Google Git
Sign in
gerrit / plugins / scripts / d5c5b208030df86cf01f48176db6d3b4bf66028f^! / .
commitd5c5b208030df86cf01f48176db6d3b4bf66028f[log] [tgz]
authorKhai Do <zaro0508@gmail.com>Fri May 20 10:02:29 2016 -0700
committerKhai Do <zaro0508@gmail.com>Fri May 20 14:38:26 2016 -0700
tree9345122b9dec37c0aae2793bd43381ee053c3e44
parent9a10a2b24f4c5e7fa86eea0414e2bfb4b5a36d68 [diff]
restrict access to admin scripts

Only allow users in the Administrator group to run these commands

Change-Id: Id3b2fc998f2a985e588286b6b3bbfa7e8f5bb411

diff --git a/admin/reindexer-1.0.groovy b/admin/reindexer-1.0.groovy
index 5c32773..c3cc673 100644
--- a/admin/reindexer-1.0.groovy
+++ b/admin/reindexer-1.0.groovy

@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+import com.google.gerrit.common.data.GlobalCapability
 import com.google.gerrit.sshd.*
 import com.google.gerrit.extensions.annotations.*
 import com.google.gerrit.lucene.*
@@ -20,6 +21,7 @@
 
 @Export("start")
 @CommandMetaData(name = "start", description = "Start a new on-line re-indexing for a target Lucene index version")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class StartReindex extends SshCommand {
 
   @Inject OnlineReindexer.Factory reindexerFactory

diff --git a/admin/warm-cache-1.0.groovy b/admin/warm-cache-1.0.groovy
index dae00dd..5ba12c2 100644
--- a/admin/warm-cache-1.0.groovy
+++ b/admin/warm-cache-1.0.groovy

@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+import com.google.gerrit.common.data.GlobalCapability
 import com.google.gerrit.sshd.*
 import com.google.gerrit.extensions.annotations.*
 import com.google.gerrit.server.project.*
@@ -32,6 +33,7 @@
 
 @Export("projects")
 @CommandMetaData(description = "Warm-up project_list and projects caches")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class WarmProjectsCache extends BaseSshCommand {
 
   @Inject
@@ -61,6 +63,7 @@
 }
 
 @Export("groups")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class WarmGroupsCache extends WarmProjectsCache {
 
   @Inject
@@ -107,6 +110,7 @@
 }
 
 @Export("accounts")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class WarmAccountsCache extends BaseSshCommand {
 
   @Inject
@@ -141,6 +145,7 @@
 }
 
 @Export("groups-backends")
+@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
 class WarmGroupsBackendsCache extends WarmAccountsCache {
 
   @Inject