From cbd22ac099da8238152224cb628b9f79dcb10bd7 Mon Sep 17 00:00:00 2001
From: David Pursehouse <david.pursehouse@sonymobile.com>
Date: Sun, 9 Jun 2013 08:03:14 +0900
Subject: [PATCH] Add a global capability to allow generating HTTP passwords

The capability `generateHttpPassword` allows non-administrator
users to generate HTTP passwords for users other than self.

This capability would typically be assigned to a non-interactive
group to be able to register HTTP passwords for users from a
tool or web service that uses the Gerrit REST API.

Change-Id: I3d77cd406b0258d68cd0b8bb4dfbdcec97112450
---
 Documentation/access-control.txt                     |  8 ++++++++
 .../google/gerrit/common/data/GlobalCapability.java  |  3 +++
 .../gerrit/server/account/CapabilityControl.java     |  6 ++++++
 .../gerrit/server/account/PutHttpPassword.java       | 12 ++++++++----
 4 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt
index 500d824819..a3bfe2715b 100644
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@@ -1203,6 +1203,14 @@ This capability doesn't imply permissions to the show-caches command.  For that
 you need the <<capability_viewCaches,view caches capability>>.
 
 
+[[capability_generateHttpPassword]]
+Generate HTTP Password
+~~~~~~~~~~~~~~~~~~~~~~
+
+Allow the user to generate HTTP passwords for other users.  Typically this would
+be assigned to a non-interactive users group.
+
+
 [[capability_kill]]
 Kill Task
 ~~~~~~~~~
diff --git a/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java b/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
index 8c08feb67e..b8de9aecf5 100644
--- a/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
+++ b/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
@@ -58,6 +58,9 @@ public class GlobalCapability {
   /** Can flush any cache except the active web_sessions cache. */
   public static final String FLUSH_CACHES = "flushCaches";
 
+  /** Can generate HTTP passwords for user other than self. */
+  public static final String GENERATE_HTTP_PASSWORD = "generateHttpPassword";
+
   /** Can terminate any task using the kill command. */
   public static final String KILL_TASK = "killTask";
 
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
index d2014ecb89..fad94655a3 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
@@ -154,6 +154,12 @@ public class CapabilityControl {
         || canAdministrateServer();
   }
 
+  /** @return true if the user can generate HTTP passwords for users other than self. */
+  public boolean canGenerateHttpPassword() {
+    return canPerform(GlobalCapability.GENERATE_HTTP_PASSWORD)
+        || canAdministrateServer();
+  }
+
   /** @return which priority queue the user's tasks should be submitted to. */
   public QueueProvider.QueueType getQueueType() {
     // If a non-generic group (that is not Anonymous Users or Registered Users)
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
index fa6e4d6fd9..e796cbb7e8 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
@@ -68,13 +68,17 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
   @Override
   public Response<String> apply(AccountResource rsrc, Input input) throws AuthException,
       ResourceNotFoundException, ResourceConflictException, OrmException {
-    if (self.get() != rsrc.getUser()
-        && !self.get().getCapabilities().canAdministrateServer()) {
-      throw new AuthException("not allowed to set HTTP password");
-    }
     if (input == null) {
       input = new Input();
     }
+    if (self.get() != rsrc.getUser()
+        && !self.get().getCapabilities().canAdministrateServer()) {
+      if (input.generate && !self.get().getCapabilities().canGenerateHttpPassword()) {
+        throw new AuthException("not allowed to generate HTTP password");
+      } else {
+        throw new AuthException("not allowed to set HTTP password");
+      }
+    }
     if (rsrc.getUser().getUserName() == null) {
       throw new ResourceConflictException("username must be set");
     }