diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java b/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java index be1ffbf7cb..0288fdca9c 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java @@ -23,6 +23,7 @@ import com.google.gerrit.common.data.LabelType; import com.google.gerrit.common.data.LabelValue; import com.google.gerrit.common.data.Permission; import com.google.gerrit.common.data.PermissionRule; +import com.google.gerrit.common.data.PermissionRule.Action; import com.google.gerrit.reviewdb.client.AccountGroup; import com.google.gerrit.reviewdb.client.Project; import com.google.gerrit.reviewdb.client.Project.InheritableBoolean; @@ -50,6 +51,7 @@ public class AllProjectsCreator { private final PersonIdent serverUser; private GroupReference admin; + private GroupReference batch; private GroupReference anonymous; private GroupReference registered; private GroupReference owners; @@ -79,6 +81,11 @@ public class AllProjectsCreator { return this; } + public AllProjectsCreator setBatchUsers(GroupReference batch) { + this.batch = batch; + return this; + } + public void create() throws IOException, ConfigInvalidException { Repository git = null; try { @@ -132,6 +139,13 @@ public class AllProjectsCreator { grant(config, cap, GlobalCapability.ADMINISTRATE_SERVER, admin); grant(config, all, Permission.READ, admin, anonymous); + if (batch != null) { + Permission priority = cap.getPermission(GlobalCapability.PRIORITY, true); + PermissionRule r = rule(config, batch); + r.setAction(Action.BATCH); + priority.add(r); + } + LabelType cr = initCodeReviewLabel(config); grant(config, heads, cr, -1, 1, registered); grant(config, heads, cr, -2, 2, admin, owners); diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java b/gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java index 8e8995a615..0e89a757be 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java @@ -51,6 +51,7 @@ public class SchemaCreator { private AccountGroup anonymous; private AccountGroup registered; private AccountGroup owners; + private AccountGroup batch; @Inject public SchemaCreator(SitePaths site, @@ -90,6 +91,7 @@ public class SchemaCreator { initSystemConfig(db); allProjectsCreator .setAdministrators(GroupReference.forGroup(admin)) + .setBatchUsers(GroupReference.forGroup(batch)) .create(); dataSourceType.getIndexScript().run(db); } @@ -131,13 +133,13 @@ public class SchemaCreator { c.accountGroupNames().insert( Collections.singleton(new AccountGroupName(registered))); - final AccountGroup batchUsers = newGroup(c, "Non-Interactive Users", null); - batchUsers.setDescription("Users who perform batch actions on Gerrit"); - batchUsers.setOwnerGroupUUID(admin.getGroupUUID()); - batchUsers.setType(AccountGroup.Type.INTERNAL); - c.accountGroups().insert(Collections.singleton(batchUsers)); + batch = newGroup(c, "Non-Interactive Users", null); + batch.setDescription("Users who perform batch actions on Gerrit"); + batch.setOwnerGroupUUID(admin.getGroupUUID()); + batch.setType(AccountGroup.Type.INTERNAL); + c.accountGroups().insert(Collections.singleton(batch)); c.accountGroupNames().insert( - Collections.singleton(new AccountGroupName(batchUsers))); + Collections.singleton(new AccountGroupName(batch))); owners = newGroup(c, "Project Owners", AccountGroup.PROJECT_OWNERS); owners.setDescription("Any owner of the project");