QChris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/64301
Change subject: Add separate capability to rename projects
......................................................................
Add separate capability to rename projects
Change-Id: I1cd503bf778212f26fc40b9b43582967e21af30d
---
M Documentation/access-control.txt
M Documentation/cmd-rename-project.txt
M Documentation/rest-api-accounts.txt
M
gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
M gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
M
gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
M
gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/RenameProjectScreen.java
M
gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
M
gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
M
gerrit-server/src/main/java/com/google/gerrit/server/project/RenameProject.java
M gerrit-server/src/main/java/com/google/gerrit/server/project/SetName.java
M
gerrit-server/src/test/java/com/google/gerrit/server/project/RenameProjectTest.java
M
gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/RenameProjectCommand.java
13 files changed, 41 insertions(+), 12 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/gerrit refs/changes/01/64301/1
diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt
index ec64e0b..39145bd 100644
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@@ -1265,6 +1265,14 @@
Allow users to run the Git garbage collection for the repositories of
all projects.
+[[capability_renameProject]]
+Rename Project
+~~~~~~~~~~~~~~
+
+Allow renaming of projects. This capability allows the granted group to rename
+projects either over link:cmd-rename-project.html[ssh], via
+link:rest-api-projects.html#rename-project[REST], or via the web UI.
+
[[capability_startReplication]]
Start Replication
diff --git a/Documentation/cmd-rename-project.txt
b/Documentation/cmd-rename-project.txt
index c9612bf..e97334a 100644
--- a/Documentation/cmd-rename-project.txt
+++ b/Documentation/cmd-rename-project.txt
@@ -18,7 +18,9 @@
ACCESS
------
-Caller must be a member of the privileged 'Administrators' group.
+Caller must be a member of the privileged 'Administrators' group,
+or have been granted
+link:access-control.html#capability_renameProject[the 'Rename Project' global
capability].
SCRIPTING
---------
diff --git a/Documentation/rest-api-accounts.txt
b/Documentation/rest-api-accounts.txt
index 579eacd..35b997f 100644
--- a/Documentation/rest-api-accounts.txt
+++ b/Documentation/rest-api-accounts.txt
@@ -149,7 +149,8 @@
"viewConnections": true,
"viewQueue": true,
"runGC": true,
- "startReplication": true
+ "startReplication": true,
+ "renameProject": true
}
----
@@ -512,6 +513,9 @@
capability.
|`killTask` |not set if `false`|Whether the user has the
link:access-control.html#capability_kill[Kill Task] capability.
+|`renameProject` |not set if `false`|Whether the user has the
+link:access-control.html#capability_renameProject[Rename Project]
+capability.
|`viewCaches` |not set if `false`|Whether the user has the
link:access-control.html#capability_viewCaches[View Caches] capability.
|`flushCaches` |not set if `false`|Whether the user has the
diff --git
a/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
b/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
index 8c08feb..49ba56f 100644
---
a/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
+++
b/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
@@ -70,6 +70,9 @@
/** Can run the Git garbage collection. */
public static final String RUN_GC = "runGC";
+ /** Can rename projects on the server. */
+ public static final String RENAME_PROJECT = "renameProject";
+
/** Forcefully restart replication to any configured destination. */
public static final String START_REPLICATION = "startReplication";
@@ -101,6 +104,7 @@
NAMES_ALL.add(PRIORITY);
NAMES_ALL.add(QUERY_LIMIT);
NAMES_ALL.add(RUN_GC);
+ NAMES_ALL.add(RENAME_PROJECT);
NAMES_ALL.add(START_REPLICATION);
NAMES_ALL.add(STREAM_EVENTS);
NAMES_ALL.add(VIEW_CACHES);
diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
index fffeff1..06cfd81 100644
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Gerrit.java
@@ -17,6 +17,7 @@
import static
com.google.gerrit.common.data.GlobalCapability.ADMINISTRATE_SERVER;
import static com.google.gerrit.common.data.GlobalCapability.CREATE_GROUP;
import static com.google.gerrit.common.data.GlobalCapability.CREATE_PROJECT;
+import static com.google.gerrit.common.data.GlobalCapability.RENAME_PROJECT;
import com.google.gerrit.client.account.AccountCapabilities;
import com.google.gerrit.client.account.AccountInfo;
@@ -670,7 +671,7 @@
if (result.canPerform(CREATE_PROJECT)) {
addLink(projectsBar, C.menuProjectsCreate(),
PageLinks.ADMIN_CREATE_PROJECT);
}
- if (result.canPerform(ADMINISTRATE_SERVER)) {
+ if (result.canPerform(RENAME_PROJECT)) {
addLink(projectsBar, C.menuProjectsRename(),
PageLinks.ADMIN_RENAME_PROJECT);
}
if (result.canPerform(CREATE_GROUP)) {
@@ -682,7 +683,7 @@
menuLeft.getWidgetIndex(peopleBar) + 1);
}
}
- }, CREATE_PROJECT, CREATE_GROUP, ADMINISTRATE_SERVER);
+ }, RENAME_PROJECT, CREATE_PROJECT, CREATE_GROUP, ADMINISTRATE_SERVER);
}
if (getConfig().isDocumentationAvailable()) {
diff --git
a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
index c68c663..a35a46d 100644
---
a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
+++
b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
@@ -160,6 +160,7 @@
priority, \
queryLimit, \
runGC, \
+ renameProject, \
startReplication, \
streamEvents, \
viewCaches, \
@@ -176,6 +177,7 @@
priority = Priority
queryLimit = Query Limit
runGC = Run Garbage Collection
+renameProject = Rename Project
startReplication = Start Replication
streamEvents = Stream Events
viewCaches = View Caches
diff --git
a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/RenameProjectScreen.java
b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/RenameProjectScreen.java
index e288ab0..3e05eab 100644
---
a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/RenameProjectScreen.java
+++
b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/RenameProjectScreen.java
@@ -14,7 +14,7 @@
package com.google.gerrit.client.admin;
-import static
com.google.gerrit.common.data.GlobalCapability.ADMINISTRATE_SERVER;
+import static com.google.gerrit.common.data.GlobalCapability.RENAME_PROJECT;
import com.google.gerrit.client.Dispatcher;
import com.google.gerrit.client.ErrorDialog;
@@ -64,13 +64,13 @@
AccountCapabilities.all(new GerritCallback<AccountCapabilities>() {
@Override
public void onSuccess(AccountCapabilities ac) {
- if (ac.canPerform(ADMINISTRATE_SERVER)) {
+ if (ac.canPerform(RENAME_PROJECT)) {
display();
} else {
Gerrit.display(PageLinks.ADMIN_RENAME_PROJECT, new NotFoundScreen());
}
}
- }, ADMINISTRATE_SERVER);
+ }, RENAME_PROJECT);
}
@Override
diff --git
a/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
b/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
index d2014ec..dc55f66 100644
---
a/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
+++
b/gerrit-server/src/main/java/com/google/gerrit/server/account/CapabilityControl.java
@@ -100,6 +100,12 @@
return canEmailReviewers;
}
+ /** @return true if the user can rename a project. */
+ public boolean canRenameProject() {
+ return canPerform(GlobalCapability.RENAME_PROJECT)
+ || canAdministrateServer();
+ }
+
/** @return true if the user can kill any running task. */
public boolean canKillTask() {
return canPerform(GlobalCapability.KILL_TASK)
diff --git
a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
index 54f1980..98bef03 100644
---
a/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
+++
b/gerrit-server/src/main/java/com/google/gerrit/server/account/GetCapabilities.java
@@ -23,6 +23,7 @@
import static com.google.gerrit.common.data.GlobalCapability.KILL_TASK;
import static com.google.gerrit.common.data.GlobalCapability.PRIORITY;
import static com.google.gerrit.common.data.GlobalCapability.RUN_GC;
+import static com.google.gerrit.common.data.GlobalCapability.RENAME_PROJECT;
