Merge "Honor toogleWipState permission for %ready %wip push options" into stable-3.1

author: Sven Selberg <sven.selberg@axis.com> 2020-12-04 12:32:04 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2020-12-04 12:32:04 +0000
commit: 9134e7917ea772732726f9469a3a64e0cf4050ba (patch)
tree: 1e86a980120e7e8b0625dd8c2a2c155e8c386b9c
parent: 31dc3c1e4f481fcce6822e7fa7f234e6571a24ab (diff)
parent: 8c27f62954b07c41455ac684e95efdcd87c2eb32 (diff)
3 files changed, 18 insertions, 6 deletions
diff --git a/java/com/google/gerrit/server/git/receive/ReceiveCommits.java b/java/com/google/gerrit/server/git/receive/ReceiveCommits.java
index b0eac616dd..3b5b080009 100644
--- a/java/com/google/gerrit/server/git/receive/ReceiveCommits.java
+++ b/java/com/google/gerrit/server/git/receive/ReceiveCommits.java
@@ -25,7 +25,7 @@ import static com.google.gerrit.git.ObjectIds.abbreviateName;
 import static com.google.gerrit.server.change.HashtagsUtil.cleanupHashtag;
 import static com.google.gerrit.server.git.MultiProgressMonitor.UNKNOWN;
 import static com.google.gerrit.server.git.receive.ReceiveConstants.COMMAND_REJECTION_MESSAGE_FOOTER;
-import static com.google.gerrit.server.git.receive.ReceiveConstants.ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP;
+import static com.google.gerrit.server.git.receive.ReceiveConstants.ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP;
 import static com.google.gerrit.server.git.receive.ReceiveConstants.PUSH_OPTION_SKIP_VALIDATION;
 import static com.google.gerrit.server.git.receive.ReceiveConstants.SAME_CHANGE_ID_IN_MULTIPLE_CHANGES;
 import static com.google.gerrit.server.git.validators.CommitValidators.NEW_PATCHSET_PATTERN;
@@ -2852,9 +2852,9 @@ class ReceiveCommits {
 
         if (!hasWriteConfigPermission) {
           try {
-            permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER);
+            permissions.change(notes).check(ChangePermission.TOGGLE_WORK_IN_PROGRESS_STATE);
           } catch (AuthException e1) {
-            reject(inputCommand, ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP);
+            reject(inputCommand, ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP);
           }
         }
       }
diff --git a/java/com/google/gerrit/server/git/receive/ReceiveConstants.java b/java/com/google/gerrit/server/git/receive/ReceiveConstants.java
index 03a1b33bbe..df1888be3f 100644
--- a/java/com/google/gerrit/server/git/receive/ReceiveConstants.java
+++ b/java/com/google/gerrit/server/git/receive/ReceiveConstants.java
@@ -20,8 +20,8 @@ public final class ReceiveConstants {
   public static final String PUSH_OPTION_SKIP_VALIDATION = "skip-validation";
 
   @VisibleForTesting
-  public static final String ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP =
-      "only change owner or project owner can modify Work-in-Progress";
+  public static final String ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP =
+      "only users with Toogle-Wip-State permission can modify Work-in-Progress";
 
   static final String COMMAND_REJECTION_MESSAGE_FOOTER =
       "Contact an administrator to fix the permissions";
diff --git a/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java b/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java
index cab12b3d87..ea82013877 100644
--- a/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java
+++ b/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java
@@ -900,7 +900,19 @@ public abstract class AbstractPushForReview extends AbstractDaemonTest {
     GitUtil.fetch(user2Repo, r.getPatchSet().refName() + ":ps");
     user2Repo.reset("ps");
     r = amendChange(r.getChangeId(), "refs/for/master%ready", user2, user2Repo);
-    r.assertErrorStatus(ReceiveConstants.ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP);
+    r.assertErrorStatus(ReceiveConstants.ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP);
+
+    // Non owner, non admin and non project owner with toggleWipState should succeed.
+    projectOperations
+        .project(project)
+        .forUpdate()
+        .add(
+            allow(Permission.TOGGLE_WORK_IN_PROGRESS_STATE)
+                .ref(RefNames.REFS_HEADS + "*")
+                .group(REGISTERED_USERS))
+        .update();
+    r = amendChange(r.getChangeId(), "refs/for/master%ready", user2, user2Repo);
+    r.assertOkStatus();
 
     // Project owner trying to move from WIP to ready should succeed.
     projectOperations
author	Sven Selberg <sven.selberg@axis.com>	2020-12-04 12:32:04 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2020-12-04 12:32:04 +0000
commit	9134e7917ea772732726f9469a3a64e0cf4050ba (patch)
tree	1e86a980120e7e8b0625dd8c2a2c155e8c386b9c
parent	31dc3c1e4f481fcce6822e7fa7f234e6571a24ab (diff)
parent	8c27f62954b07c41455ac684e95efdcd87c2eb32 (diff)