diff --git a/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java b/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java index d9ad274374..f42811cdc7 100644 --- a/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java +++ b/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java @@ -106,6 +106,7 @@ public class GlobalCapability { NAMES_ALL.add(CREATE_PROJECT); NAMES_ALL.add(EMAIL_REVIEWERS); NAMES_ALL.add(FLUSH_CACHES); + NAMES_ALL.add(GENERATE_HTTP_PASSWORD); NAMES_ALL.add(KILL_TASK); NAMES_ALL.add(PRIORITY); NAMES_ALL.add(QUERY_LIMIT); diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java index 47047ed2d4..1a6627743e 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java @@ -20,6 +20,7 @@ import static com.google.gerrit.common.data.GlobalCapability.CREATE_GROUP; import static com.google.gerrit.common.data.GlobalCapability.CREATE_PROJECT; import static com.google.gerrit.common.data.GlobalCapability.EMAIL_REVIEWERS; import static com.google.gerrit.common.data.GlobalCapability.FLUSH_CACHES; +import static com.google.gerrit.common.data.GlobalCapability.GENERATE_HTTP_PASSWORD; import static com.google.gerrit.common.data.GlobalCapability.KILL_TASK; import static com.google.gerrit.common.data.GlobalCapability.PRIORITY; import static com.google.gerrit.common.data.GlobalCapability.RUN_GC; @@ -113,6 +114,7 @@ class GetCapabilities implements RestReadView { have.put(CREATE_PROJECT, cc.canCreateProject()); have.put(EMAIL_REVIEWERS, cc.canEmailReviewers()); have.put(FLUSH_CACHES, cc.canFlushCaches()); + have.put(GENERATE_HTTP_PASSWORD, cc.canGenerateHttpPassword()); have.put(KILL_TASK, cc.canKillTask()); have.put(RUN_GC, cc.canRunGC()); have.put(STREAM_EVENTS, cc.canStreamEvents()); diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetHttpPassword.java index c49ab98937..e0800151b9 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetHttpPassword.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetHttpPassword.java @@ -36,7 +36,7 @@ public class GetHttpPassword implements RestReadView { public String apply(AccountResource rsrc) throws AuthException, ResourceNotFoundException { if (self.get() != rsrc.getUser() - && !self.get().getCapabilities().canAdministrateServer()) { + && !self.get().getCapabilities().canGenerateHttpPassword()) { throw new AuthException("not allowed to get http password"); } AccountState s = rsrc.getUser().state(); diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java index 3903050240..93b35c674e 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java @@ -86,14 +86,14 @@ public class PutHttpPassword implements RestModifyView { } else if (input.httpPassword == null) { if (self.get() != rsrc.getUser() - && !self.get().getCapabilities().canAdministrateServer()) { + && !self.get().getCapabilities().canGenerateHttpPassword()) { throw new AuthException("not allowed to clear HTTP password"); } newPassword = null; } else { - if (!self.get().getCapabilities().canAdministrateServer()) { + if (!self.get().getCapabilities().canGenerateHttpPassword()) { throw new AuthException("not allowed to set HTTP password directly, " - + "need to be Gerrit administrator"); + + "requires the Generate HTTP Password permission"); } newPassword = input.httpPassword; } diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/CapabilityConstants.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/CapabilityConstants.java index 289173b0ae..2c1632f30a 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/config/CapabilityConstants.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/CapabilityConstants.java @@ -29,6 +29,7 @@ public class CapabilityConstants extends TranslationBundle { public String createProject; public String emailReviewers; public String flushCaches; + public String generateHttpPassword; public String killTask; public String priority; public String queryLimit; diff --git a/gerrit-server/src/main/resources/com/google/gerrit/server/config/CapabilityConstants.properties b/gerrit-server/src/main/resources/com/google/gerrit/server/config/CapabilityConstants.properties index 9eb7d9b420..a1e0e1d2d5 100644 --- a/gerrit-server/src/main/resources/com/google/gerrit/server/config/CapabilityConstants.properties +++ b/gerrit-server/src/main/resources/com/google/gerrit/server/config/CapabilityConstants.properties @@ -5,6 +5,7 @@ createGroup = Create Group createProject = Create Project emailReviewers = Email Reviewers flushCaches = Flush Caches +generateHttpPassword = Generate HTTP Password killTask = Kill Task priority = Priority queryLimit = Query Limit