Move system groups into their own backend

Delete 'Anonymous Users', 'Registered Users', 'Project Owners' and
'Change Owner' from the database and account_groups table.  Define
them inside of a specialized SystemGroupBackend class.

Change-Id: Ia67add4630579f3d0ce25edcfd662bbcf918dc8f

gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/account/CapabilitiesIT.java

@@ -16,6 +16,7 @@ package com.google.gerrit.acceptance.rest.account;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import com.google.gerrit.acceptance.AbstractDaemonTest;
@@ -27,11 +28,10 @@ import com.google.gerrit.common.data.AccessSection;
 import com.google.gerrit.common.data.GlobalCapability;
 import com.google.gerrit.common.data.Permission;
 import com.google.gerrit.common.data.PermissionRule;
-import com.google.gerrit.reviewdb.client.AccountGroup;
-import com.google.gerrit.server.account.GroupCache;
 import com.google.gerrit.server.config.AllProjectsName;
 import com.google.gerrit.server.git.MetaDataUpdate;
 import com.google.gerrit.server.git.ProjectConfig;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.gson.Gson;
 import com.google.gson.reflect.TypeToken;
@@ -54,9 +54,6 @@ public class CapabilitiesIT extends AbstractDaemonTest {
   @Inject
   private MetaDataUpdate.Server metaDataUpdateFactory;
 
-  @Inject
-  private GroupCache groupCache;
-
   @Inject
   private ProjectCache projectCache;
 
@@ -113,6 +110,7 @@ public class CapabilitiesIT extends AbstractDaemonTest {
       if (GlobalCapability.PRIORITY.equals(c)) {
         assertFalse(info.priority);
       } else if (GlobalCapability.QUERY_LIMIT.equals(c)) {
+        assertNotNull("missing queryLimit", info.queryLimit);
         assertEquals(0, info.queryLimit.min);
         assertEquals(500, info.queryLimit.max);
       } else if (GlobalCapability.ACCESS_DATABASE.equals(c)) {
@@ -138,11 +136,9 @@ public class CapabilitiesIT extends AbstractDaemonTest {
         continue;
       }
       Permission p = s.getPermission(c, true);
-      AccountGroup projectOwnersGroup = groupCache.get(
+      p.add(new PermissionRule(
-          new AccountGroup.NameKey("Registered Users"));
+          config.resolve(SystemGroupBackend.getGroup(
-      PermissionRule rule = new PermissionRule(
+              SystemGroupBackend.REGISTERED_USERS))));
-          config.resolve(projectOwnersGroup));
-      p.add(rule);
     }
     config.commit(md);
     projectCache.evict(config.getProject());

gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/change/ChangeOwnerIT.java

@@ -31,12 +31,11 @@ import com.google.gerrit.common.data.AccessSection;
 import com.google.gerrit.common.data.Permission;
 import com.google.gerrit.common.data.PermissionRule;
 import com.google.gerrit.extensions.api.changes.ReviewInput;
-import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.reviewdb.server.ReviewDb;
-import com.google.gerrit.server.account.GroupCache;
 import com.google.gerrit.server.git.MetaDataUpdate;
 import com.google.gerrit.server.git.ProjectConfig;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.gwtorm.server.OrmException;
 import com.google.gwtorm.server.SchemaFactory;
@@ -69,9 +68,6 @@ public class ChangeOwnerIT extends AbstractDaemonTest {
   @Inject
   private ProjectCache projectCache;
 
-  @Inject
-  private GroupCache groupCache;
-
   private TestAccount owner;
   private TestAccount dev;
 
@@ -138,10 +134,8 @@ public class ChangeOwnerIT extends AbstractDaemonTest {
     ProjectConfig config = ProjectConfig.read(md);
     AccessSection s = config.getAccessSection("refs/heads/*", true);
     Permission p = s.getPermission(LABEL + "Code-Review", true);
-    AccountGroup changeOwnerGroup = groupCache
-        .get(new AccountGroup.NameKey("Change Owner"));
     PermissionRule rule = new PermissionRule(config
-        .resolve(changeOwnerGroup));
+        .resolve(SystemGroupBackend.getGroup(SystemGroupBackend.CHANGE_OWNER)));
     rule.setMin(-2);
     rule.setMax(+2);
     p.add(rule);

gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/group/DefaultGroupsIT.java

@@ -41,13 +41,13 @@ import java.util.Map;
 import java.util.Set;
 
 /**
- * An example test that tests presence of system groups in a newly initialized
+ * An example test that tests presence of default groups in a newly initialized
  * review site.
  *
  * The test shows how to perform these checks via SSH, REST or using Gerrit
  * internals.
  */
-public class SystemGroupsIT extends AbstractDaemonTest {
+public class DefaultGroupsIT extends AbstractDaemonTest {
 
   @Inject
   private SchemaFactory<ReviewDb> reviewDbProvider;
@@ -64,20 +64,16 @@ public class SystemGroupsIT extends AbstractDaemonTest {
   }
 
   @Test
-  public void systemGroupsCreated_ssh() throws JSchException, IOException {
+  public void defaultGroupsCreated_ssh() throws JSchException, IOException {
     SshSession session = new SshSession(server, admin);
     String result = session.exec("gerrit ls-groups");
     assertTrue(result.contains("Administrators"));
-    assertTrue(result.contains("Anonymous Users"));
-    assertTrue(result.contains("Change Owner"));
     assertTrue(result.contains("Non-Interactive Users"));
-    assertTrue(result.contains("Project Owners"));
-    assertTrue(result.contains("Registered Users"));
     session.close();
   }
 
   @Test
-  public void systemGroupsCreated_rest() throws IOException {
+  public void defaultGroupsCreated_rest() throws IOException {
     RestSession session = new RestSession(server, admin);
     RestResponse r = session.get("/groups/");
     Gson gson = new Gson();
@@ -85,15 +81,11 @@ public class SystemGroupsIT extends AbstractDaemonTest {
         gson.fromJson(r.getReader(), new TypeToken<Map<String, GroupInfo>>() {}.getType());
     Set<String> names = result.keySet();
     assertTrue(names.contains("Administrators"));
-    assertTrue(names.contains("Anonymous Users"));
-    assertTrue(names.contains("Change Owner"));
     assertTrue(names.contains("Non-Interactive Users"));
-    assertTrue(names.contains("Project Owners"));
-    assertTrue(names.contains("Registered Users"));
   }
 
   @Test
-  public void systemGroupsCreated_internals() throws OrmException {
+  public void defaultGroupsCreated_internals() throws OrmException {
     ReviewDb db = reviewDbProvider.open();
     try {
       Set<String> names = Sets.newHashSet();
@@ -101,11 +93,7 @@ public class SystemGroupsIT extends AbstractDaemonTest {
         names.add(g.getName());
       }
       assertTrue(names.contains("Administrators"));
-      assertTrue(names.contains("Anonymous Users"));
-      assertTrue(names.contains("Change Owner"));
       assertTrue(names.contains("Non-Interactive Users"));
-      assertTrue(names.contains("Project Owners"));
-      assertTrue(names.contains("Registered Users"));
     } finally {
       db.close();
     }

gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/group/GroupPropertiesIT.java

@@ -14,9 +14,8 @@
 
 package com.google.gerrit.acceptance.rest.group;
 
-import static com.google.gerrit.acceptance.rest.group.GroupAssert.toBoolean;
 import static com.google.gerrit.acceptance.rest.group.GroupAssert.assertGroupInfo;
-
+import static com.google.gerrit.acceptance.rest.group.GroupAssert.toBoolean;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
@@ -26,8 +25,10 @@ import com.google.gerrit.acceptance.AccountCreator;
 import com.google.gerrit.acceptance.RestResponse;
 import com.google.gerrit.acceptance.RestSession;
 import com.google.gerrit.acceptance.TestAccount;
+import com.google.gerrit.extensions.restapi.Url;
 import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.server.account.GroupCache;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gson.Gson;
 import com.google.gson.reflect.TypeToken;
 import com.google.inject.Inject;
@@ -69,8 +70,12 @@ public class GroupPropertiesIT extends AbstractDaemonTest {
     r.consume();
 
     // set name with name conflict
+    String newGroupName = "newGroup";
+    r = session.put("/groups/" + newGroupName);
+    r.consume();
+    assertEquals(HttpStatus.SC_CREATED, r.getStatusCode());
     GroupNameInput in = new GroupNameInput();
-    in.name = "Registered Users";
+    in.name = newGroupName;
     r = session.put(url, in);
     assertEquals(HttpStatus.SC_CONFLICT, r.getStatusCode());
     r.consume();
@@ -178,8 +183,12 @@ public class GroupPropertiesIT extends AbstractDaemonTest {
     GroupInfo newOwner = (new Gson()).fromJson(r.getReader(), new TypeToken<GroupInfo>() {}.getType());
     assertEquals(HttpStatus.SC_OK, r.getStatusCode());
     assertEquals(in.owner, newOwner.name);
-    adminGroup = groupCache.get(adminGroupName);
+    assertEquals(
-    assertGroupInfo(groupCache.get(adminGroup.getOwnerGroupUUID()), newOwner);
+        SystemGroupBackend.getGroup(SystemGroupBackend.REGISTERED_USERS).getName(),
+        newOwner.name);
+    assertEquals(
+        SystemGroupBackend.REGISTERED_USERS.get(),
+        Url.decode(newOwner.id));
     r.consume();
 
