Add a global capability to allow generating HTTP passwords

The capability `generateHttpPassword` allows non-administrator users to generate HTTP passwords for users other than self. This capability would typically be assigned to a non-interactive group to be able to register HTTP passwords for users from a tool or web service that uses the Gerrit REST API. Change-Id: I3d77cd406b0258d68cd0b8bb4dfbdcec97112450
2013-06-09 08:03:14 +09:00
parent 11c4c5f815
commit cbd22ac099
4 changed files with 25 additions and 4 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
@@ -154,6 +154,12 @@ public class CapabilityControl {
        || canAdministrateServer();
  }

+  /** @return true if the user can generate HTTP passwords for users other than self. */
+  public boolean canGenerateHttpPassword() {
+    return canPerform(GlobalCapability.GENERATE_HTTP_PASSWORD)
+        || canAdministrateServer();
+  }
+
  /** @return which priority queue the user's tasks should be submitted to. */
  public QueueProvider.QueueType getQueueType() {
    // If a non-generic group (that is not Anonymous Users or Registered Users)