Project' capability is now dynamic, and can be modified at runtime without a server restart. Bug: issue 742 Change-Id: I44702010a4a521fd67d986d5b20411002c9481dd
2011-06-16 16:59:59 -07:00
parent c7e736a157
commit 897d9218ac
51 changed files with 511 additions and 410 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectCacheImpl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectCacheImpl.java
@@ -18,6 +18,7 @@ import com.google.gerrit.reviewdb.Project;
 import com.google.gerrit.server.cache.Cache;
 import com.google.gerrit.server.cache.CacheModule;
 import com.google.gerrit.server.cache.EntryCreator;
+import com.google.gerrit.server.config.AllProjectsName;
 import com.google.gerrit.server.config.ConfigUtil;
 import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gerrit.server.git.GitRepositoryManager;
@@ -66,6 +67,7 @@ public class ProjectCacheImpl implements ProjectCache {
    };
  }

+  private final AllProjectsName allProjectsName;
  private final Cache<Project.NameKey, ProjectState> byName;
  private final Cache<ListKey,SortedSet<Project.NameKey>> list;
  private final Lock listLock;
@@ -73,9 +75,11 @@ public class ProjectCacheImpl implements ProjectCache {

  @Inject
  ProjectCacheImpl(
+      final AllProjectsName allProjectsName,
      @Named(CACHE_NAME) final Cache<Project.NameKey, ProjectState> byName,
      @Named(CACHE_LIST) final Cache<ListKey, SortedSet<Project.NameKey>> list,
      @GerritServerConfig final Config serverConfig) {
+    this.allProjectsName = allProjectsName;
    this.byName = byName;
    this.list = list;
    this.listLock = new ReentrantLock(true /* fair */);
@@ -102,6 +106,17 @@ public class ProjectCacheImpl implements ProjectCache {
    }
  }

+  @Override
+  public ProjectState getAllProjects() {
+    ProjectState state = get(allProjectsName);
+    if (state == null) {
+      // This should never occur, the server must have this
+      // project to process anything.
+      throw new IllegalStateException("Missing project " + allProjectsName);
+    }
+    return state;
+  }
+
  /**
   * Get the cached data for a project by its unique name.
   *