     // set owner by UUID

gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/group/ListGroupsIT.java

@@ -16,6 +16,8 @@ package com.google.gerrit.acceptance.rest.group;
 
 import static com.google.gerrit.acceptance.rest.group.GroupAssert.assertGroupInfo;
 import static com.google.gerrit.acceptance.rest.group.GroupAssert.assertGroups;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 
 import com.google.common.base.Function;
 import com.google.common.collect.Iterables;
@@ -35,6 +37,7 @@ import com.google.inject.Inject;
 
 import com.jcraft.jsch.JSchException;
 
+import org.apache.http.HttpStatus;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -79,13 +82,29 @@ public class ListGroupsIT extends AbstractDaemonTest {
   @Test
   public void testOnlyVisibleGroupsReturned() throws OrmException,
       JSchException, IOException {
-    Set<String> expectedGroups = Sets.newHashSet();
-    expectedGroups.add("Anonymous Users");
-    expectedGroups.add("Registered Users");
     TestAccount user = accounts.create("user", "user@example.com", "User");
-    RestResponse r = new RestSession(server, user).get("/groups/");
+    RestSession userSession = new RestSession(server, user);
+
+    String newGroupName = "newGroup";
+    GroupInput in = new GroupInput();
+    in.description = "a hidden group";
+    in.visible_to_all = false;
+    in.owner_id = groupCache.get(new AccountGroup.NameKey("Administrators"))
+        .getGroupUUID().get();
+    session.put("/groups/" + newGroupName, in).consume();
+
+    Set<String> expectedGroups = Sets.newHashSet(newGroupName);
+    RestResponse r = userSession.get("/groups/");
     Map<String, GroupInfo> result =
         (new Gson()).fromJson(r.getReader(), new TypeToken<Map<String, GroupInfo>>() {}.getType());
+    assertTrue("no groups visible", result.isEmpty());
+
+    assertEquals(HttpStatus.SC_CREATED, session.put(
+        String.format("/groups/%s/members/%s", newGroupName, user.username)
+      ).getStatusCode());
+
+    r = userSession.get("/groups/");
+    result = (new Gson()).fromJson(r.getReader(), new TypeToken<Map<String, GroupInfo>>() {}.getType());
     assertGroups(expectedGroups, result.keySet());
   }
 

gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/CreateProjectIT.java

@@ -34,6 +34,7 @@ import com.google.gerrit.reviewdb.client.Project.InheritableBoolean;
 import com.google.gerrit.reviewdb.client.Project.SubmitType;
 import com.google.gerrit.server.account.GroupCache;
 import com.google.gerrit.server.git.GitRepositoryManager;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.gerrit.server.project.ProjectState;
 import com.google.gson.Gson;
@@ -152,16 +153,16 @@ public class CreateProjectIT extends AbstractDaemonTest {
     final String newProjectName = "newProject";
     ProjectInput in = new ProjectInput();
     in.owners = Lists.newArrayListWithCapacity(3);
-    in.owners.add("Administrators"); // by name
+    in.owners.add("Anonymous Users"); // by name
-    in.owners.add(groupUuid("Registered Users").get()); // by group UUID
+    in.owners.add(SystemGroupBackend.REGISTERED_USERS.get()); // by UUID
-    in.owners.add(Integer.toString(groupCache.get(new AccountGroup.NameKey("Anonymous Users"))
+    in.owners.add(Integer.toString(groupCache.get(
-        .getId().get())); // by legacy group ID
+        new AccountGroup.NameKey("Administrators")).getId().get())); // by ID
     session.put("/projects/" + newProjectName, in);
     ProjectState projectState = projectCache.get(new Project.NameKey(newProjectName));
     Set<AccountGroup.UUID> expectedOwnerIds = Sets.newHashSetWithExpectedSize(3);
+    expectedOwnerIds.add(SystemGroupBackend.ANONYMOUS_USERS);
+    expectedOwnerIds.add(SystemGroupBackend.REGISTERED_USERS);
     expectedOwnerIds.add(groupUuid("Administrators"));
-    expectedOwnerIds.add(groupUuid("Registered Users"));
-    expectedOwnerIds.add(groupUuid("Anonymous Users"));
     assertProjectOwners(expectedOwnerIds, projectState);
   }
 

gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/DeleteBranchIT.java

@@ -27,13 +27,12 @@ import com.google.gerrit.acceptance.TestAccount;
 import com.google.gerrit.common.data.AccessSection;
 import com.google.gerrit.common.data.Permission;
 import com.google.gerrit.common.data.PermissionRule;
-import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Branch;
 import com.google.gerrit.reviewdb.client.Project;
-import com.google.gerrit.server.account.GroupCache;
 import com.google.gerrit.server.config.AllProjectsNameProvider;
 import com.google.gerrit.server.git.MetaDataUpdate;
 import com.google.gerrit.server.git.ProjectConfig;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.inject.Inject;
 
@@ -55,9 +54,6 @@ public class DeleteBranchIT extends AbstractDaemonTest {
   @Inject
   private ProjectCache projectCache;
 
-  @Inject
-  private GroupCache groupCache;
-
   @Inject
   private AllProjectsNameProvider allProjects;
 
@@ -164,8 +160,8 @@ public class DeleteBranchIT extends AbstractDaemonTest {
     ProjectConfig config = ProjectConfig.read(md);
     AccessSection s = config.getAccessSection("refs/heads/*", true);
     Permission p = s.getPermission(Permission.PUSH, true);
-    AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Anonymous Users"));
+    PermissionRule rule = new PermissionRule(config.resolve(
-    PermissionRule rule = new PermissionRule(config.resolve(adminGroup));
+        SystemGroupBackend.getGroup(SystemGroupBackend.ANONYMOUS_USERS)));
     rule.setForce(true);
     rule.setBlock();
     p.add(rule);
@@ -179,8 +175,8 @@ public class DeleteBranchIT extends AbstractDaemonTest {
     ProjectConfig config = ProjectConfig.read(md);
     AccessSection s = config.getAccessSection("refs/*", true);
     Permission p = s.getPermission(Permission.OWNER, true);
-    AccountGroup adminGroup = groupCache.get(new AccountGroup.NameKey("Registered Users"));
+    PermissionRule rule = new PermissionRule(config.resolve(
-    PermissionRule rule = new PermissionRule(config.resolve(adminGroup));
+        SystemGroupBackend.getGroup(SystemGroupBackend.REGISTERED_USERS)));
     p.add(rule);
     config.commit(md);
     projectCache.evict(config.getProject());

gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/ListBranchesIT.java

@@ -31,12 +31,11 @@ import com.google.gerrit.acceptance.git.PushOneCommit;
 import com.google.gerrit.common.data.AccessSection;
 import com.google.gerrit.common.data.Permission;
 import com.google.gerrit.common.data.PermissionRule;
-import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.reviewdb.server.ReviewDb;
-import com.google.gerrit.server.account.GroupCache;
 import com.google.gerrit.server.git.MetaDataUpdate;
 import com.google.gerrit.server.git.ProjectConfig;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.gson.Gson;
 import com.google.gson.reflect.TypeToken;
@@ -70,9 +69,6 @@ public class ListBranchesIT extends AbstractDaemonTest {
   @Inject
   private ProjectCache projectCache;
 
-  @Inject
-  private GroupCache groupCache;
-
   @Inject
   private SchemaFactory<ReviewDb> reviewDbProvider;
 
@@ -212,8 +208,8 @@ public class ListBranchesIT extends AbstractDaemonTest {
     ProjectConfig config = ProjectConfig.read(md);
     AccessSection s = config.getAccessSection(ref, true);
     Permission p = s.getPermission(Permission.READ, true);
-    AccountGroup adminGroup = groupCache.get(AccountGroup.REGISTERED_USERS);
+    PermissionRule rule = new PermissionRule(config.resolve(
-    PermissionRule rule = new PermissionRule(config.resolve(adminGroup));
+        SystemGroupBackend.getGroup(SystemGroupBackend.REGISTERED_USERS)));
     rule.setBlock();
     p.add(rule);
     config.commit(md);

gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java

@@ -803,8 +803,7 @@ public class Dispatcher {
               // for external and system groups the members cannot be
               // shown in the web UI).
               //
-              if (AccountGroup.isInternalGroup(group.getGroupUUID())
+              if (AccountGroup.isInternalGroup(group.getGroupUUID())) {
-                  && !AccountGroup.isSystemGroup(group.getGroupUUID())) {
                 Gerrit.display(toGroup(group.getGroupId(), AccountGroupScreen.MEMBERS),
                     new AccountGroupMembersScreen(group, token));
               } else {

gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupInfoScreen.java

@@ -214,8 +214,7 @@ public class AccountGroupInfoScreen extends AccountGroupScreen {
     ownerTxt.setText(group.owner() != null?group.owner():Util.M.deletedReference(group.getOwnerUUID().get()));
     descTxt.setText(group.description());
     visibleToAllCheckBox.setValue(group.options().isVisibleToAll());
-    setMembersTabVisible(AccountGroup.isInternalGroup(group.getGroupUUID())
+    setMembersTabVisible(AccountGroup.isInternalGroup(group.getGroupUUID()));
-        && !AccountGroup.isSystemGroup(group.getGroupUUID()));
 
     enableForm(canModify);
     saveName.setVisible(canModify);

gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupMembersScreen.java

@@ -149,8 +149,7 @@ public class AccountGroupMembersScreen extends AccountGroupScreen {
 
