diff options
author | Sven Selberg <svense@axis.com> | 2020-12-17 09:43:18 +0100 |
---|---|---|
committer | Sven Selberg <svense@axis.com> | 2020-12-28 15:10:59 +0100 |
commit | b5f92f10f99c7374c57bebde21d26bec12c38b33 (patch) | |
tree | 3730150f874c48179ee685eeee7e79fefdedc9be | |
parent | e32b979c2f732e8b192ad6730bdd7d03be81fd1f (diff) |
ForRef#check should permit internal users to read all refs
79d24d4 Make PermissionBackend#ForRef authoritative
Introduced a regression where InternalUsers where not taken into
consideration when checking READ permission.
Bug: Issue 13786
Change-Id: I3f18507f65044ac96321c1efecf1f2688f36859f
(cherry picked from commit 23ff2cfc8ffc00ad3d6e2c752d63394957c8720d)
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java | 4 | ||||
-rw-r--r-- | gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java | 22 |
2 files changed, 26 insertions, 0 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java index 2ba5e0f6d2..1f40262ba3 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java @@ -589,6 +589,10 @@ public class RefControl { private boolean can(RefPermission perm) throws PermissionBackendException { switch (perm) { case READ: + /* Internal users such as plugin users should be able to read all refs. */ + if (getUser().isInternalUser()) { + return true; + } if (refName.startsWith(Constants.R_TAGS)) { return isTagVisible(); } diff --git a/gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java b/gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java index 364013fcba..8baf52e201 100644 --- a/gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java +++ b/gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java @@ -47,6 +47,7 @@ import com.google.gerrit.reviewdb.server.ReviewDb; import com.google.gerrit.rules.PrologEnvironment; import com.google.gerrit.rules.RulesCache; import com.google.gerrit.server.CurrentUser; +import com.google.gerrit.server.InternalUser; import com.google.gerrit.server.account.CapabilityCollection; import com.google.gerrit.server.account.GroupMembership; import com.google.gerrit.server.account.ListGroupMembership; @@ -399,6 +400,11 @@ public class RefControlTest { } @Test + public void userRefIsVisibleForInternalUser() throws Exception { + internalUser(local).controlForRef("refs/users/default").asForRef().check(RefPermission.READ); + } + + @Test public void branchDelegation1() { allow(local, OWNER, ADMIN, "refs/*"); allow(local, OWNER, DEVS, "refs/heads/x/*"); @@ -917,6 +923,22 @@ public class RefControlTest { return repo; } + private ProjectControl internalUser(ProjectConfig local) throws Exception { + return new ProjectControl( + Collections.<AccountGroup.UUID>emptySet(), + Collections.<AccountGroup.UUID>emptySet(), + sectionSorter, + null, // commitsCollection + changeControlFactory, + permissionBackend, + refVisibilityControl, + gitRepositoryManager, + visibleRefFilterFactory, + allUsersName, + new InternalUser(), + newProjectState(local)); + } + private ProjectControl user(ProjectConfig local, AccountGroup.UUID... memberOf) { return user(local, null, memberOf); } |