Permit adding all users to reviews and groups

Prior to the REST API users could be added to a code review or to
a group if a unique specification for their account is input. The
visiblity flag managed by canSee() was only about presentation in
suggestion results.

Revert to that older behavior. A user should be able to add someone
to a code review if they enter their email address exactly, even if
suggestion does not trigger for the account. Group owners should be
able to add anyone to a group for the same reason.

Change-Id: Ie37fbcd944c20764267229eeaca319ceb3fc040c

gerrit-server/src/main/java/com/google/gerrit/server/account/AccountControl.java

@@ -139,7 +139,7 @@ public class AccountControl {
       default:
         throw new IllegalStateException("Bad AccountVisibility " + accountVisibility);
     }
-    return false;
+    return currentUser.getCapabilities().canAdministrateServer();
   }
 
   private Set<AccountGroup.UUID> groupsOf(Account.Id account) {

gerrit-server/src/main/java/com/google/gerrit/server/account/AccountsCollection.java

@@ -60,6 +60,8 @@ public class AccountsCollection implements
     IdentifiedUser user = _parse(id.get());
     if (user == null) {
       throw new ResourceNotFoundException(id);
+    } else if (!accountControlFactory.get().canSee(user.getAccount())) {
+      throw new ResourceNotFoundException(id);
     }
     return new AccountResource(user);
   }
@@ -102,14 +104,7 @@ public class AccountsCollection implements
     if (matches.size() != 1) {
       return null;
     }
-
+    return userFactory.create(Iterables.getOnlyElement(matches));
-    Account.Id a = Iterables.getOnlyElement(matches);
-    if (accountControlFactory.get().canSee(a)
-        || user.getCapabilities().canAdministrateServer()) {
-      return userFactory.create(a);
-    } else {
-      return null;
-    }
   }
 
   @Override