   @Override
   protected void display(final GroupInfo group, final boolean canModify) {
-    if (AccountGroup.isInternalGroup(group.getGroupUUID())
+    if (AccountGroup.isInternalGroup(group.getGroupUUID())) {
-        && !AccountGroup.isSystemGroup(group.getGroupUUID())) {
       members.display(Natives.asList(group.members()));
       includes.display(Natives.asList(group.includes()));
     } else {

gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AccountGroupScreen.java

@@ -37,8 +37,7 @@ public abstract class AccountGroupScreen extends MenuScreen {
 
     link(Util.C.groupTabGeneral(), getTabToken(token, INFO));
     link(Util.C.groupTabMembers(), membersTabToken,
-        AccountGroup.isInternalGroup(group.getGroupUUID())
+        AccountGroup.isInternalGroup(group.getGroupUUID()));
-        && !AccountGroup.isSystemGroup(group.getGroupUUID()));
   }
 
   private String getTabToken(final String token, final String tab) {

gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ReviewProjectAccess.java

@@ -19,7 +19,6 @@ import com.google.gerrit.common.Nullable;
 import com.google.gerrit.common.data.AccessSection;
 import com.google.gerrit.common.data.GlobalCapability;
 import com.google.gerrit.common.data.PermissionRule;
-import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Branch;
 import com.google.gerrit.reviewdb.client.Change;
 import com.google.gerrit.reviewdb.client.PatchSet;
@@ -37,6 +36,7 @@ import com.google.gerrit.server.config.AllProjectsNameProvider;
 import com.google.gerrit.server.git.GitRepositoryManager;
 import com.google.gerrit.server.git.MetaDataUpdate;
 import com.google.gerrit.server.git.ProjectConfig;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.index.ChangeIndexer;
 import com.google.gerrit.server.mail.CreateChangeSender;
 import com.google.gerrit.server.patch.PatchSetInfoFactory;
@@ -187,7 +187,7 @@ public class ReviewProjectAccess extends ProjectAccessHandler<Change.Id> {
 
   private void addProjectOwnersAsReviewers(Change change) {
     final String projectOwners =
-        groupBackend.get(AccountGroup.PROJECT_OWNERS).getName();
+        groupBackend.get(SystemGroupBackend.PROJECT_OWNERS).getName();
     try {
       ChangeResource rsrc =
           new ChangeResource(changeFactory.controlFor(change, user));

gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountGroup.java

@@ -81,13 +81,7 @@ public final class AccountGroup {
 
   /** @return true if the UUID is for a group managed within Gerrit. */
   public static boolean isInternalGroup(AccountGroup.UUID uuid) {
-    return uuid.get().startsWith("global:")
+    return uuid.get().matches("^[0-9a-f]{40}$");
-        || uuid.get().matches("^[0-9a-f]{40}$");
-  }
-
-  /** @return true if the UUID is for a system group managed within Gerrit. */
-  public static boolean isSystemGroup(AccountGroup.UUID uuid) {
-    return uuid.get().startsWith("global:");
   }
 
   /** Synthetic key to link to within the database */
@@ -122,45 +116,6 @@ public final class AccountGroup {
     }
   }
 
-  public static enum Type {
-    /**
-     * System defined and managed group, e.g. anonymous users.
-     * <p>
-     * These groups must be explicitly named by {@link SystemConfig} and are
-     * specially handled throughout the code. In UI contexts their membership is
-     * not displayed. When computing effective group membership for any given
-     * user account, these groups are automatically handled using specialized
-     * branch conditions.
-     */
-    SYSTEM,
-
-    /**
-     * Group defined within our database.
-     * <p>
-     * An internal group has its membership fully enumerated in the database.
-     * The membership can be viewed and edited through the web UI by any user
-     * who is a member of the owner group. These groups are not treated special
-     * in the code.
-     */
-    INTERNAL
-  }
-
-  /** Common UUID assigned to the "Project Owners" placeholder group. */
-  public static final AccountGroup.UUID PROJECT_OWNERS =
-      new AccountGroup.UUID("global:Project-Owners");
-
-  /** Common UUID assigned to the "Change Owner" placeholder group. */
-  public static final AccountGroup.UUID CHANGE_OWNER =
-      new AccountGroup.UUID("global:Change-Owner");
-
-  /** Common UUID assigned to the "Anonymous Users" group. */
-  public static final AccountGroup.UUID ANONYMOUS_USERS =
-      new AccountGroup.UUID("global:Anonymous-Users");
-
-  /** Common UUID assigned to the "Registered Users" group. */
-  public static final AccountGroup.UUID REGISTERED_USERS =
-      new AccountGroup.UUID("global:Registered-Users");
-
   /** Unique name of this group within the system. */
   @Column(id = 1)
   protected NameKey name;
@@ -173,10 +128,6 @@ public final class AccountGroup {
   @Column(id = 4, length = Integer.MAX_VALUE, notNull = false)
   protected String description;
 
-  /** Is the membership managed by some external means? */
-  @Column(id = 5, length = 8)
-  protected String groupType;
-
   @Column(id = 7)
   protected boolean visibleToAll;
 
@@ -202,7 +153,6 @@ public final class AccountGroup {
     visibleToAll = false;
     groupUUID = uuid;
     ownerGroupUUID = groupUUID;
-    setType(Type.INTERNAL);
   }
 
   public AccountGroup.Id getId() {
@@ -237,14 +187,6 @@ public final class AccountGroup {
     ownerGroupUUID = uuid;
   }
 
-  public Type getType() {
-    return Type.valueOf(groupType);
-  }
-
-  public void setType(final Type t) {
-    groupType = t.name();
-  }
-
   public void setVisibleToAll(final boolean visibleToAll) {
     this.visibleToAll = visibleToAll;
   }

gerrit-server/src/main/java/com/google/gerrit/server/AnonymousUser.java

@@ -14,12 +14,12 @@
 
 package com.google.gerrit.server;
 
-import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.AccountProjectWatch;
 import com.google.gerrit.reviewdb.client.Change;
 import com.google.gerrit.server.account.CapabilityControl;
 import com.google.gerrit.server.account.GroupMembership;
 import com.google.gerrit.server.account.ListGroupMembership;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.inject.Inject;
 
 import java.util.Collection;
@@ -35,7 +35,7 @@ public class AnonymousUser extends CurrentUser {
 
   @Override
   public GroupMembership getEffectiveGroups() {
-    return new ListGroupMembership(Collections.singleton(AccountGroup.ANONYMOUS_USERS));
+    return new ListGroupMembership(Collections.singleton(SystemGroupBackend.ANONYMOUS_USERS));
   }
 
   @Override

gerrit-server/src/main/java/com/google/gerrit/server/IdentifiedUser.java

@@ -20,7 +20,6 @@ import com.google.gerrit.common.Nullable;
 import com.google.gerrit.common.data.AccountInfo;
 import com.google.gerrit.reviewdb.client.Account;
 import com.google.gerrit.reviewdb.client.AccountDiffPreference;
-import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.AccountProjectWatch;
 import com.google.gerrit.reviewdb.client.Change;
 import com.google.gerrit.reviewdb.client.StarredChange;
@@ -35,6 +34,7 @@ import com.google.gerrit.server.account.Realm;
 import com.google.gerrit.server.config.AnonymousCowardName;
 import com.google.gerrit.server.config.AuthConfig;
 import com.google.gerrit.server.config.CanonicalWebUrl;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gwtorm.server.OrmException;
 import com.google.gwtorm.server.ResultSet;
 import com.google.inject.Inject;
@@ -174,8 +174,8 @@ public class IdentifiedUser extends CurrentUser {
 
   private static final GroupMembership registeredGroups =
       new ListGroupMembership(ImmutableSet.of(
-          AccountGroup.ANONYMOUS_USERS,
+          SystemGroupBackend.ANONYMOUS_USERS,
-          AccountGroup.REGISTERED_USERS));
+          SystemGroupBackend.REGISTERED_USERS));
 
   private final Provider<String> canonicalUrl;
   private final AccountCache accountCache;

gerrit-server/src/main/java/com/google/gerrit/server/account/AccountCacheImpl.java

@@ -118,7 +118,7 @@ public class AccountCacheImpl implements AccountCache {
   private static AccountState missing(Account.Id accountId) {
     Account account = new Account(accountId, TimeUtil.nowTs());
     Collection<AccountExternalId> ids = Collections.emptySet();
-    Set<AccountGroup.UUID> anon = ImmutableSet.of(AccountGroup.ANONYMOUS_USERS);
+    Set<AccountGroup.UUID> anon = ImmutableSet.of();
     return new AccountState(account, anon, ids);
   }
 
@@ -167,13 +167,10 @@ public class AccountCacheImpl implements AccountCache {
       for (AccountGroupMember g : db.accountGroupMembers().byAccount(who)) {
         final AccountGroup.Id groupId = g.getAccountGroupId();
         final AccountGroup group = groupCache.get(groupId);
-        if (group != null && group.getType() == AccountGroup.Type.INTERNAL) {
+        if (group != null) {
           internalGroups.add(group.getGroupUUID());
         }
       }
-
-      internalGroups.add(AccountGroup.REGISTERED_USERS);
-      internalGroups.add(AccountGroup.ANONYMOUS_USERS);
       internalGroups = Collections.unmodifiableSet(internalGroups);
 
       return new AccountState(account, internalGroups, externalIds);

gerrit-server/src/main/java/com/google/gerrit/server/account/AccountControl.java

@@ -14,6 +14,8 @@
 
 package com.google.gerrit.server.account;
 
+import com.google.common.base.Predicate;
+import com.google.common.collect.Sets;
 import com.google.gerrit.common.data.PermissionRule;
 import com.google.gerrit.common.errors.NoSuchGroupException;
 import com.google.gerrit.reviewdb.client.Account;
@@ -21,10 +23,12 @@ import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.git.AccountsSection;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 
+import java.util.HashSet;
 import java.util.Set;
 
