Package com.google.gerrit.common.data

Class GlobalCapability

java.lang.Object
com.google.gerrit.common.data.GlobalCapability
public class GlobalCapability extends Object
Server wide capabilities. Represented as Permission objects.

Contrary to Permission, global capabilities do not need a resource to check permissions on.

  • Field Details

    • ACCESS_DATABASE

      public static final String ACCESS_DATABASE
      Ability to view code review metadata refs in repositories.
      See Also:

    • ADMINISTRATE_SERVER

      public static final String ADMINISTRATE_SERVER
      Denotes the server's administrators.

      This is similar to UNIX root, or Windows SYSTEM account. Any user that has this capability can perform almost any other action, or can grant themselves the power to perform any other action on the site. Most of the other capabilities and permissions fall-back to the predicate "OR user has capability ADMINISTRATE_SERVER".

      See Also:

    • BATCH_CHANGES_LIMIT

      public static final String BATCH_CHANGES_LIMIT
      Maximum number of changes that may be pushed in a batch.
      See Also:

    • DEFAULT_MAX_BATCH_CHANGES_LIMIT

      public static final int DEFAULT_MAX_BATCH_CHANGES_LIMIT
      Default maximum number of changes that may be pushed in a batch, 0 means no limit. This is just used as a suggestion for prepopulating the field in the access UI.
      See Also:

    • CREATE_ACCOUNT

      public static final String CREATE_ACCOUNT
      Can create any account on the server.
      See Also:

    • CREATE_GROUP

      public static final String CREATE_GROUP
      Can create any group on the server.
      See Also:

    • CREATE_PROJECT

      public static final String CREATE_PROJECT
      Can create any project on the server.
      See Also:

    • EMAIL_REVIEWERS

      public static final String EMAIL_REVIEWERS
      Denotes who may email change reviewers and watchers.

      This can be used to deny build bots from emailing reviewers and people who watch the change. Instead, only the authors of the change and those who starred it will be emailed. The allow rules are evaluated before deny rules, however the default is to allow emailing, if no explicit rule is matched.

      See Also:

    • FLUSH_CACHES

      public static final String FLUSH_CACHES
      Can flush any cache except the active web_sessions cache.
      See Also:

    • KILL_TASK

      public static final String KILL_TASK
      Can terminate any task using the kill command.
      See Also:

    • MAINTAIN_SERVER

      public static final String MAINTAIN_SERVER
      Can perform limited server maintenance.

      Includes tasks such as reindexing changes and flushing caches that may need to be performed regularly. Does not grant arbitrary read/write/ACL management permissions as does ADMINISTRATE_SERVER.

      See Also:

    • MODIFY_ACCOUNT

      public static final String MODIFY_ACCOUNT
      Can modify any account on the server.
      See Also:

    • PRIORITY

      public static final String PRIORITY
      Queue a user can access to submit their tasks to.
      See Also:

    • QUERY_LIMIT

      public static final String QUERY_LIMIT
      Maximum result limit per executed query.
      See Also:

    • DEFAULT_MAX_QUERY_LIMIT

      public static final int DEFAULT_MAX_QUERY_LIMIT
      Default result limit per executed query.
      See Also:

    • READ_AS

      public static final String READ_AS
      Can impersonate any user to see which refs they can read.
      See Also:

    • RUN_AS

      public static final String RUN_AS
      Ability to impersonate another user.
      See Also:

    • RUN_GC

      public static final String RUN_GC
      Can run the Git garbage collection.
      See Also:

    • STREAM_EVENTS

      public static final String STREAM_EVENTS
      Can perform streaming of Gerrit events.
      See Also:

    • VIEW_ACCESS

      public static final String VIEW_ACCESS
      Can query permissions for any (project, user) pair
      See Also:

    • VIEW_ALL_ACCOUNTS

      public static final String VIEW_ALL_ACCOUNTS
      Can view all accounts, regardless of accounts.visibility.
      See Also:

    • VIEW_CACHES

      public static final String VIEW_CACHES
      Can view the server's current cache states.
      See Also:

    • VIEW_CONNECTIONS

      public static final String VIEW_CONNECTIONS
      Can view open connections to the server's SSH port.
      See Also:

    • VIEW_PLUGINS

      public static final String VIEW_PLUGINS
      Can view all installed plugins.
      See Also:

    • VIEW_QUEUE

      public static final String VIEW_QUEUE
      Can view all pending tasks in the queue (not just the filtered set).
      See Also:

    • VIEW_SECONDARY_EMAILS

      public static final String VIEW_SECONDARY_EMAILS
      Can view secondary emails of other accounts.
      See Also:

  • Method Details

    • getAllNames

      public static com.google.common.collect.ImmutableList<String> getAllNames()
      Returns all valid capability names.

    • isGlobalCapability

      public static boolean isGlobalCapability(String varName)
      Returns true if the name is recognized as a capability name.

    • hasRange

      public static boolean hasRange(String varName)
      Returns true if the capability should have a range attached.

    • getRangeNames

      public static List<String> getRangeNames()

    • getRange

      public static PermissionRange.WithDefaults getRange(String varName)
      Returns the valid range for the capability if it has one, otherwise null.