Merge "Add new 'read as' capability."
diff --git a/java/com/google/gerrit/common/data/GlobalCapability.java b/java/com/google/gerrit/common/data/GlobalCapability.java
index e613d21..3e11256 100644
--- a/java/com/google/gerrit/common/data/GlobalCapability.java
+++ b/java/com/google/gerrit/common/data/GlobalCapability.java
@@ -90,6 +90,9 @@
/** Default result limit per executed query. */
public static final int DEFAULT_MAX_QUERY_LIMIT = 500;
+ /** Can impersonate any user to see which refs they can read. */
+ public static final String READ_AS = "readAs";
+
/** Ability to impersonate another user. */
public static final String RUN_AS = "runAs";
@@ -138,6 +141,7 @@
NAMES_ALL.add(MODIFY_ACCOUNT);
NAMES_ALL.add(PRIORITY);
NAMES_ALL.add(QUERY_LIMIT);
+ NAMES_ALL.add(READ_AS);
NAMES_ALL.add(RUN_AS);
NAMES_ALL.add(RUN_GC);
NAMES_ALL.add(STREAM_EVENTS);
diff --git a/java/com/google/gerrit/server/account/CapabilityCollection.java b/java/com/google/gerrit/server/account/CapabilityCollection.java
index ee74f47..1abc33f 100644
--- a/java/com/google/gerrit/server/account/CapabilityCollection.java
+++ b/java/com/google/gerrit/server/account/CapabilityCollection.java
@@ -48,6 +48,7 @@
public final ImmutableList<PermissionRule> batchChangesLimit;
public final ImmutableList<PermissionRule> emailReviewers;
public final ImmutableList<PermissionRule> priority;
+ public final ImmutableList<PermissionRule> readAs;
public final ImmutableList<PermissionRule> queryLimit;
public final ImmutableList<PermissionRule> createGroup;
@@ -97,6 +98,7 @@
batchChangesLimit = getPermission(GlobalCapability.BATCH_CHANGES_LIMIT);
emailReviewers = getPermission(GlobalCapability.EMAIL_REVIEWERS);
priority = getPermission(GlobalCapability.PRIORITY);
+ readAs = getPermission(GlobalCapability.READ_AS);
queryLimit = getPermission(GlobalCapability.QUERY_LIMIT);
createGroup = getPermission(GlobalCapability.CREATE_GROUP);
}
diff --git a/java/com/google/gerrit/server/config/CapabilityConstants.java b/java/com/google/gerrit/server/config/CapabilityConstants.java
index 961dbbd..4ab97f8 100644
--- a/java/com/google/gerrit/server/config/CapabilityConstants.java
+++ b/java/com/google/gerrit/server/config/CapabilityConstants.java
@@ -34,6 +34,7 @@
public String maintainServer;
public String modifyAccount;
public String priority;
+ public String readAs;
public String queryLimit;
public String runAs;
public String runGC;
diff --git a/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java b/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
index 51a0f95..8cf9444 100644
--- a/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
+++ b/java/com/google/gerrit/server/permissions/DefaultPermissionBackend.java
@@ -172,6 +172,7 @@
case CREATE_PROJECT:
case MAINTAIN_SERVER:
case MODIFY_ACCOUNT:
+ case READ_AS:
case STREAM_EVENTS:
case VIEW_ALL_ACCOUNTS:
case VIEW_CONNECTIONS:
diff --git a/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java b/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java
index 9593521..cee42ad 100644
--- a/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java
+++ b/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java
@@ -50,6 +50,7 @@
.put(GlobalPermission.KILL_TASK, GlobalCapability.KILL_TASK)
.put(GlobalPermission.MAINTAIN_SERVER, GlobalCapability.MAINTAIN_SERVER)
.put(GlobalPermission.MODIFY_ACCOUNT, GlobalCapability.MODIFY_ACCOUNT)
+ .put(GlobalPermission.READ_AS, GlobalCapability.READ_AS)
.put(GlobalPermission.RUN_AS, GlobalCapability.RUN_AS)
.put(GlobalPermission.RUN_GC, GlobalCapability.RUN_GC)
.put(GlobalPermission.STREAM_EVENTS, GlobalCapability.STREAM_EVENTS)
diff --git a/java/com/google/gerrit/server/permissions/GlobalPermission.java b/java/com/google/gerrit/server/permissions/GlobalPermission.java
index 01ef725..07c9e84 100644
--- a/java/com/google/gerrit/server/permissions/GlobalPermission.java
+++ b/java/com/google/gerrit/server/permissions/GlobalPermission.java
@@ -43,6 +43,7 @@
KILL_TASK,
MAINTAIN_SERVER,
MODIFY_ACCOUNT,
+ READ_AS,
RUN_AS,
RUN_GC,
STREAM_EVENTS,
diff --git a/java/com/google/gerrit/sshd/commands/LsUserRefs.java b/java/com/google/gerrit/sshd/commands/LsUserRefs.java
index 781679d..2c15e78 100644
--- a/java/com/google/gerrit/sshd/commands/LsUserRefs.java
+++ b/java/com/google/gerrit/sshd/commands/LsUserRefs.java
@@ -42,7 +42,7 @@
import org.eclipse.jgit.lib.Repository;
import org.kohsuke.args4j.Option;
-@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
+@RequiresCapability(GlobalCapability.READ_AS)
@CommandMetaData(
name = "ls-user-refs",
description = "List refs visible to a specific user",
diff --git a/javatests/com/google/gerrit/acceptance/rest/account/CapabilityInfo.java b/javatests/com/google/gerrit/acceptance/rest/account/CapabilityInfo.java
index 5404fdd..1ca019e 100644
--- a/javatests/com/google/gerrit/acceptance/rest/account/CapabilityInfo.java
+++ b/javatests/com/google/gerrit/acceptance/rest/account/CapabilityInfo.java
@@ -28,6 +28,7 @@
public boolean modifyAccount;
public boolean priority;
public QueryLimit queryLimit;
+ public boolean readAs;
public boolean runAs;
public boolean runGC;
public boolean streamEvents;
diff --git a/resources/com/google/gerrit/server/config/CapabilityConstants.properties b/resources/com/google/gerrit/server/config/CapabilityConstants.properties
index 6654837..ba590ee 100644
--- a/resources/com/google/gerrit/server/config/CapabilityConstants.properties
+++ b/resources/com/google/gerrit/server/config/CapabilityConstants.properties
@@ -10,6 +10,7 @@
maintainServer = Maintain Server
modifyAccount = Modify Account
priority = Priority
+readAs = Read As
queryLimit = Query Limit
runAs = Run As
runGC = Run Garbage Collection