 /** Access control management for one account's access to other accounts. */
@@ -106,8 +110,6 @@ public class AccountControl {
         return true;
       case SAME_GROUP: {
         Set<AccountGroup.UUID> usersGroups = groupsOf(otherUser);
-        usersGroups.remove(AccountGroup.ANONYMOUS_USERS);
-        usersGroups.remove(AccountGroup.REGISTERED_USERS);
         for (PermissionRule rule : accountsSection.getSameGroupVisibility()) {
           if (rule.isBlock() || rule.isDeny()) {
             usersGroups.remove(rule.getGroup().getUUID());
@@ -121,8 +123,6 @@ public class AccountControl {
       }
       case VISIBLE_GROUP: {
         Set<AccountGroup.UUID> usersGroups = groupsOf(otherUser);
-        usersGroups.remove(AccountGroup.ANONYMOUS_USERS);
-        usersGroups.remove(AccountGroup.REGISTERED_USERS);
         for (AccountGroup.UUID usersGroup : usersGroups) {
           try {
             if (groupControlFactory.controlFor(usersGroup).isVisible()) {
@@ -143,6 +143,13 @@ public class AccountControl {
   }
 
   private Set<AccountGroup.UUID> groupsOf(Account.Id account) {
-    return userFactory.create(account).getEffectiveGroups().getKnownGroups();
+    return new HashSet<>(Sets.filter(
+      userFactory.create(account).getEffectiveGroups().getKnownGroups(),
+      new Predicate<AccountGroup.UUID>() {
+        @Override
+        public boolean apply(AccountGroup.UUID in) {
+          return !SystemGroupBackend.isSystemGroup(in);
+        }
+      }));
   }
 }

gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityCollection.java

@@ -20,7 +20,7 @@ import com.google.gerrit.common.data.GroupReference;
 import com.google.gerrit.common.data.Permission;
 import com.google.gerrit.common.data.PermissionRange;
 import com.google.gerrit.common.data.PermissionRule;
-import com.google.gerrit.reviewdb.client.AccountGroup;
+import com.google.gerrit.server.group.SystemGroupBackend;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -86,9 +86,8 @@ public class CapabilityCollection {
     return r != null ? r : Collections.<PermissionRule> emptyList();
   }
 
-  private static final GroupReference anonymous = new GroupReference(
+  private static final GroupReference anonymous = SystemGroupBackend
-      AccountGroup.ANONYMOUS_USERS,
+      .getGroup(SystemGroupBackend.ANONYMOUS_USERS);
-      "Anonymous Users");
 
   private static void configureDefaults(Map<String, List<PermissionRule>> out,
       AccessSection section) {

gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java

@@ -19,7 +19,6 @@ import com.google.common.base.Predicate;
 import com.google.common.base.Predicates;
 import com.google.common.collect.Iterables;
 import com.google.gerrit.common.data.GlobalCapability;
-import com.google.gerrit.common.data.GroupReference;
 import com.google.gerrit.common.data.PermissionRange;
 import com.google.gerrit.common.data.PermissionRule;
 import com.google.gerrit.common.data.PermissionRule.Action;
@@ -27,6 +26,7 @@ import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.PeerDaemonUser;
 import com.google.gerrit.server.git.QueueProvider;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.ProjectCache;
 import com.google.inject.Inject;
 import com.google.inject.assistedinject.Assisted;
@@ -177,7 +177,7 @@ public class CapabilityControl {
       if (match(groups, r)) {
         switch (r.getAction()) {
           case INTERACTIVE:
-            if (!isGenericGroup(r.getGroup())) {
+            if (!SystemGroupBackend.isAnonymousOrRegistered(r.getGroup())) {
               return QueueProvider.QueueType.INTERACTIVE;
             }
             break;
@@ -202,11 +202,6 @@ public class CapabilityControl {
     }
   }
 
-  private static boolean isGenericGroup(GroupReference group) {
-    return AccountGroup.ANONYMOUS_USERS.equals(group.getUUID())
-        || AccountGroup.REGISTERED_USERS.equals(group.getUUID());
-  }
-
   /** True if the user has this permission. Works only for non labels. */
   public boolean canPerform(String permissionName) {
     return !access(permissionName).isEmpty();

gerrit-server/src/main/java/com/google/gerrit/server/account/GroupCacheImpl.java

@@ -172,9 +172,7 @@ public class GroupCacheImpl implements GroupCache {
 
   private static AccountGroup missing(AccountGroup.Id key) {
     AccountGroup.NameKey name = new AccountGroup.NameKey("Deleted Group" + key);
-    AccountGroup g = new AccountGroup(name, key, null);
+    return new AccountGroup(name, key, null);
-    g.setType(AccountGroup.Type.SYSTEM);
-    return g;
   }
 
   static class ByIdLoader extends

gerrit-server/src/main/java/com/google/gerrit/server/account/GroupDetailFactory.java

@@ -75,14 +75,8 @@ public class GroupDetailFactory implements Callable<GroupDetail> {
     if (ownerGroup != null) {
       detail.setOwnerGroup(GroupReference.forGroup(ownerGroup));
     }
-    switch (group.getType()) {
+    detail.setMembers(loadMembers());
-      case INTERNAL:
+    detail.setIncludes(loadIncludes());
-        detail.setMembers(loadMembers());
-        detail.setIncludes(loadIncludes());
-        break;
-      case SYSTEM:
-        break;
-    }
     detail.setAccounts(aic.create());
     detail.setCanModify(control.isOwner());
     return detail;

gerrit-server/src/main/java/com/google/gerrit/server/account/GroupMembers.java

@@ -22,6 +22,7 @@ import com.google.gerrit.reviewdb.client.AccountGroupById;
 import com.google.gerrit.reviewdb.client.AccountGroupMember;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.NoSuchProjectException;
 import com.google.gerrit.server.project.ProjectControl;
 import com.google.gwtorm.server.OrmException;
@@ -66,7 +67,7 @@ public class GroupMembers {
   private Set<Account> listAccounts(final AccountGroup.UUID groupUUID,
       final Project.NameKey project, final Set<AccountGroup.UUID> seen)
       throws NoSuchGroupException, OrmException, NoSuchProjectException, IOException {
-    if (AccountGroup.PROJECT_OWNERS.equals(groupUUID)) {
+    if (SystemGroupBackend.PROJECT_OWNERS.equals(groupUUID)) {
       return getProjectOwners(project, seen);
     } else {
       AccountGroup group = groupCache.get(groupUUID);
@@ -81,7 +82,7 @@ public class GroupMembers {
   private Set<Account> getProjectOwners(final Project.NameKey project,
       final Set<AccountGroup.UUID> seen) throws NoSuchProjectException,
       NoSuchGroupException, OrmException, IOException {
-    seen.add(AccountGroup.PROJECT_OWNERS);
+    seen.add(SystemGroupBackend.PROJECT_OWNERS);
     if (project == null) {
       return Collections.emptySet();
     }

gerrit-server/src/main/java/com/google/gerrit/server/change/PostReviewers.java

@@ -48,6 +48,7 @@ import com.google.gerrit.server.change.ReviewerJson.PostResult;
 import com.google.gerrit.server.change.ReviewerJson.ReviewerInfo;
 import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gerrit.server.group.GroupsCollection;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.index.ChangeIndexer;
 import com.google.gerrit.server.mail.AddReviewerSender;
 import com.google.gerrit.server.project.ChangeControl;
@@ -305,8 +306,7 @@ public class PostReviewers implements RestModifyView<ChangeResource, Input> {
   }
 
   public static boolean isLegalReviewerGroup(AccountGroup.UUID groupUUID) {
-    return !(AccountGroup.ANONYMOUS_USERS.equals(groupUUID)
+    return !SystemGroupBackend.isSystemGroup(groupUUID);
-             || AccountGroup.REGISTERED_USERS.equals(groupUUID));
   }
 
   private PatchSetApproval dummyApproval(ChangeControl ctl,

gerrit-server/src/main/java/com/google/gerrit/server/config/GerritGlobalModule.java

@@ -87,6 +87,7 @@ import com.google.gerrit.server.git.validators.CommitValidators;
 import com.google.gerrit.server.git.validators.MergeValidationListener;
 import com.google.gerrit.server.git.validators.MergeValidators;
 import com.google.gerrit.server.git.validators.MergeValidators.ProjectConfigValidator;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.mail.AddReviewerSender;
 import com.google.gerrit.server.mail.CommitMessageEditedSender;
 import com.google.gerrit.server.mail.CreateChangeSender;
@@ -203,6 +204,7 @@ public class GerritGlobalModule extends FactoryModule {
     DynamicSet.setOf(binder(), GroupBackend.class);
 
     bind(InternalGroupBackend.class).in(SINGLETON);
+    DynamicSet.bind(binder(), GroupBackend.class).to(SystemGroupBackend.class);
     DynamicSet.bind(binder(), GroupBackend.class).to(InternalGroupBackend.class);
 
     bind(FileTypeRegistry.class).to(MimeUtilFileTypeRegistry.class);

gerrit-server/src/main/java/com/google/gerrit/server/config/GitReceivePackGroupsProvider.java

@@ -14,8 +14,8 @@
 
 package com.google.gerrit.server.config;
 
