Check required capabilities during UiAction gathering

Currently UiAction imlementation has to provide isVisible() method.
If UiAction specifies RequiresCapability annotation, then that check
can be done during UiAction gathering.  The following prerequisities
must be met, to satisfy the check:

 1. user has to be authenticated
 2.1 user is a member of the Administrators group or
 2.2 user is a member of a group, which has the required capability

Change-Id: I0bfb8dd5048bd2a52583f83aa38105bc176f1cca

gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/changedetail/PatchSetDetailFactory.java

@@ -48,6 +48,7 @@ import com.google.gerrit.server.project.NoSuchChangeException;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
 import com.google.inject.assistedinject.Assisted;
+import com.google.inject.util.Providers;
 
 import org.eclipse.jgit.lib.ObjectId;
 import org.slf4j.Logger;
@@ -179,7 +180,8 @@ class PatchSetDetailFactory extends Handler<PatchSetDetail> {
     detail.setCommands(Lists.newArrayList(Iterables.transform(
         UiActions.sorted(UiActions.plugins(UiActions.from(
           revisions,
-          new RevisionResource(new ChangeResource(control), patchSet)))),
+          new RevisionResource(new ChangeResource(control), patchSet),
+          Providers.of(user)))),
         new Function<UiAction.Description, UiCommandDetail>() {
           @Override
           public UiCommandDetail apply(UiAction.Description in) {

gerrit-server/src/main/java/com/google/gerrit/server/change/ChangeJson.java

@@ -123,7 +123,7 @@ public class ChangeJson {
 
   private final Provider<ReviewDb> db;
   private final LabelNormalizer labelNormalizer;
-  private final CurrentUser user;
+  private final Provider<CurrentUser> user;
   private final AnonymousUser anonymous;
   private final IdentifiedUser.GenericFactory userFactory;
   private final ChangeControl.GenericFactory changeControlGenericFactory;
@@ -144,7 +144,7 @@ public class ChangeJson {
   ChangeJson(
       Provider<ReviewDb> db,
       LabelNormalizer ln,
-      CurrentUser u,
+      Provider<CurrentUser> userProvider,
       AnonymousUser au,
       IdentifiedUser.GenericFactory uf,
       ChangeControl.GenericFactory ccf,
@@ -157,7 +157,7 @@ public class ChangeJson {
       Revisions revisions) {
     this.db = db;
     this.labelNormalizer = ln;
-    this.user = u;
+    this.user = userProvider;
     this.anonymous = au;
     this.userFactory = uf;
     this.changeControlGenericFactory = ccf;
@@ -256,7 +256,9 @@ public class ChangeJson {
     out.updated = in.getLastUpdatedOn();
     out._number = in.getId().get();
     out._sortkey = in.getSortKey();
-    out.starred = user.getStarredChanges().contains(in.getId()) ? true : null;
+    out.starred = user.get().getStarredChanges().contains(in.getId())
+        ? true
+        : null;
     out.reviewed = in.getStatus().isOpen() && isChangeReviewed(cd) ? true : null;
     out.labels = labelsFor(cd, has(LABELS), has(DETAILED_LABELS));
 
@@ -290,7 +292,8 @@ public class ChangeJson {
       out.actions = Maps.newTreeMap();
       for (UiAction.Description d : UiActions.from(
           changes,
-          new ChangeResource(control(cd)))) {
+          new ChangeResource(control(cd)),
+          user)) {
         out.actions.put(d.getId(), new ActionInfo(d));
       }
     }
@@ -311,7 +314,8 @@ public class ChangeJson {
       if (changeControlUserFactory != null) {
         ctrl = changeControlUserFactory.controlFor(cd.change(db));
       } else {
-        ctrl = changeControlGenericFactory.controlFor(cd.change(db), user);
+        ctrl = changeControlGenericFactory.controlFor(cd.change(db),
+            user.get());
       }
     } catch (NoSuchChangeException e) {
       return null;
@@ -776,7 +780,8 @@ public class ChangeJson {
       out.actions = Maps.newTreeMap();
       for (UiAction.Description d : UiActions.from(
           revisions,
-          new RevisionResource(new ChangeResource(control(cd)), in))) {
+          new RevisionResource(new ChangeResource(control(cd)), in),
+          user)) {
         out.actions.put(d.getId(), new ActionInfo(d));
       }
     }

gerrit-server/src/main/java/com/google/gerrit/server/extensions/webui/UiActions.java

@@ -20,11 +20,15 @@ import com.google.common.base.Predicates;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Lists;
 import com.google.gerrit.extensions.registration.DynamicMap;
+import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.extensions.restapi.RestCollection;
 import com.google.gerrit.extensions.restapi.RestResource;
 import com.google.gerrit.extensions.restapi.RestView;
 import com.google.gerrit.extensions.webui.PrivateInternals_UiActionDescription;
 import com.google.gerrit.extensions.webui.UiAction;
+import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.account.CapabilityUtils;
+import com.google.inject.Provider;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -70,13 +74,15 @@ public class UiActions {
 
   public static <R extends RestResource> Iterable<UiAction.Description> from(
       RestCollection<?, R> collection,
-      R resource) {
+      R resource,
-    return from(collection.views(), resource);
+      Provider<CurrentUser> userProvider) {
+    return from(collection.views(), resource, userProvider);
   }
 
   public static <R extends RestResource> Iterable<UiAction.Description> from(
       DynamicMap<RestView<R>> views,
-      final R resource) {
+      final R resource,
+      final Provider<CurrentUser> userProvider) {
     return Iterables.filter(
       Iterables.transform(
         views,
@@ -103,6 +109,13 @@ public class UiActions {
               return null;
             }
 
+            try {
+              CapabilityUtils.checkRequiresCapability(userProvider,
+                  e.getPluginName(), view.getClass());
+            } catch (AuthException exc) {
+              return null;
+            }
+
             UiAction.Description dsc =
                 ((UiAction<R>) view).getDescription(resource);
             if (dsc == null || !dsc.isVisible()) {