restrict access to admin scripts

Only allow users in the Administrator group to run these commands

Change-Id: Id3b2fc998f2a985e588286b6b3bbfa7e8f5bb411
diff --git a/admin/reindexer-1.0.groovy b/admin/reindexer-1.0.groovy
index 5c32773..c3cc673 100644
--- a/admin/reindexer-1.0.groovy
+++ b/admin/reindexer-1.0.groovy
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+import com.google.gerrit.common.data.GlobalCapability
 import com.google.gerrit.sshd.*
 import com.google.gerrit.extensions.annotations.*
 import com.google.gerrit.lucene.*
@@ -20,6 +21,7 @@
 
 @Export("start")
 @CommandMetaData(name = "start", description = "Start a new on-line re-indexing for a target Lucene index version")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class StartReindex extends SshCommand {
 
   @Inject OnlineReindexer.Factory reindexerFactory
diff --git a/admin/warm-cache-1.0.groovy b/admin/warm-cache-1.0.groovy
index dae00dd..5ba12c2 100644
--- a/admin/warm-cache-1.0.groovy
+++ b/admin/warm-cache-1.0.groovy
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+import com.google.gerrit.common.data.GlobalCapability
 import com.google.gerrit.sshd.*
 import com.google.gerrit.extensions.annotations.*
 import com.google.gerrit.server.project.*
@@ -32,6 +33,7 @@
 
 @Export("projects")
 @CommandMetaData(description = "Warm-up project_list and projects caches")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class WarmProjectsCache extends BaseSshCommand {
 
   @Inject
@@ -61,6 +63,7 @@
 }
 
 @Export("groups")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class WarmGroupsCache extends WarmProjectsCache {
 
   @Inject
@@ -107,6 +110,7 @@
 }
 
 @Export("accounts")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class WarmAccountsCache extends BaseSshCommand {
 
   @Inject
@@ -141,6 +145,7 @@
 }
 
 @Export("groups-backends")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class WarmGroupsBackendsCache extends WarmAccountsCache {
 
   @Inject