opendev/gerrit
Code Issues Proposed changes

Allow to delegate modify account commands to non administrators

Browse Source 
Currently only administrators groups allow to modify accounts. This
is impractical on very big installations. Add modify account global
capability and allow administrators to optionally delegate this job.

Bug: Issue 2786
Change-Id: Icc105c39e76908a075e89ec14921972b91866dd4
This commit is contained in:
David Ostrovsky
2014-07-22 00:55:47 +02:00
committed by David Pursehouse
parent e715d2484a
commit aa49e277a3
20 changed files with 48 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/SetAccountCommand.java
View File

@@ -14,7 +14,9 @@
package com.google.gerrit.sshd.commands;
import com.google.gerrit.common.data.GlobalCapability;
import com.google.gerrit.common.errors.EmailException;
import com.google.gerrit.extensions.annotations.RequiresCapability;
import com.google.gerrit.extensions.restapi.RawInput;
import com.google.gerrit.extensions.restapi.ResourceNotFoundException;
import com.google.gerrit.extensions.restapi.RestApiException;
@@ -55,6 +57,7 @@ import java.util.List;
/** Set a user's account settings. **/
@CommandMetaData(name = "set-account", description = "Change an account's settings")
@RequiresCapability(GlobalCapability.MODIFY_ACCOUNT)
final class SetAccountCommand extends BaseCommand {
@Argument(index = 0, required = true, metaVar = "USER", usage = "full name, email-address, ssh username or account id")
@@ -84,9 +87,6 @@ final class SetAccountCommand extends BaseCommand {
@Option(name = "--http-password", metaVar = "PASSWORD", usage = "password for HTTP authentication for the account")
private String httpPassword;
@Inject
private IdentifiedUser currentUser;
@Inject
private IdentifiedUser.GenericFactory genericUserFactory;
@@ -128,13 +128,6 @@ final class SetAccountCommand extends BaseCommand {
startThread(new CommandRunnable() {
@Override
public void run() throws Exception {
if (!currentUser.getCapabilities().canAdministrateServer()) {
String msg =
String.format(
"fatal: %s does not have \"Administrator\" capability.",
currentUser.getUserName());
throw new UnloggedFailure(1, msg);
}
parseCommandLine();
validate();
setAccount();