-import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.server.account.GroupBackend;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.util.ServerRequestContext;
 import com.google.gerrit.server.util.ThreadLocalRequestContext;
 import com.google.inject.Inject;
@@ -35,7 +35,7 @@ public class GitReceivePackGroupsProvider extends GroupSetProvider {
     // If no group was set, default to "registered users"
     //
     if (groupIds.isEmpty()) {
-      groupIds = Collections.singleton(AccountGroup.REGISTERED_USERS);
+      groupIds = Collections.singleton(SystemGroupBackend.REGISTERED_USERS);
     }
   }
 }

gerrit-server/src/main/java/com/google/gerrit/server/config/GitUploadPackGroupsProvider.java

@@ -14,17 +14,15 @@
 
 package com.google.gerrit.server.config;
 
-import com.google.gerrit.reviewdb.client.AccountGroup;
+import com.google.common.collect.ImmutableSet;
 import com.google.gerrit.server.account.GroupBackend;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.util.ServerRequestContext;
 import com.google.gerrit.server.util.ThreadLocalRequestContext;
 import com.google.inject.Inject;
 
 import org.eclipse.jgit.lib.Config;
 
-import java.util.Collections;
-import java.util.HashSet;
-
 public class GitUploadPackGroupsProvider extends GroupSetProvider {
   @Inject
   public GitUploadPackGroupsProvider(GroupBackend gb,
@@ -36,10 +34,9 @@ public class GitUploadPackGroupsProvider extends GroupSetProvider {
     // If no group was set, default to "registered users" and "anonymous"
     //
     if (groupIds.isEmpty()) {
-      HashSet<AccountGroup.UUID> all = new HashSet<AccountGroup.UUID>();
+      groupIds = ImmutableSet.of(
-      all.add(AccountGroup.REGISTERED_USERS);
+          SystemGroupBackend.REGISTERED_USERS,
-      all.add(AccountGroup.ANONYMOUS_USERS);
+          SystemGroupBackend.ANONYMOUS_USERS);
-      groupIds = Collections.unmodifiableSet(all);
     }
   }
 }

gerrit-server/src/main/java/com/google/gerrit/server/group/ListGroups.java

@@ -72,9 +72,6 @@ public class ListGroups implements RestReadView<TopLevelResource> {
   @Option(name = "--visible-to-all", usage = "to list only groups that are visible to all registered users")
   private boolean visibleToAll;
 
-  @Option(name = "--type", usage = "type of group")
-  private AccountGroup.Type groupType;
-
   @Option(name = "--user", aliases = {"-u"},
       usage = "user for which the groups should be listed")
   private Account.Id user;
@@ -214,8 +211,7 @@ public class ListGroups implements RestReadView<TopLevelResource> {
           continue;
         }
       }
-      if ((visibleToAll && !group.isVisibleToAll())
+      if (visibleToAll && !group.isVisibleToAll()) {
-          || (groupType != null && !groupType.equals(group.getType()))) {
         continue;
       }
       if (!groupsToInspect.isEmpty()

gerrit-server/src/main/java/com/google/gerrit/server/group/SystemGroupBackend.java

@@ -0,0 +1,155 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.server.group;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.gerrit.common.data.GroupDescription;
+import com.google.gerrit.common.data.GroupReference;
+import com.google.gerrit.reviewdb.client.AccountGroup;
+import com.google.gerrit.server.IdentifiedUser;
+import com.google.gerrit.server.account.GroupBackend;
+import com.google.gerrit.server.account.GroupMembership;
+import com.google.gerrit.server.account.ListGroupMembership;
+import com.google.gerrit.server.project.ProjectControl;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.SortedMap;
+import java.util.TreeMap;
+
+public class SystemGroupBackend implements GroupBackend {
+  /** Common UUID assigned to the "Anonymous Users" group. */
+  public static final AccountGroup.UUID ANONYMOUS_USERS =
+      new AccountGroup.UUID("global:Anonymous-Users");
+
+  /** Common UUID assigned to the "Registered Users" group. */
+  public static final AccountGroup.UUID REGISTERED_USERS =
+      new AccountGroup.UUID("global:Registered-Users");
+
+  /** Common UUID assigned to the "Project Owners" placeholder group. */
+  public static final AccountGroup.UUID PROJECT_OWNERS =
+      new AccountGroup.UUID("global:Project-Owners");
+
+  /** Common UUID assigned to the "Change Owner" placeholder group. */
+  public static final AccountGroup.UUID CHANGE_OWNER =
+      new AccountGroup.UUID("global:Change-Owner");
+
+  private static final SortedMap<String, GroupReference> names;
+  private static final ImmutableMap<AccountGroup.UUID, GroupReference> uuids;
+
+  static {
+    SortedMap<String, GroupReference> n = new TreeMap<>();
+    ImmutableMap.Builder<AccountGroup.UUID, GroupReference> u =
+        ImmutableMap.builder();
+    AccountGroup.UUID[] all = {
+        ANONYMOUS_USERS,
+        REGISTERED_USERS,
+        PROJECT_OWNERS,
+        CHANGE_OWNER,
+    };
+    for (AccountGroup.UUID uuid : all) {
+      int c = uuid.get().indexOf(':');
+      String name = uuid.get().substring(c + 1).replace('-', ' ');
+      GroupReference ref = new GroupReference(uuid, name);
+      n.put(ref.getName().toLowerCase(Locale.US), ref);
+      u.put(ref.getUUID(), ref);
+    }
+    names = Collections.unmodifiableSortedMap(n);
+    uuids = u.build();
+  }
+
+  public static boolean isSystemGroup(AccountGroup.UUID uuid) {
+    return uuid.get().startsWith("global:");
+  }
+
+  public static boolean isAnonymousOrRegistered(GroupReference ref) {
+    return isAnonymousOrRegistered(ref.getUUID());
+  }
+
+  public static boolean isAnonymousOrRegistered(AccountGroup.UUID uuid) {
+    return ANONYMOUS_USERS.equals(uuid) || REGISTERED_USERS.equals(uuid);
+  }
+
+  public static GroupReference getGroup(AccountGroup.UUID uuid) {
+    return checkNotNull(uuids.get(uuid), "group %s not found", uuid.get());
+  }
+
+  @Override
+  public boolean handles(AccountGroup.UUID uuid) {
+    return isSystemGroup(uuid);
+  }
+
+  @Override
+  public GroupDescription.Basic get(AccountGroup.UUID uuid) {
+    final GroupReference ref = getGroup(uuid);
+    if (ref != null) {
+      return new GroupDescription.Basic() {
+        @Override
+        public String getName() {
+          return ref.getName();
+        }
+
+        @Override
+        public AccountGroup.UUID getGroupUUID() {
+          return ref.getUUID();
+        }
+
+        @Override
+        public String getUrl() {
+          return null;
+        }
+
+        @Override
+        public String getEmailAddress() {
+          return null;
+        }
+      };
+    }
+    return null;
+  }
+
+  @Override
+  public Collection<GroupReference> suggest(String name, ProjectControl project) {
+    String nameLC = name.toLowerCase(Locale.US);
+    SortedMap<String, GroupReference> matches = names.tailMap(nameLC);
+    if (matches.isEmpty()) {
+      return Collections.emptyList();
+    }
+
+    List<GroupReference> r = new ArrayList<>(matches.size());
+    for (Map.Entry<String, GroupReference> e : matches.entrySet()) {
+      if (e.getKey().startsWith(nameLC)) {
+        r.add(e.getValue());
+      } else {
+        break;
+      }
+    }
+    return r;
+  }
+
+  @Override
+  public GroupMembership membershipsOf(IdentifiedUser user) {
+    return new ListGroupMembership(ImmutableSet.of(
+        ANONYMOUS_USERS,
+        REGISTERED_USERS));
+  }
+}

gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java

@@ -37,6 +37,7 @@ import com.google.gerrit.server.config.CanonicalWebUrl;
 import com.google.gerrit.server.config.GitReceivePackGroups;
 import com.google.gerrit.server.config.GitUploadPackGroups;
 import com.google.gerrit.server.git.GitRepositoryManager;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.assistedinject.Assisted;
@@ -471,9 +472,9 @@ public class ProjectControl {
   }
 
   boolean match(AccountGroup.UUID uuid, boolean isChangeOwner) {
-    if (AccountGroup.PROJECT_OWNERS.equals(uuid)) {
+    if (SystemGroupBackend.PROJECT_OWNERS.equals(uuid)) {
       return isDeclaredOwner();
-    } else if (AccountGroup.CHANGE_OWNER.equals(uuid)) {
+    } else if (SystemGroupBackend.CHANGE_OWNER.equals(uuid)) {
       return isChangeOwner;
     } else {
       return user.getEffectiveGroups().contains(uuid);

gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java

@@ -22,12 +22,12 @@ import com.google.gerrit.common.data.PermissionRange;
 import com.google.gerrit.common.data.PermissionRule;
 import com.google.gerrit.common.data.RefConfigSection;
 import com.google.gerrit.common.errors.InvalidNameException;
-import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.InternalUser;
 import com.google.gerrit.server.git.GitRepositoryManager;
+import com.google.gerrit.server.group.SystemGroupBackend;
 
 import dk.brics.automaton.RegExp;
 
