Merge "Make it configurable whether the first user should become admin"
This commit is contained in:
David Pursehouse
@@ -970,10 +970,10 @@ Default is the number of CPUs.
|
||||
[[capability.administrateServer]]capability.administrateServer::
|
||||
+
|
||||
Names of groups of users that are allowed to exercise the
|
||||
administrateServer capability, in addition to those listed in
|
||||
`administrateServer` capability, in addition to those listed in
|
||||
All-Projects. Configuring this option can be a useful fail-safe
|
||||
to recover a server in the event an administrator removed all
|
||||
groups from the administrateServer capability, or to ensure that
|
||||
groups from the `administrateServer` capability, or to ensure that
|
||||
specific groups always have administration capabilities.
|
||||
+
|
||||
----
|
||||
@@ -987,7 +987,16 @@ name. If a group cannot be found for the configured name a warning
|
||||
is logged and the server will continue normal startup.
|
||||
+
|
||||
If not specified (default), only the groups listed by All-Projects
|
||||
may use the administrateServer capability.
|
||||
may use the `administrateServer` capability.
|
||||
|
||||
[[capability.makeFirstUserAdmin]]capability.makeFirstUserAdmin::
|
||||
+
|
||||
Whether the first user that logs in to the Gerrit server should
|
||||
automatically be added to the administrator group and hence get the
|
||||
`administrateServer` capability assigned. This is useful to bootstrap
|
||||
the authentication database.
|
||||
+
|
||||
Default is true.
|
||||
|
||||
|
||||
[[change]]
|
||||
|
||||
@@ -30,6 +30,7 @@ import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.externalids.ExternalId;
|
||||
import com.google.gerrit.server.account.externalids.ExternalIds;
|
||||
import com.google.gerrit.server.account.externalids.ExternalIdsUpdate;
|
||||
import com.google.gerrit.server.config.GerritServerConfig;
|
||||
import com.google.gerrit.server.project.ProjectCache;
|
||||
import com.google.gerrit.server.query.account.InternalAccountQuery;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
@@ -43,6 +44,7 @@ import java.util.Collections;
|
||||
import java.util.Optional;
|
||||
import java.util.concurrent.atomic.AtomicBoolean;
|
||||
import org.eclipse.jgit.errors.ConfigInvalidException;
|
||||
import org.eclipse.jgit.lib.Config;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@@ -69,6 +71,7 @@ public class AccountManager {
|
||||
@Inject
|
||||
AccountManager(
|
||||
SchemaFactory<ReviewDb> schema,
|
||||
@GerritServerConfig Config cfg,
|
||||
Accounts accounts,
|
||||
AccountsUpdate.Server accountsUpdateFactory,
|
||||
AccountCache byIdCache,
|
||||
@@ -90,7 +93,8 @@ public class AccountManager {
|
||||
this.userFactory = userFactory;
|
||||
this.changeUserNameFactory = changeUserNameFactory;
|
||||
this.projectCache = projectCache;
|
||||
this.awaitsFirstAccountCheck = new AtomicBoolean(true);
|
||||
this.awaitsFirstAccountCheck =
|
||||
new AtomicBoolean(cfg.getBoolean("capability", "makeFirstUserAdmin", true));
|
||||
this.auditService = auditService;
|
||||
this.accountQueryProvider = accountQueryProvider;
|
||||
this.externalIds = externalIds;
|
||||
|
||||
Reference in New Issue
Block a user