diff options
author | Sven Selberg <sven.selberg@axis.com> | 2020-12-04 12:32:04 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-12-04 12:32:04 +0000 |
commit | 9134e7917ea772732726f9469a3a64e0cf4050ba (patch) | |
tree | 1e86a980120e7e8b0625dd8c2a2c155e8c386b9c | |
parent | 31dc3c1e4f481fcce6822e7fa7f234e6571a24ab (diff) | |
parent | 8c27f62954b07c41455ac684e95efdcd87c2eb32 (diff) |
Merge "Honor toogleWipState permission for %ready %wip push options" into stable-3.1
3 files changed, 18 insertions, 6 deletions
diff --git a/java/com/google/gerrit/server/git/receive/ReceiveCommits.java b/java/com/google/gerrit/server/git/receive/ReceiveCommits.java index b0eac616dd..3b5b080009 100644 --- a/java/com/google/gerrit/server/git/receive/ReceiveCommits.java +++ b/java/com/google/gerrit/server/git/receive/ReceiveCommits.java @@ -25,7 +25,7 @@ import static com.google.gerrit.git.ObjectIds.abbreviateName; import static com.google.gerrit.server.change.HashtagsUtil.cleanupHashtag; import static com.google.gerrit.server.git.MultiProgressMonitor.UNKNOWN; import static com.google.gerrit.server.git.receive.ReceiveConstants.COMMAND_REJECTION_MESSAGE_FOOTER; -import static com.google.gerrit.server.git.receive.ReceiveConstants.ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP; +import static com.google.gerrit.server.git.receive.ReceiveConstants.ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP; import static com.google.gerrit.server.git.receive.ReceiveConstants.PUSH_OPTION_SKIP_VALIDATION; import static com.google.gerrit.server.git.receive.ReceiveConstants.SAME_CHANGE_ID_IN_MULTIPLE_CHANGES; import static com.google.gerrit.server.git.validators.CommitValidators.NEW_PATCHSET_PATTERN; @@ -2852,9 +2852,9 @@ class ReceiveCommits { if (!hasWriteConfigPermission) { try { - permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER); + permissions.change(notes).check(ChangePermission.TOGGLE_WORK_IN_PROGRESS_STATE); } catch (AuthException e1) { - reject(inputCommand, ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP); + reject(inputCommand, ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP); } } } diff --git a/java/com/google/gerrit/server/git/receive/ReceiveConstants.java b/java/com/google/gerrit/server/git/receive/ReceiveConstants.java index 03a1b33bbe..df1888be3f 100644 --- a/java/com/google/gerrit/server/git/receive/ReceiveConstants.java +++ b/java/com/google/gerrit/server/git/receive/ReceiveConstants.java @@ -20,8 +20,8 @@ public final class ReceiveConstants { public static final String PUSH_OPTION_SKIP_VALIDATION = "skip-validation"; @VisibleForTesting - public static final String ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP = - "only change owner or project owner can modify Work-in-Progress"; + public static final String ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP = + "only users with Toogle-Wip-State permission can modify Work-in-Progress"; static final String COMMAND_REJECTION_MESSAGE_FOOTER = "Contact an administrator to fix the permissions"; diff --git a/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java b/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java index cab12b3d87..ea82013877 100644 --- a/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java +++ b/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java @@ -900,7 +900,19 @@ public abstract class AbstractPushForReview extends AbstractDaemonTest { GitUtil.fetch(user2Repo, r.getPatchSet().refName() + ":ps"); user2Repo.reset("ps"); r = amendChange(r.getChangeId(), "refs/for/master%ready", user2, user2Repo); - r.assertErrorStatus(ReceiveConstants.ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP); + r.assertErrorStatus(ReceiveConstants.ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP); + + // Non owner, non admin and non project owner with toggleWipState should succeed. + projectOperations + .project(project) + .forUpdate() + .add( + allow(Permission.TOGGLE_WORK_IN_PROGRESS_STATE) + .ref(RefNames.REFS_HEADS + "*") + .group(REGISTERED_USERS)) + .update(); + r = amendChange(r.getChangeId(), "refs/for/master%ready", user2, user2Repo); + r.assertOkStatus(); // Project owner trying to move from WIP to ready should succeed. projectOperations |