@@ -125,8 +125,7 @@ public class RefControl {
     for (PermissionRule rule : access) {
       if (rule.isBlock()) {
         blocks.add(relevant.getRuleProps(rule));
-      } else if (rule.getGroup().getUUID().equals(AccountGroup.ANONYMOUS_USERS)
+      } else if (SystemGroupBackend.isAnonymousOrRegistered(rule.getGroup())) {
-          || rule.getGroup().getUUID().equals(AccountGroup.REGISTERED_USERS)) {
         allows.add(relevant.getRuleProps(rule));
       }
     }

gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java

@@ -24,7 +24,6 @@ import com.google.gerrit.common.data.LabelValue;
 import com.google.gerrit.common.data.Permission;
 import com.google.gerrit.common.data.PermissionRule;
 import com.google.gerrit.common.data.PermissionRule.Action;
-import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.reviewdb.client.Project.InheritableBoolean;
 import com.google.gerrit.server.GerritPersonIdent;
@@ -33,6 +32,10 @@ import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
 import com.google.gerrit.server.git.GitRepositoryManager;
 import com.google.gerrit.server.git.MetaDataUpdate;
 import com.google.gerrit.server.git.ProjectConfig;
+import com.google.gerrit.server.group.SystemGroupBackend;
+
+import static com.google.gerrit.server.group.SystemGroupBackend.*;
+
 import com.google.inject.Inject;
 
 import org.eclipse.jgit.errors.ConfigInvalidException;
@@ -65,15 +68,9 @@ public class AllProjectsCreator {
     this.allProjectsName = allProjectsName;
     this.serverUser = serverUser;
 
-    this.anonymous = new GroupReference(
+    this.anonymous = SystemGroupBackend.getGroup(ANONYMOUS_USERS);
-        AccountGroup.ANONYMOUS_USERS,
+    this.registered = SystemGroupBackend.getGroup(REGISTERED_USERS);
-        "Anonymous Users");
+    this.owners = SystemGroupBackend.getGroup(PROJECT_OWNERS);
-    this.registered = new GroupReference(
-        AccountGroup.REGISTERED_USERS,
-        "Registered Users");
-    this.owners = new GroupReference(
-        AccountGroup.PROJECT_OWNERS,
-        "Project Owners");
   }
 
   public AllProjectsCreator setAdministrators(GroupReference admin) {

gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaCreator.java

@@ -48,11 +48,7 @@ public class SchemaCreator {
   private final int versionNbr;
 
   private AccountGroup admin;
-  private AccountGroup anonymous;
-  private AccountGroup registered;
-  private AccountGroup owners;
   private AccountGroup batch;
-  private AccountGroup changeOwner;
 
   @Inject
   public SchemaCreator(SitePaths site,
@@ -111,53 +107,17 @@ public class SchemaCreator {
   private SystemConfig initSystemConfig(final ReviewDb c) throws OrmException {
     admin = newGroup(c, "Administrators", null);
     admin.setDescription("Gerrit Site Administrators");
-    admin.setType(AccountGroup.Type.INTERNAL);
     c.accountGroups().insert(Collections.singleton(admin));
     c.accountGroupNames().insert(
         Collections.singleton(new AccountGroupName(admin)));
 
-    anonymous =
-        newGroup(c, "Anonymous Users", AccountGroup.ANONYMOUS_USERS);
-    anonymous.setDescription("Any user, signed-in or not");
-    anonymous.setOwnerGroupUUID(admin.getGroupUUID());
-    anonymous.setType(AccountGroup.Type.SYSTEM);
-    c.accountGroups().insert(Collections.singleton(anonymous));
-    c.accountGroupNames().insert(
-        Collections.singleton(new AccountGroupName(anonymous)));
-
-    registered =
-        newGroup(c, "Registered Users", AccountGroup.REGISTERED_USERS);
-    registered.setDescription("Any signed-in user");
-    registered.setOwnerGroupUUID(admin.getGroupUUID());
-    registered.setType(AccountGroup.Type.SYSTEM);
-    c.accountGroups().insert(Collections.singleton(registered));
-    c.accountGroupNames().insert(
-        Collections.singleton(new AccountGroupName(registered)));
-
     batch = newGroup(c, "Non-Interactive Users", null);
     batch.setDescription("Users who perform batch actions on Gerrit");
     batch.setOwnerGroupUUID(admin.getGroupUUID());
-    batch.setType(AccountGroup.Type.INTERNAL);
     c.accountGroups().insert(Collections.singleton(batch));
     c.accountGroupNames().insert(
         Collections.singleton(new AccountGroupName(batch)));
 
-    owners = newGroup(c, "Project Owners", AccountGroup.PROJECT_OWNERS);
-    owners.setDescription("Any owner of the project");
-    owners.setOwnerGroupUUID(admin.getGroupUUID());
-    owners.setType(AccountGroup.Type.SYSTEM);
-    c.accountGroups().insert(Collections.singleton(owners));
-    c.accountGroupNames().insert(
-        Collections.singleton(new AccountGroupName(owners)));
-
-    changeOwner = newGroup(c, "Change Owner", AccountGroup.CHANGE_OWNER);
-    changeOwner.setDescription("The owner of a change");
-    changeOwner.setOwnerGroupUUID(admin.getGroupUUID());
-    changeOwner.setType(AccountGroup.Type.SYSTEM);
-    c.accountGroups().insert(Collections.singleton(changeOwner));
-    c.accountGroupNames().insert(
-        Collections.singleton(new AccountGroupName(changeOwner)));
-
     final SystemConfig s = SystemConfig.create();
     try {
       s.sitePath = site_path.getCanonicalPath();

gerrit-server/src/main/java/com/google/gerrit/server/schema/SchemaVersion.java

@@ -32,7 +32,7 @@ import java.util.List;
 /** A version of the database schema. */
 public abstract class SchemaVersion {
   /** The current schema version. */
-  public static final Class<Schema_86> C = Schema_86.class;
+  public static final Class<Schema_87> C = Schema_87.class;
 
   public static class Module extends AbstractModule {
     @Override

gerrit-server/src/main/java/com/google/gerrit/server/schema/Schema_53.java

@@ -43,6 +43,7 @@ import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
 import com.google.gerrit.server.git.GitRepositoryManager;
 import com.google.gerrit.server.git.MetaDataUpdate;
 import com.google.gerrit.server.git.ProjectConfig;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.schema.Schema_77.LegacyLabelTypes;
 import com.google.gwtorm.jdbc.JdbcSchema;
 import com.google.gwtorm.server.OrmException;
@@ -124,14 +125,14 @@ class Schema_53 extends SchemaVersion {
     List<AccountGroup> groups = db.accountGroups().all().toList();
     for (AccountGroup g : groups) {
       if (g.getId().equals(systemConfig.ownerGroupId)) {
-        g.setGroupUUID(AccountGroup.PROJECT_OWNERS);
+        g.setGroupUUID(SystemGroupBackend.PROJECT_OWNERS);
         projectOwners = GroupReference.forGroup(g);
 
       } else if (g.getId().equals(systemConfig.anonymousGroupId)) {
-        g.setGroupUUID(AccountGroup.ANONYMOUS_USERS);
+        g.setGroupUUID(SystemGroupBackend.ANONYMOUS_USERS);
 
       } else if (g.getId().equals(systemConfig.registeredGroupId)) {
-        g.setGroupUUID(AccountGroup.REGISTERED_USERS);
+        g.setGroupUUID(SystemGroupBackend.REGISTERED_USERS);
 
       } else {
         g.setGroupUUID(GroupUUID.make(g.getName(), serverUser));

gerrit-server/src/main/java/com/google/gerrit/server/schema/Schema_69.java

@@ -193,11 +193,8 @@ public class Schema_69 extends SchemaVersion {
 
     for (AccountGroup.UUID uuid : resolveToUpdate) {
       AccountGroup group = resolveGroups.get(uuid);
-      group.setType(AccountGroup.Type.INTERNAL);
-      toUpdate.add(group);
-
       ui.message(String.format(
-          "*** Group has no DN and is inuse. Updated to be INTERNAL: %s",
+          "*** Group has no DN and is in use: %s",
           group.getName()));
     }
 

gerrit-server/src/main/java/com/google/gerrit/server/schema/Schema_86.java

@@ -14,104 +14,12 @@
 
 package com.google.gerrit.server.schema;
 
