Merge "init: configure "Non-Interactive Users" as batch priority"

gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java

@@ -23,6 +23,7 @@ import com.google.gerrit.common.data.LabelType;
 import com.google.gerrit.common.data.LabelValue;
 import com.google.gerrit.common.data.Permission;
 import com.google.gerrit.common.data.PermissionRule;
+import com.google.gerrit.common.data.PermissionRule.Action;
 import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.reviewdb.client.Project.InheritableBoolean;
@@ -50,6 +51,7 @@ public class AllProjectsCreator {
   private final PersonIdent serverUser;
 
   private GroupReference admin;
+  private GroupReference batch;
   private GroupReference anonymous;
   private GroupReference registered;
   private GroupReference owners;
@@ -79,6 +81,11 @@ public class AllProjectsCreator {
     return this;
   }
 
+  public AllProjectsCreator setBatchUsers(GroupReference batch) {
+    this.batch = batch;
+    return this;
+  }
+
   public void create() throws IOException, ConfigInvalidException {
     Repository git = null;
     try {
@@ -132,6 +139,13 @@ public class AllProjectsCreator {
     grant(config, cap, GlobalCapability.ADMINISTRATE_SERVER, admin);
     grant(config, all, Permission.READ, admin, anonymous);
 
+    if (batch != null) {
+      Permission priority = cap.getPermission(GlobalCapability.PRIORITY, true);
+      PermissionRule r = rule(config, batch);
+      r.setAction(Action.BATCH);
+      priority.add(r);
+    }
+
     LabelType cr = initCodeReviewLabel(config);
     grant(config, heads, cr, -1, 1, registered);
     grant(config, heads, cr, -2, 2, admin, owners);

gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java

@@ -51,6 +51,7 @@ public class SchemaCreator {
   private AccountGroup anonymous;
   private AccountGroup registered;
   private AccountGroup owners;
+  private AccountGroup batch;
 
   @Inject
   public SchemaCreator(SitePaths site,
@@ -90,6 +91,7 @@ public class SchemaCreator {
     initSystemConfig(db);
     allProjectsCreator
       .setAdministrators(GroupReference.forGroup(admin))
+      .setBatchUsers(GroupReference.forGroup(batch))
       .create();
     dataSourceType.getIndexScript().run(db);
   }
@@ -131,13 +133,13 @@ public class SchemaCreator {
     c.accountGroupNames().insert(
         Collections.singleton(new AccountGroupName(registered)));
 
-    final AccountGroup batchUsers = newGroup(c, "Non-Interactive Users", null);
-    batchUsers.setDescription("Users who perform batch actions on Gerrit");
-    batchUsers.setOwnerGroupUUID(admin.getGroupUUID());
-    batchUsers.setType(AccountGroup.Type.INTERNAL);
-    c.accountGroups().insert(Collections.singleton(batchUsers));
+    batch = newGroup(c, "Non-Interactive Users", null);
+    batch.setDescription("Users who perform batch actions on Gerrit");
+    batch.setOwnerGroupUUID(admin.getGroupUUID());
+    batch.setType(AccountGroup.Type.INTERNAL);
+    c.accountGroups().insert(Collections.singleton(batch));
     c.accountGroupNames().insert(
-        Collections.singleton(new AccountGroupName(batchUsers)));
+        Collections.singleton(new AccountGroupName(batch)));
 
     owners = newGroup(c, "Project Owners", AccountGroup.PROJECT_OWNERS);
     owners.setDescription("Any owner of the project");