Add new ACL for abandoning changes
Bug: Issue 930
Change-Id: I9275cc8de218953dc9f5c211f0c60e8008b8efb9
diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt
index b9fb8b3..ad20cb3 100644
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@@ -444,6 +444,14 @@
A restart is required after making database changes.
See <<restart_changes,below>>.
+[[category_abandon]]
+Abandon
+~~~~
+
+This category controls whether users are allowed to abandon changes
+to projects in Gerrit. It can give permission to abandon a specific
+change to a given ref.
+
[[category_create]]
Create reference
~~~~~~~~~~~~~~~~
diff --git a/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java b/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java
index 20261de..4067349 100644
--- a/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java
+++ b/gerrit-common/src/main/java/com/google/gerrit/common/data/Permission.java
@@ -20,6 +20,7 @@
/** A single permission within an {@link AccessSection} of a project. */
public class Permission implements Comparable<Permission> {
+ public static final String ABANDON = "abandon";
public static final String CREATE = "create";
public static final String FORGE_AUTHOR = "forgeAuthor";
public static final String FORGE_COMMITTER = "forgeCommitter";
@@ -40,6 +41,7 @@
NAMES_LC = new ArrayList<String>();
NAMES_LC.add(OWNER.toLowerCase());
NAMES_LC.add(READ.toLowerCase());
+ NAMES_LC.add(ABANDON.toLowerCase());
NAMES_LC.add(CREATE.toLowerCase());
NAMES_LC.add(FORGE_AUTHOR.toLowerCase());
NAMES_LC.add(FORGE_COMMITTER.toLowerCase());
diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
index 3b3d0bb..89fc195 100644
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
@@ -98,6 +98,7 @@
# Permission Names
permissionNames = \
+ abandon, \
create, \
forgeAuthor, \
forgeCommitter, \
@@ -109,6 +110,7 @@
read, \
rebase, \
submit
+abandon = Abandon
create = Create Reference
forgeAuthor = Forge Author Identity
forgeCommitter = Forge Committer Identity
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
index 64f7d97..7387fd1 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ChangeControl.java
@@ -189,6 +189,7 @@
|| getRefControl().isOwner() // branch owner can abandon
|| getProjectControl().isOwner() // project owner can abandon
|| getCurrentUser().getCapabilities().canAdministrateServer() // site administers are god
+ || getRefControl().canAbandon() // user can abandon a specific ref
;
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
index 82c3a6d..2f99271 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java
@@ -310,6 +310,11 @@
return canPerform(Permission.FORGE_SERVER);
}
+ /** @return true if this user can abandon a change for this ref */
+ public boolean canAbandon() {
+ return canPerform(Permission.ABANDON);
+ }
+
/** All value ranges of any allowed label permission. */
public List<PermissionRange> getLabelRanges() {
List<PermissionRange> r = new ArrayList<PermissionRange>();