-import com.google.gerrit.common.data.AccessSection;
-import com.google.gerrit.common.data.GlobalCapability;
-import com.google.gerrit.common.data.PermissionRule;
-import com.google.gerrit.common.data.PermissionRule.Action;
-import com.google.gerrit.reviewdb.client.AccountGroup;
-import com.google.gerrit.reviewdb.client.AccountGroupName;
-import com.google.gerrit.reviewdb.server.ReviewDb;
-import com.google.gerrit.server.GerritPersonIdent;
-import com.google.gerrit.server.config.AllProjectsName;
-import com.google.gerrit.server.extensions.events.GitReferenceUpdated;
-import com.google.gerrit.server.git.GitRepositoryManager;
-import com.google.gerrit.server.git.MetaDataUpdate;
-import com.google.gerrit.server.git.ProjectConfig;
-import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 
-import org.eclipse.jgit.errors.ConfigInvalidException;
-import org.eclipse.jgit.lib.PersonIdent;
-import org.eclipse.jgit.lib.Repository;
-
-import java.io.IOException;
-import java.util.Collections;
-import java.util.List;
-
 public class Schema_86 extends SchemaVersion {
-  private final AllProjectsName allProjects;
-  private final GitRepositoryManager mgr;
-  private final PersonIdent serverUser;
-
   @Inject
-  Schema_86(Provider<Schema_85> prior,
+  Schema_86(Provider<Schema_85> prior) {
-      AllProjectsName allProjects,
-      GitRepositoryManager mgr,
-      @GerritPersonIdent PersonIdent serverUser) {
     super(prior);
-    this.allProjects = allProjects;
-    this.mgr = mgr;
-    this.serverUser = serverUser;
-  }
-
-  @Override
-  protected void migrateData(ReviewDb db, UpdateUI ui) throws OrmException {
-    Repository git;
-    try {
-      git = mgr.openRepository(allProjects);
-    } catch (IOException e) {
-      throw new OrmException(e);
-    }
-
-    try {
-      MetaDataUpdate md =
-          new MetaDataUpdate(GitReferenceUpdated.DISABLED, allProjects, git);
-      ProjectConfig config = ProjectConfig.read(md);
-
-      // Create the CHANGE OWNER group.
-      AccountGroup.UUID adminGroupUUID = findAdminGroup(db, config);
-      createGroup(db, "Change Owner", adminGroupUUID,
-            "The owner of a change");
-    } catch (IOException e) {
-      throw new OrmException(e);
-    } catch (ConfigInvalidException e) {
-      throw new OrmException(e);
-    } finally {
-      git.close();
-    }
-  }
-
-  private AccountGroup createGroup(ReviewDb db, String groupName,
-      AccountGroup.UUID adminGroupUUID, String description) throws OrmException {
-    AccountGroup.Id groupId = new AccountGroup.Id(db.nextAccountGroupId());
-    AccountGroup.NameKey nameKey = new AccountGroup.NameKey(groupName);
-    AccountGroup group =
-        new AccountGroup(nameKey, groupId, AccountGroup.CHANGE_OWNER);
-    group.setOwnerGroupUUID(adminGroupUUID);
-    group.setDescription(description);
-    group.setType(AccountGroup.Type.SYSTEM);
-
-    AccountGroupName gn = new AccountGroupName(group);
-    // first insert the group name to validate that the group name hasn't
-    // already been used to create another group
-    db.accountGroupNames().insert(Collections.singleton(gn));
-    db.accountGroups().insert(Collections.singleton(group));
-    return group;
-  }
-
-  private static AccountGroup.UUID findAdminGroup(
-      ReviewDb db, ProjectConfig cfg) {
-    List<PermissionRule> rules = cfg
-        .getAccessSection(AccessSection.GLOBAL_CAPABILITIES)
-        .getPermission(GlobalCapability.ADMINISTRATE_SERVER)
-        .getRules();
-
-    for (PermissionRule rule : rules) {
-      if (rule.getAction() == Action.ALLOW) {
-        return rule.getGroup().getUUID();
-      }
-    }
-    throw new IllegalStateException("no administrator group found");
   }
 }

gerrit-server/src/main/java/com/google/gerrit/server/schema/Schema_87.java

@@ -0,0 +1,68 @@
+// Copyright (C) 2013 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.server.schema;
+
+import com.google.gerrit.reviewdb.client.AccountGroup;
+import com.google.gerrit.reviewdb.server.ReviewDb;
+import com.google.gerrit.server.group.SystemGroupBackend;
+import com.google.gwtorm.jdbc.JdbcSchema;
+import com.google.gwtorm.server.OrmException;
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+public class Schema_87 extends SchemaVersion {
+  @Inject
+  Schema_87(Provider<Schema_86> prior) {
+    super(prior);
+  }
+
+  @Override
+  protected void migrateData(ReviewDb db, UpdateUI ui)
+      throws OrmException, SQLException {
+    for (AccountGroup.Id id : scanSystemGroups(db)) {
+      AccountGroup group = db.accountGroups().get(id);
+      if (group != null
+          && SystemGroupBackend.isSystemGroup(group.getGroupUUID())) {
+        db.accountGroups().delete(Collections.singleton(group));
+        db.accountGroupNames().deleteKeys(
+            Collections.singleton(group.getNameKey()));
+      }
+    }
+  }
+
+  private Set<AccountGroup.Id> scanSystemGroups(ReviewDb db)
+      throws SQLException {
+    JdbcSchema s = (JdbcSchema) db;
+    Statement stmt = s.getConnection().createStatement();
+    try {
+      ResultSet rs =
+          stmt.executeQuery("SELECT group_id FROM account_groups WHERE group_type = 'SYSTEM'");
+      Set<AccountGroup.Id> ids = new HashSet<>();
+      while (rs.next()) {
+        ids.add(new AccountGroup.Id(rs.getInt(1)));
+      }
+      return ids;
+    } finally {
+      stmt.close();
+    }
+  }
+}

gerrit-server/src/test/java/com/google/gerrit/rules/GerritCommonTest.java

@@ -17,10 +17,10 @@ package com.google.gerrit.rules;
 import static com.google.gerrit.common.data.Permission.LABEL;
 import static com.google.gerrit.server.project.Util.value;
 import static com.google.gerrit.server.project.Util.category;
-import static com.google.gerrit.server.project.Util.REGISTERED;
 import static com.google.gerrit.server.project.Util.grant;
 
 import com.google.gerrit.server.git.ProjectConfig;
+import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.Util;
 import com.google.gerrit.server.util.TimeUtil;
 import com.google.gerrit.common.data.LabelType;
@@ -29,6 +29,7 @@ import com.google.gerrit.reviewdb.client.Branch;
 import com.google.gerrit.reviewdb.client.Change;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.inject.AbstractModule;
+
 import org.junit.Before;
 import org.junit.Test;
 
@@ -72,8 +73,8 @@ public class GerritCommonTest extends PrologTestCase {
     local.getLabelSections().put(V.getName(), V);
     local.getLabelSections().put(Q.getName(), Q);
     util.add(local);
-    grant(local, LABEL + V.getName(), -1, +1, REGISTERED, "refs/heads/*");
+    grant(local, LABEL + V.getName(), -1, +1, SystemGroupBackend.REGISTERED_USERS, "refs/heads/*");
-    grant(local, LABEL + Q.getName(), -1, +1, REGISTERED, "refs/heads/master");
+    grant(local, LABEL + Q.getName(), -1, +1, SystemGroupBackend.REGISTERED_USERS, "refs/heads/master");
   }
 
   @Override

gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java

@@ -20,13 +20,13 @@ import static com.google.gerrit.common.data.Permission.OWNER;
 import static com.google.gerrit.common.data.Permission.PUSH;
 import static com.google.gerrit.common.data.Permission.READ;
 import static com.google.gerrit.common.data.Permission.SUBMIT;
-import static com.google.gerrit.server.project.Util.ANONYMOUS;
+import static com.google.gerrit.server.group.SystemGroupBackend.ANONYMOUS_USERS;
-import static com.google.gerrit.server.project.Util.REGISTERED;
+import static com.google.gerrit.server.group.SystemGroupBackend.CHANGE_OWNER;
-import static com.google.gerrit.server.project.Util.CHANGE_OWNER;
+import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS;
 import static com.google.gerrit.server.project.Util.ADMIN;
 import static com.google.gerrit.server.project.Util.DEVS;
-import static com.google.gerrit.server.project.Util.grant;
 import static com.google.gerrit.server.project.Util.doNotInherit;
+import static com.google.gerrit.server.project.Util.grant;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
@@ -36,6 +36,7 @@ import com.google.gerrit.common.data.PermissionRule;
 import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.server.git.ProjectConfig;
+
 import org.junit.Before;
 import org.junit.Test;
 
@@ -123,9 +124,9 @@ public class RefControlTest {
 
   @Test
   public void testInheritRead_SingleBranchDeniesUpload() {
-    grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
+    grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
-    grant(util.getParentConfig(), PUSH, REGISTERED, "refs/for/refs/*");
+    grant(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
-    grant(local, READ, REGISTERED, "refs/heads/foobar");
+    grant(local, READ, REGISTERED_USERS, "refs/heads/foobar");
     doNotInherit(local, READ, "refs/heads/foobar");
     doNotInherit(local, PUSH, "refs/for/refs/heads/foobar");
 
@@ -141,9 +142,9 @@ public class RefControlTest {
 
   @Test
   public void testInheritRead_SingleBranchDoesNotOverrideInherited() {
-    grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
+    grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
-    grant(util.getParentConfig(), PUSH, REGISTERED, "refs/for/refs/*");
+    grant(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
-    grant(local, READ, REGISTERED, "refs/heads/foobar");
+    grant(local, READ, REGISTERED_USERS, "refs/heads/foobar");
 
     ProjectControl u = util.user(local);
     assertTrue("can upload", u.canPushToAtLeastOneRef() == Capable.OK);
@@ -170,8 +171,8 @@ public class RefControlTest {
 
   @Test
   public void testInheritRead_OverrideWithDeny() {
-    grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
+    grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
-    grant(local, READ, REGISTERED, "refs/*").setDeny();
+    grant(local, READ, REGISTERED_USERS, "refs/*").setDeny();
 
     ProjectControl u = util.user(local);
     assertFalse("can't read", u.isVisible());
@@ -179,8 +180,8 @@ public class RefControlTest {
 
   @Test
   public void testInheritRead_AppendWithDenyOfRef() {
-    grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
+    grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
-    grant(local, READ, REGISTERED, "refs/heads/*").setDeny();
+    grant(local, READ, REGISTERED_USERS, "refs/heads/*").setDeny();
 
     ProjectControl u = util.user(local);
     assertTrue("can read", u.isVisible());
@@ -191,9 +192,9 @@ public class RefControlTest {
 
   @Test
   public void testInheritRead_OverridesAndDeniesOfRef() {
-    grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
+    grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
-    grant(local, READ, REGISTERED, "refs/*").setDeny();
+    grant(local, READ, REGISTERED_USERS, "refs/*").setDeny();
-    grant(local, READ, REGISTERED, "refs/heads/*");
+    grant(local, READ, REGISTERED_USERS, "refs/heads/*");
 
