Add new ACL for abandoning changes Bug: Issue 930 Change-Id: I9275cc8de218953dc9f5c211f0c60e8008b8efb9
diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt index b9fb8b3..ad20cb3 100644 --- a/Documentation/access-control.txt +++ b/Documentation/access-control.txt
@@ -444,6 +444,14 @@ A restart is required after making database changes. See <<restart_changes,below>>. +[[category_abandon]] +Abandon +~~~~ + +This category controls whether users are allowed to abandon changes +to projects in Gerrit. It can give permission to abandon a specific +change to a given ref. + [[category_create]] Create reference ~~~~~~~~~~~~~~~~
diff --git a/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java b/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java index 20261de..4067349 100644 --- a/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java +++ b/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java
@@ -20,6 +20,7 @@ /** A single permission within an {@link AccessSection} of a project. */ public class Permission implements Comparable<Permission> { + public static final String ABANDON = "abandon"; public static final String CREATE = "create"; public static final String FORGE_AUTHOR = "forgeAuthor"; public static final String FORGE_COMMITTER = "forgeCommitter"; @@ -40,6 +41,7 @@ NAMES_LC = new ArrayList<String>(); NAMES_LC.add(OWNER.toLowerCase()); NAMES_LC.add(READ.toLowerCase()); + NAMES_LC.add(ABANDON.toLowerCase()); NAMES_LC.add(CREATE.toLowerCase()); NAMES_LC.add(FORGE_AUTHOR.toLowerCase()); NAMES_LC.add(FORGE_COMMITTER.toLowerCase());
diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties index 3b3d0bb..89fc195 100644 --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
@@ -98,6 +98,7 @@ # Permission Names permissionNames = \ + abandon, \ create, \ forgeAuthor, \ forgeCommitter, \ @@ -109,6 +110,7 @@ read, \ rebase, \ submit +abandon = Abandon create = Create Reference forgeAuthor = Forge Author Identity forgeCommitter = Forge Committer Identity
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java index 64f7d97..7387fd1 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
@@ -189,6 +189,7 @@ || getRefControl().isOwner() // branch owner can abandon || getProjectControl().isOwner() // project owner can abandon || getCurrentUser().getCapabilities().canAdministrateServer() // site administers are god + || getRefControl().canAbandon() // user can abandon a specific ref ; }
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java index 82c3a6d..2f99271 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
@@ -310,6 +310,11 @@ return canPerform(Permission.FORGE_SERVER); } + /** @return true if this user can abandon a change for this ref */ + public boolean canAbandon() { + return canPerform(Permission.ABANDON); + } + /** All value ranges of any allowed label permission. */ public List<PermissionRange> getLabelRanges() { List<PermissionRange> r = new ArrayList<PermissionRange>();