Add a global capability to allow generating HTTP passwords

The capability `generateHttpPassword` allows non-administrator users to generate HTTP passwords for users other than self. This capability would typically be assigned to a non-interactive group to be able to register HTTP passwords for users from a tool or web service that uses the Gerrit REST API. Change-Id: I3d77cd406b0258d68cd0b8bb4dfbdcec97112450
2013-06-09 08:03:14 +09:00
parent 11c4c5f815
commit cbd22ac099
4 changed files with 25 additions and 4 deletions
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@@ -1203,6 +1203,14 @@ This capability doesn't imply permissions to the show-caches command.  For that
 you need the <<capability_viewCaches,view caches capability>>.


+[[capability_generateHttpPassword]]
+Generate HTTP Password
+~~~~~~~~~~~~~~~~~~~~~~
+
+Allow the user to generate HTTP passwords for other users.  Typically this would
+be assigned to a non-interactive users group.
+
+
 [[capability_kill]]
 Kill Task
 ~~~~~~~~~
--- a/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
+++ b/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
@@ -58,6 +58,9 @@ public class GlobalCapability {
  /** Can flush any cache except the active web_sessions cache. */
  public static final String FLUSH_CACHES = "flushCaches";

+  /** Can generate HTTP passwords for user other than self. */
+  public static final String GENERATE_HTTP_PASSWORD = "generateHttpPassword";
+
  /** Can terminate any task using the kill command. */
  public static final String KILL_TASK = "killTask";

--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
@@ -154,6 +154,12 @@ public class CapabilityControl {
        || canAdministrateServer();
  }

+  /** @return true if the user can generate HTTP passwords for users other than self. */
+  public boolean canGenerateHttpPassword() {
+    return canPerform(GlobalCapability.GENERATE_HTTP_PASSWORD)
+        || canAdministrateServer();
+  }
+
  /** @return which priority queue the user's tasks should be submitted to. */
  public QueueProvider.QueueType getQueueType() {
    // If a non-generic group (that is not Anonymous Users or Registered Users)
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
@@ -68,13 +68,17 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
  @Override
  public Response<String> apply(AccountResource rsrc, Input input) throws AuthException,
      ResourceNotFoundException, ResourceConflictException, OrmException {
-    if (self.get() != rsrc.getUser()
-        && !self.get().getCapabilities().canAdministrateServer()) {
-      throw new AuthException("not allowed to set HTTP password");
-    }
    if (input == null) {
      input = new Input();
    }
+    if (self.get() != rsrc.getUser()
+        && !self.get().getCapabilities().canAdministrateServer()) {
+      if (input.generate && !self.get().getCapabilities().canGenerateHttpPassword()) {
+        throw new AuthException("not allowed to generate HTTP password");
+      } else {
+        throw new AuthException("not allowed to set HTTP password");
+      }
+    }
    if (rsrc.getUser().getUserName() == null) {
      throw new ResourceConflictException("username must be set");
    }