Make deleting and publishing drafts a grantable permission

Some site Administrators want to be able to delete or publish draft changes or patch sets even though they are not the owner. Allowing members of the Administrators group to do this by default would not follow the principle that being in the group "does not imply other access rights", so instead add two new permission categories "Delete Draft Changes" and "Publish Draft Changes" which can be granted to the Administrator group, or indeed any other user group. Bug: Issue 1675 Change-Id: I37083544242a81d3d7fff0950b2edcd9fbe92ebf
2012-12-12 11:21:29 +09:00
parent b429ce1f50
commit be7f458826
5 changed files with 47 additions and 2 deletions
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@@ -787,6 +787,28 @@ draft changes (even without having the `View Drafts` access right
 assigned).


+[[category_publish_drafts]]
+Publish Drafts
+~~~~~~~~~~~~~~
+
+This category permits users to publish draft changes uploaded by other
+users.
+
+The change owner can always publish draft changes (even without having
+the `Publish Drafts` access right assigned).
+
+
+[[category_delete_drafts]]
+Delete Drafts
+~~~~~~~~~~~~~
+
+This category permits users to delete draft changes uploaded by other
+users.
+
+The change owner can always delete draft changes (even without having
+the `Delete Drafts` access right assigned).
+
+
 [[category_edit_topic_name]]
 Edit Topic Name
 ~~~~~~~~~~~~~~~
--- a/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java
+++ b/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java
@@ -23,12 +23,14 @@ import java.util.List;
 public class Permission implements Comparable<Permission> {
  public static final String ABANDON = "abandon";
  public static final String CREATE = "create";
+  public static final String DELETE_DRAFTS = "deleteDrafts";
  public static final String EDIT_TOPIC_NAME = "editTopicName";
  public static final String FORGE_AUTHOR = "forgeAuthor";
  public static final String FORGE_COMMITTER = "forgeCommitter";
  public static final String FORGE_SERVER = "forgeServerAsCommitter";
  public static final String LABEL = "label-";
  public static final String OWNER = "owner";
+  public static final String PUBLISH_DRAFTS = "publishDrafts";
  public static final String PUSH = "push";
  public static final String PUSH_MERGE = "pushMerge";
  public static final String PUSH_TAG = "pushTag";
@@ -61,6 +63,8 @@ public class Permission implements Comparable<Permission> {
    NAMES_LC.add(SUBMIT.toLowerCase());
    NAMES_LC.add(VIEW_DRAFTS.toLowerCase());
    NAMES_LC.add(EDIT_TOPIC_NAME.toLowerCase());
+    NAMES_LC.add(DELETE_DRAFTS.toLowerCase());
+    NAMES_LC.add(PUBLISH_DRAFTS.toLowerCase());

    labelIndex = NAMES_LC.indexOf(Permission.LABEL);
  }
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
@@ -103,11 +103,13 @@ addPermission = Add Permission ...
 permissionNames = \
 	abandon, \
 	create, \
+	deleteDrafts, \
 	editTopicName, \
 	forgeAuthor, \
 	forgeCommitter, \
 	forgeServerAsCommitter, \
 	owner, \
+	publishDrafts, \
 	push, \
 	pushMerge, \
 	pushTag, \
@@ -117,13 +119,16 @@ permissionNames = \
 	removeReviewer, \
 	submit, \
 	viewDrafts
+
 abandon = Abandon
 create = Create Reference
+deleteDrafts = Delete Drafts
 editTopicName = Edit Topic Name
 forgeAuthor = Forge Author Identity
 forgeCommitter = Forge Committer Identity
 forgeServerAsCommitter = Forge Server Identity
 owner = Owner
+publishDrafts = Publish Drafts
 push = Push
 pushMerge = Push Merge Commit
 pushTag = Push Annotated Tag
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
@@ -189,12 +189,14 @@ public class ChangeControl {

  /** Can this user publish this draft change or any draft patch set of this change? */
  public boolean canPublish(final ReviewDb db) throws OrmException {
-    return isOwner() && isVisible(db);
+    return (isOwner() || getRefControl().canPublishDrafts())
+        && isVisible(db);
  }

  /** Can this user delete this draft change or any draft patch set of this change? */
  public boolean canDeleteDraft(final ReviewDb db) throws OrmException {
-    return isOwner() && isVisible(db);
+    return (isOwner() || getRefControl().canDeleteDrafts())
+        && isVisible(db);
  }

  /** Can this user rebase this change? */
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
@@ -353,10 +353,22 @@ public class RefControl {
    return canPerform(Permission.VIEW_DRAFTS);
  }

+  /** @return true if this user can publish draft changes. */
+  public boolean canPublishDrafts() {
+    return canPerform(Permission.PUBLISH_DRAFTS);
+  }
+
+  /** @return true if this user can delete draft changes. */
+  public boolean canDeleteDrafts() {
+    return canPerform(Permission.DELETE_DRAFTS);
+  }
+
+  /** @return true if this user can edit topic names. */
  public boolean canEditTopicName() {
    return canPerform(Permission.EDIT_TOPIC_NAME);
  }

+  /** @return true if this user can force edit topic names. */
  public boolean canForceEditTopicName() {
    boolean result = false;
    for (PermissionRule rule : access(Permission.EDIT_TOPIC_NAME)) {