diff options
Diffstat (limited to 'gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java')
-rw-r--r-- | gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java | 193 |
1 files changed, 0 insertions, 193 deletions
diff --git a/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java b/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java deleted file mode 100644 index 6fd0e778ec..0000000000 --- a/gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java +++ /dev/null @@ -1,193 +0,0 @@ -// Copyright (C) 2011 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package com.google.gerrit.common.data; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.List; - -/** Server wide capabilities. Represented as {@link Permission} objects. */ -public class GlobalCapability { - /** Ability to access the database (with gsql). */ - public static final String ACCESS_DATABASE = "accessDatabase"; - - /** - * Denotes the server's administrators. - * - * <p>This is similar to UNIX root, or Windows SYSTEM account. Any user that has this capability - * can perform almost any other action, or can grant themselves the power to perform any other - * action on the site. Most of the other capabilities and permissions fall-back to the predicate - * "OR user has capability ADMINISTRATE_SERVER". - */ - public static final String ADMINISTRATE_SERVER = "administrateServer"; - - /** Maximum number of changes that may be pushed in a batch. */ - public static final String BATCH_CHANGES_LIMIT = "batchChangesLimit"; - - /** - * Default maximum number of changes that may be pushed in a batch, 0 means no limit. This is just - * used as a suggestion for prepopulating the field in the access UI. - */ - public static final int DEFAULT_MAX_BATCH_CHANGES_LIMIT = 0; - - /** Can create any account on the server. */ - public static final String CREATE_ACCOUNT = "createAccount"; - - /** Can create any group on the server. */ - public static final String CREATE_GROUP = "createGroup"; - - /** Can create any project on the server. */ - public static final String CREATE_PROJECT = "createProject"; - - /** - * Denotes who may email change reviewers and watchers. - * - * <p>This can be used to deny build bots from emailing reviewers and people who watch the change. - * Instead, only the authors of the change and those who starred it will be emailed. The allow - * rules are evaluated before deny rules, however the default is to allow emailing, if no explicit - * rule is matched. - */ - public static final String EMAIL_REVIEWERS = "emailReviewers"; - - /** Can flush any cache except the active web_sessions cache. */ - public static final String FLUSH_CACHES = "flushCaches"; - - /** Can terminate any task using the kill command. */ - public static final String KILL_TASK = "killTask"; - - /** - * Can perform limited server maintenance. - * - * <p>Includes tasks such as reindexing changes and flushing caches that may need to be performed - * regularly. Does <strong>not</strong> grant arbitrary read/write/ACL management permissions as - * does {@link #ADMINISTRATE_SERVER}. - */ - public static final String MAINTAIN_SERVER = "maintainServer"; - - /** Can modify any account on the server. */ - public static final String MODIFY_ACCOUNT = "modifyAccount"; - - /** Queue a user can access to submit their tasks to. */ - public static final String PRIORITY = "priority"; - - /** Maximum result limit per executed query. */ - public static final String QUERY_LIMIT = "queryLimit"; - - /** Default result limit per executed query. */ - public static final int DEFAULT_MAX_QUERY_LIMIT = 500; - - /** Ability to impersonate another user. */ - public static final String RUN_AS = "runAs"; - - /** Can run the Git garbage collection. */ - public static final String RUN_GC = "runGC"; - - /** Can perform streaming of Gerrit events. */ - public static final String STREAM_EVENTS = "streamEvents"; - - /** Can view all accounts, regardless of {@code accounts.visibility}. */ - public static final String VIEW_ALL_ACCOUNTS = "viewAllAccounts"; - - /** Can view the server's current cache states. */ - public static final String VIEW_CACHES = "viewCaches"; - - /** Can view open connections to the server's SSH port. */ - public static final String VIEW_CONNECTIONS = "viewConnections"; - - /** Can view all installed plugins. */ - public static final String VIEW_PLUGINS = "viewPlugins"; - - /** Can view all pending tasks in the queue (not just the filtered set). */ - public static final String VIEW_QUEUE = "viewQueue"; - - private static final List<String> NAMES_ALL; - private static final List<String> NAMES_LC; - private static final String[] RANGE_NAMES = { - QUERY_LIMIT, BATCH_CHANGES_LIMIT, - }; - - static { - NAMES_ALL = new ArrayList<>(); - NAMES_ALL.add(ACCESS_DATABASE); - NAMES_ALL.add(ADMINISTRATE_SERVER); - NAMES_ALL.add(BATCH_CHANGES_LIMIT); - NAMES_ALL.add(CREATE_ACCOUNT); - NAMES_ALL.add(CREATE_GROUP); - NAMES_ALL.add(CREATE_PROJECT); - NAMES_ALL.add(EMAIL_REVIEWERS); - NAMES_ALL.add(FLUSH_CACHES); - NAMES_ALL.add(KILL_TASK); - NAMES_ALL.add(MAINTAIN_SERVER); - NAMES_ALL.add(MODIFY_ACCOUNT); - NAMES_ALL.add(PRIORITY); - NAMES_ALL.add(QUERY_LIMIT); - NAMES_ALL.add(RUN_AS); - NAMES_ALL.add(RUN_GC); - NAMES_ALL.add(STREAM_EVENTS); - NAMES_ALL.add(VIEW_ALL_ACCOUNTS); - NAMES_ALL.add(VIEW_CACHES); - NAMES_ALL.add(VIEW_CONNECTIONS); - NAMES_ALL.add(VIEW_PLUGINS); - NAMES_ALL.add(VIEW_QUEUE); - - NAMES_LC = new ArrayList<>(NAMES_ALL.size()); - for (String name : NAMES_ALL) { - NAMES_LC.add(name.toLowerCase()); - } - } - - /** @return all valid capability names. */ - public static Collection<String> getAllNames() { - return Collections.unmodifiableList(NAMES_ALL); - } - - /** @return true if the name is recognized as a capability name. */ - public static boolean isCapability(String varName) { - return NAMES_LC.contains(varName.toLowerCase()); - } - - /** @return true if the capability should have a range attached. */ - public static boolean hasRange(String varName) { - for (String n : RANGE_NAMES) { - if (n.equalsIgnoreCase(varName)) { - return true; - } - } - return false; - } - - public static List<String> getRangeNames() { - return Collections.unmodifiableList(Arrays.asList(RANGE_NAMES)); - } - - /** @return the valid range for the capability if it has one, otherwise null. */ - public static PermissionRange.WithDefaults getRange(String varName) { - if (QUERY_LIMIT.equalsIgnoreCase(varName)) { - return new PermissionRange.WithDefaults( - varName, 0, Integer.MAX_VALUE, 0, DEFAULT_MAX_QUERY_LIMIT); - } - if (BATCH_CHANGES_LIMIT.equalsIgnoreCase(varName)) { - return new PermissionRange.WithDefaults( - varName, 0, Integer.MAX_VALUE, 0, DEFAULT_MAX_BATCH_CHANGES_LIMIT); - } - return null; - } - - private GlobalCapability() { - // Utility class, do not create instances. - } -} |