com.google.gerrit.common.data

Class GlobalCapability

java.lang.Object

com.google.gerrit.common.data.GlobalCapability

public class GlobalCapability
extends Object

Server wide capabilities. Represented as Permission objects.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ACCESS_DATABASE Ability to access the database (with gsql).
static String	ADMINISTRATE_SERVER Denotes the server's administrators.
static String	BATCH_CHANGES_LIMIT Maximum number of changes that may be pushed in a batch.
static String	CREATE_ACCOUNT Can create any account on the server.
static String	CREATE_GROUP Can create any group on the server.
static String	CREATE_PROJECT Can create any project on the server.
static int	DEFAULT_MAX_BATCH_CHANGES_LIMIT Default maximum number of changes that may be pushed in a batch, 0 means no limit.
static int	DEFAULT_MAX_QUERY_LIMIT Default result limit per executed query.
static String	EMAIL_REVIEWERS Denotes who may email change reviewers and watchers.
static String	FLUSH_CACHES Can flush any cache except the active web_sessions cache.
static String	KILL_TASK Can terminate any task using the kill command.
static String	MAINTAIN_SERVER Can perform limited server maintenance.
static String	MODIFY_ACCOUNT Can modify any account on the server.
static String	PRIORITY Queue a user can access to submit their tasks to.
static String	QUERY_LIMIT Maximum result limit per executed query.
static String	READ_AS Can impersonate any user to see which refs they can read.
static String	RUN_AS Ability to impersonate another user.
static String	RUN_GC Can run the Git garbage collection.
static String	STREAM_EVENTS Can perform streaming of Gerrit events.
static String	VIEW_ACCESS Can query permissions for any (project, user) pair
static String	VIEW_ALL_ACCOUNTS Can view all accounts, regardless of accounts.visibility.
static String	VIEW_CACHES Can view the server's current cache states.
static String	VIEW_CONNECTIONS Can view open connections to the server's SSH port.
static String	VIEW_PLUGINS Can view all installed plugins.
static String	VIEW_QUEUE Can view all pending tasks in the queue (not just the filtered set).

Method Summary

Modifier and Type	Method and Description
static Collection<String>	getAllNames()
static PermissionRange.WithDefaults	getRange(String varName)
static List<String>	getRangeNames()
static boolean	hasRange(String varName)
static boolean	isGlobalCapability(String varName)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACCESS_DATABASE

public static final String ACCESS_DATABASE

Ability to access the database (with gsql).

See Also:

Constant Field Values

ADMINISTRATE_SERVER

public static final String ADMINISTRATE_SERVER

Denotes the server's administrators.

This is similar to UNIX root, or Windows SYSTEM account. Any user that has this capability can perform almost any other action, or can grant themselves the power to perform any other action on the site. Most of the other capabilities and permissions fall-back to the predicate "OR user has capability ADMINISTRATE_SERVER".

See Also:

Constant Field Values

BATCH_CHANGES_LIMIT

public static final String BATCH_CHANGES_LIMIT

Maximum number of changes that may be pushed in a batch.

See Also:

Constant Field Values

DEFAULT_MAX_BATCH_CHANGES_LIMIT

public static final int DEFAULT_MAX_BATCH_CHANGES_LIMIT

Default maximum number of changes that may be pushed in a batch, 0 means no limit. This is just used as a suggestion for prepopulating the field in the access UI.

See Also:

Constant Field Values

CREATE_ACCOUNT

public static final String CREATE_ACCOUNT

Can create any account on the server.

See Also:

Constant Field Values

CREATE_GROUP

public static final String CREATE_GROUP

Can create any group on the server.

See Also:

Constant Field Values

CREATE_PROJECT

public static final String CREATE_PROJECT

Can create any project on the server.

See Also:

Constant Field Values

EMAIL_REVIEWERS

public static final String EMAIL_REVIEWERS

Denotes who may email change reviewers and watchers.

This can be used to deny build bots from emailing reviewers and people who watch the change. Instead, only the authors of the change and those who starred it will be emailed. The allow rules are evaluated before deny rules, however the default is to allow emailing, if no explicit rule is matched.

See Also:

Constant Field Values

FLUSH_CACHES

public static final String FLUSH_CACHES

Can flush any cache except the active web_sessions cache.

See Also:

Constant Field Values

KILL_TASK

public static final String KILL_TASK

Can terminate any task using the kill command.

See Also:

Constant Field Values

MAINTAIN_SERVER

public static final String MAINTAIN_SERVER

Can perform limited server maintenance.

Includes tasks such as reindexing changes and flushing caches that may need to be performed regularly. Does not grant arbitrary read/write/ACL management permissions as does ADMINISTRATE_SERVER.

See Also:

Constant Field Values

MODIFY_ACCOUNT

public static final String MODIFY_ACCOUNT

Can modify any account on the server.

See Also:

Constant Field Values

PRIORITY

public static final String PRIORITY

Queue a user can access to submit their tasks to.

See Also:

Constant Field Values

QUERY_LIMIT

public static final String QUERY_LIMIT

Maximum result limit per executed query.

See Also:

Constant Field Values

DEFAULT_MAX_QUERY_LIMIT

public static final int DEFAULT_MAX_QUERY_LIMIT

Default result limit per executed query.

See Also:

Constant Field Values

READ_AS

public static final String READ_AS

Can impersonate any user to see which refs they can read.

See Also:

Constant Field Values

RUN_AS

public static final String RUN_AS

Ability to impersonate another user.

See Also:

Constant Field Values

RUN_GC

public static final String RUN_GC

Can run the Git garbage collection.

See Also:

Constant Field Values

STREAM_EVENTS

public static final String STREAM_EVENTS

Can perform streaming of Gerrit events.

See Also:

Constant Field Values

VIEW_ALL_ACCOUNTS

public static final String VIEW_ALL_ACCOUNTS

Can view all accounts, regardless of accounts.visibility.

See Also:

Constant Field Values

VIEW_CACHES

public static final String VIEW_CACHES

Can view the server's current cache states.

See Also:

Constant Field Values

VIEW_CONNECTIONS

public static final String VIEW_CONNECTIONS

Can view open connections to the server's SSH port.

See Also:

Constant Field Values

VIEW_PLUGINS

public static final String VIEW_PLUGINS

Can view all installed plugins.

See Also:

Constant Field Values

VIEW_QUEUE

public static final String VIEW_QUEUE

Can view all pending tasks in the queue (not just the filtered set).

See Also:

Constant Field Values

VIEW_ACCESS

public static final String VIEW_ACCESS

Can query permissions for any (project, user) pair

See Also:

Constant Field Values

Method Detail

getAllNames

public static Collection<String> getAllNames()

Returns:

all valid capability names.

isGlobalCapability

public static boolean isGlobalCapability(String varName)

Returns:

true if the name is recognized as a capability name.

hasRange

public static boolean hasRange(String varName)

Returns:

true if the capability should have a range attached.

getRangeNames

public static List<String> getRangeNames()

getRange

public static PermissionRange.WithDefaults getRange(String varName)

Returns:

the valid range for the capability if it has one, otherwise null.