import static com.google.gerrit.common.data.GlobalCapability.START_REPLICATION;
import static com.google.gerrit.common.data.GlobalCapability.STREAM_EVENTS;
import static com.google.gerrit.common.data.GlobalCapability.VIEW_CACHES;
@@ -107,6 +108,7 @@
have.put(START_REPLICATION, cc.canStartReplication());
have.put(STREAM_EVENTS, cc.canStreamEvents());
have.put(ACCESS_DATABASE, cc.canAccessDatabase());
+ have.put(RENAME_PROJECT, cc.canRenameProject());
QueueProvider.QueueType queue = cc.getQueueType();
if (queue != QueueProvider.QueueType.INTERACTIVE
diff --git
a/gerrit-server/src/main/java/com/google/gerrit/server/project/RenameProject.java
b/gerrit-server/src/main/java/com/google/gerrit/server/project/RenameProject.java
index 7999bc2..d43f605 100644
---
a/gerrit-server/src/main/java/com/google/gerrit/server/project/RenameProject.java
+++
b/gerrit-server/src/main/java/com/google/gerrit/server/project/RenameProject.java
@@ -91,7 +91,7 @@
final ProjectState sourceProjectState;
final Project sourceProject;
- if (!currentUser.getCapabilities().canAdministrateServer()) {
+ if (!currentUser.getCapabilities().canRenameProject()) {
throw new PermissionDeniedException(String.format(
"%s does not have \"Rename Project\" capability.",
currentUser.getUserName()));
diff --git
a/gerrit-server/src/main/java/com/google/gerrit/server/project/SetName.java
b/gerrit-server/src/main/java/com/google/gerrit/server/project/SetName.java
index ba99790..d9bee56 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/SetName.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/SetName.java
@@ -27,7 +27,7 @@
import org.eclipse.jgit.errors.RepositoryNotFoundException;
-@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
+@RequiresCapability(GlobalCapability.RENAME_PROJECT)
class SetName implements RestModifyView<ProjectResource, Input> {
static class Input {
@DefaultInput
diff --git
a/gerrit-server/src/test/java/com/google/gerrit/server/project/RenameProjectTest.java
b/gerrit-server/src/test/java/com/google/gerrit/server/project/RenameProjectTest.java
index 9ab0dcc..f1a14b1 100644
---
a/gerrit-server/src/test/java/com/google/gerrit/server/project/RenameProjectTest.java
+++
b/gerrit-server/src/test/java/com/google/gerrit/server/project/RenameProjectTest.java
@@ -65,7 +65,7 @@
public void testPermissionCheck() throws NameAlreadyUsedException,
NoSuchProjectException, ProjectRenamingFailedException {
reset(capabilityControl);
-
expect(capabilityControl.canAdministrateServer()).andReturn(false).anyTimes();
+ expect(capabilityControl.canRenameProject()).andReturn(false).anyTimes();
// Done with setting up mocks
replayMocks();
@@ -416,7 +416,7 @@
expect(identifiedUser.getCapabilities()).andReturn(capabilityControl)
.anyTimes();
-
expect(capabilityControl.canAdministrateServer()).andReturn(true).anyTimes();
+ expect(capabilityControl.canRenameProject()).andReturn(true).anyTimes();
expect(projectCache.get(eq(new Project.NameKey("dummysource"))))
.andReturn(sourceProjectState).anyTimes();
diff --git
a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/RenameProjectCommand.java
b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/RenameProjectCommand.java
index f85f363..4164468 100644
---
a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/RenameProjectCommand.java
+++
b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/commands/RenameProjectCommand.java
@@ -28,7 +28,7 @@
import org.kohsuke.args4j.Argument;
/** Rename a project. **/
-@RequiresCapability(GlobalCapability.ADMINISTRATE_SERVER)
+@RequiresCapability(GlobalCapability.RENAME_PROJECT)
@CommandMetaData(name = "rename-project", descr = "Rename a project")
final class RenameProjectCommand extends SshCommand {
@Argument(index = 0, required = true, metaVar = "PROJECT",
--
To view, visit https://gerrit.wikimedia.org/r/64301
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1cd503bf778212f26fc40b9b43582967e21af30d
Gerrit-PatchSet: 1
Gerrit-Project: gerrit
Gerrit-Branch: wmf
Gerrit-Owner: QChris <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