     ProjectControl u = util.user(local);
     assertTrue("can read", u.isVisible());
@@ -204,9 +205,9 @@ public class RefControlTest {
 
   @Test
   public void testInheritSubmit_OverridesAndDeniesOfRef() {
-    grant(util.getParentConfig(), SUBMIT, REGISTERED, "refs/*");
+    grant(util.getParentConfig(), SUBMIT, REGISTERED_USERS, "refs/*");
-    grant(local, SUBMIT, REGISTERED, "refs/*").setDeny();
+    grant(local, SUBMIT, REGISTERED_USERS, "refs/*").setDeny();
-    grant(local, SUBMIT, REGISTERED, "refs/heads/*");
+    grant(local, SUBMIT, REGISTERED_USERS, "refs/heads/*");
 
     ProjectControl u = util.user(local);
     assertFalse("can't submit", u.controlForRef("refs/foobar").canSubmit());
@@ -216,7 +217,7 @@ public class RefControlTest {
 
   @Test
   public void testCannotUploadToAnyRef() {
-    grant(util.getParentConfig(), READ, REGISTERED, "refs/*");
+    grant(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
     grant(local, READ, DEVS, "refs/heads/*");
     grant(local, PUSH, DEVS, "refs/for/refs/heads/*");
 
@@ -247,7 +248,7 @@ public class RefControlTest {
   @Test
   public void testSortWithRegex() {
     grant(local, READ, DEVS, "^refs/heads/.*");
-    grant(util.getParentConfig(), READ, ANONYMOUS, "^refs/heads/.*-QA-.*");
+    grant(util.getParentConfig(), READ, ANONYMOUS_USERS, "^refs/heads/.*-QA-.*");
 
     ProjectControl u = util.user(local, DEVS), d = util.user(local, DEVS);
     assertTrue("u can read", u.controlForRef("refs/heads/foo-QA-bar").isVisible());
@@ -257,7 +258,7 @@ public class RefControlTest {
   @Test
   public void testBlockRule_ParentBlocksChild() {
     grant(local, PUSH, DEVS, "refs/tags/*");
-    grant(util.getParentConfig(), PUSH, ANONYMOUS, "refs/tags/*").setBlock();
+    grant(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/tags/*").setBlock();
 
     ProjectControl u = util.user(local, DEVS);
     assertFalse("u can't force update tag", u.controlForRef("refs/tags/V10").canForceUpdate());
@@ -279,7 +280,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockNoForce() {
-    grant(local, PUSH, ANONYMOUS, "refs/heads/*").setBlock();
+    grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/*").setBlock();
     grant(local, PUSH, DEVS, "refs/heads/*");
 
     ProjectControl u = util.user(local, DEVS);
@@ -288,7 +289,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockForce() {
-    PermissionRule r = grant(local, PUSH, ANONYMOUS, "refs/heads/*");
+    PermissionRule r = grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/*");
     r.setBlock();
     r.setForce(true);
     grant(local, PUSH, DEVS, "refs/heads/*").setForce(true);
@@ -299,7 +300,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockForceWithAllowNoForce_NotPossible() {
-    PermissionRule r = grant(local, PUSH, ANONYMOUS, "refs/heads/*");
+    PermissionRule r = grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/*");
     r.setBlock();
     r.setForce(true);
     grant(local, PUSH, DEVS, "refs/heads/*");
@@ -310,7 +311,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockMoreSpecificRef_Fails() {
-    grant(local, PUSH, ANONYMOUS, "refs/heads/*").setBlock();
+    grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/*").setBlock();
     grant(local, PUSH, DEVS, "refs/heads/master");
 
     ProjectControl u = util.user(local, DEVS);
@@ -319,7 +320,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockLargerScope_Fails() {
-    grant(local, PUSH, ANONYMOUS, "refs/heads/master").setBlock();
+    grant(local, PUSH, ANONYMOUS_USERS, "refs/heads/master").setBlock();
     grant(local, PUSH, DEVS, "refs/heads/*");
 
     ProjectControl u = util.user(local, DEVS);
@@ -328,7 +329,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockInLocal_Fails() {
-    grant(util.getParentConfig(), PUSH, ANONYMOUS, "refs/heads/*").setBlock();
+    grant(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*").setBlock();
     grant(local, PUSH, fixers, "refs/heads/*");
 
     ProjectControl f = util.user(local, fixers);
@@ -337,7 +338,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockInParentBlockInLocal() {
-    grant(util.getParentConfig(), PUSH, ANONYMOUS, "refs/heads/*").setBlock();
+    grant(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*").setBlock();
     grant(util.getParentConfig(), PUSH, DEVS, "refs/heads/*");
     grant(local, PUSH, DEVS, "refs/heads/*").setBlock();
 
@@ -347,25 +348,25 @@ public class RefControlTest {
 
   @Test
   public void testUnblockVisibilityByREGISTEREDUsers() {
-    grant(local, READ, ANONYMOUS, "refs/heads/*").setBlock();
+    grant(local, READ, ANONYMOUS_USERS, "refs/heads/*").setBlock();
-    grant(local, READ, REGISTERED, "refs/heads/*");
+    grant(local, READ, REGISTERED_USERS, "refs/heads/*");
 
-    ProjectControl u = util.user(local, REGISTERED);
+    ProjectControl u = util.user(local, REGISTERED_USERS);
     assertTrue("u can read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
   }
 
   @Test
   public void testUnblockInLocalVisibilityByRegisteredUsers_Fails() {
-    grant(util.getParentConfig(), READ, ANONYMOUS, "refs/heads/*").setBlock();
+    grant(util.getParentConfig(), READ, ANONYMOUS_USERS, "refs/heads/*").setBlock();
-    grant(local, READ, REGISTERED, "refs/heads/*");
+    grant(local, READ, REGISTERED_USERS, "refs/heads/*");
 
-    ProjectControl u = util.user(local, REGISTERED);
+    ProjectControl u = util.user(local, REGISTERED_USERS);
     assertFalse("u can't read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
   }
 
   @Test
   public void testUnblockForceEditTopicName() {
-    grant(local, EDIT_TOPIC_NAME, ANONYMOUS, "refs/heads/*").setBlock();
+    grant(local, EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*").setBlock();
     grant(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);
 
     ProjectControl u = util.user(local, DEVS);
@@ -375,18 +376,18 @@ public class RefControlTest {
 
   @Test
   public void testUnblockInLocalForceEditTopicName_Fails() {
-    grant(util.getParentConfig(), EDIT_TOPIC_NAME, ANONYMOUS, "refs/heads/*")
+    grant(util.getParentConfig(), EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*")
         .setBlock();
     grant(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);
 
-    ProjectControl u = util.user(local, REGISTERED);
+    ProjectControl u = util.user(local, REGISTERED_USERS);
     assertFalse("u can't edit topic name", u.controlForRef("refs/heads/master")
         .canForceEditTopicName());
   }
 
   @Test
   public void testUnblockRange() {
-    grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS, "refs/heads/*").setBlock();
+    grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS_USERS, "refs/heads/*").setBlock();
     grant(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
 
     ProjectControl u = util.user(local, DEVS);
@@ -397,7 +398,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockRangeOnMoreSpecificRef_Fails() {
-    grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS, "refs/heads/*").setBlock();
+    grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS_USERS, "refs/heads/*").setBlock();
     grant(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/master");
 
     ProjectControl u = util.user(local, DEVS);
@@ -408,7 +409,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockRangeOnLargerScope_Fails() {
-    grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS, "refs/heads/master").setBlock();
+    grant(local, LABEL + "Code-Review", -1, +1, ANONYMOUS_USERS, "refs/heads/master").setBlock();
     grant(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
 
     ProjectControl u = util.user(local, DEVS);
@@ -419,7 +420,7 @@ public class RefControlTest {
 
   @Test
   public void testUnblockInLocalRange_Fails() {
-    grant(util.getParentConfig(), LABEL + "Code-Review", -1, 1, ANONYMOUS,
+    grant(util.getParentConfig(), LABEL + "Code-Review", -1, 1, ANONYMOUS_USERS,
         "refs/heads/*").setBlock();
     grant(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
 

gerrit-server/src/test/java/com/google/gerrit/server/project/Util.java

@@ -14,6 +14,9 @@
 
 package com.google.gerrit.server.project;
 
+import static com.google.gerrit.server.group.SystemGroupBackend.ANONYMOUS_USERS;
+import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS;
+
 import com.google.common.cache.Cache;
 import com.google.common.cache.CacheBuilder;
 import com.google.common.collect.Lists;
@@ -54,9 +57,6 @@ import java.util.Map;
 import java.util.Set;
 
 public class Util {
-  public static AccountGroup.UUID ANONYMOUS = AccountGroup.ANONYMOUS_USERS;
-  public static AccountGroup.UUID CHANGE_OWNER = AccountGroup.CHANGE_OWNER;
-  public static AccountGroup.UUID REGISTERED = AccountGroup.REGISTERED_USERS;
   public static AccountGroup.UUID ADMIN = new AccountGroup.UUID("test.admin");
   public static AccountGroup.UUID DEVS = new AccountGroup.UUID("test.devs");
 
@@ -237,8 +237,8 @@ public class Util {
       super(capabilityControlFactory);
       username = name;
       ArrayList<AccountGroup.UUID> groupIds = Lists.newArrayList(groupId);
-      groupIds.add(REGISTERED);
+      groupIds.add(REGISTERED_USERS);
-      groupIds.add(ANONYMOUS);
+      groupIds.add(ANONYMOUS_USERS);
       groups = new ListGroupMembership(groupIds);
     }