diff options
author | Kaushik Lingarkar <kaushik.lingarkar@linaro.org> | 2023-09-20 12:00:02 -0700 |
---|---|---|
committer | Kaushik Lingarkar <kaushik.lingarkar@linaro.org> | 2023-09-20 15:43:03 -0700 |
commit | bbe4395034efab9b4a1c4fe496e73f4cd85d763a (patch) | |
tree | eb27a4176d4551156598501fadbc8e685a7cb3f8 | |
parent | 40715f5ee6f5e321a35d47318ea037f71c05bf4e (diff) |
Fix 'force topic edit' permission to consider change owner rule
On closed changes, the permission to edit topic name currently
ignores the rule to allow the change owner. Fix this by updating
RefControl#canForceEditTopicName to require whether the user
is owner of the change.
Release-Notes: 'force topic edit' permission is fixed to work with change owner rule
Change-Id: I5d014dd44cf3a0cb4a84318ab69791376d41eb68
3 files changed, 19 insertions, 5 deletions
diff --git a/java/com/google/gerrit/server/permissions/ChangeControl.java b/java/com/google/gerrit/server/permissions/ChangeControl.java index 37c773ac31..79ea9af893 100644 --- a/java/com/google/gerrit/server/permissions/ChangeControl.java +++ b/java/com/google/gerrit/server/permissions/ChangeControl.java @@ -150,7 +150,7 @@ class ChangeControl { Permission.EDIT_TOPIC_NAME) // user can edit topic on a specific ref || getProjectControl().isAdmin(); } - return refControl.canForceEditTopicName(); + return refControl.canForceEditTopicName(isOwner()); } /** Can this user toggle WorkInProgress state? */ diff --git a/java/com/google/gerrit/server/permissions/RefControl.java b/java/com/google/gerrit/server/permissions/RefControl.java index 6b51335fcf..484fa39d50 100644 --- a/java/com/google/gerrit/server/permissions/RefControl.java +++ b/java/com/google/gerrit/server/permissions/RefControl.java @@ -161,8 +161,8 @@ class RefControl { } /** Returns true if this user can force edit topic names. */ - boolean canForceEditTopicName() { - return canPerform(Permission.EDIT_TOPIC_NAME, false, true); + boolean canForceEditTopicName(boolean isChangeOwner) { + return canPerform(Permission.EDIT_TOPIC_NAME, isChangeOwner, true); } /** Returns true if this user can delete changes. */ diff --git a/javatests/com/google/gerrit/server/permissions/RefControlTest.java b/javatests/com/google/gerrit/server/permissions/RefControlTest.java index c5bef59e8a..43b0ebabad 100644 --- a/javatests/com/google/gerrit/server/permissions/RefControlTest.java +++ b/javatests/com/google/gerrit/server/permissions/RefControlTest.java @@ -981,6 +981,20 @@ public class RefControlTest { } @Test + public void changeOwnerEditTopicName() throws Exception { + projectOperations + .project(localKey) + .forUpdate() + .add(allow(EDIT_TOPIC_NAME).ref("refs/heads/*").group(CHANGE_OWNER).force(true)) + .update(); + + ProjectControl u = user(localKey, DEVS); + assertWithMessage("u can edit topic name") + .that(u.controlForRef("refs/heads/master").canForceEditTopicName(true)) + .isTrue(); + } + + @Test public void unblockForceEditTopicName() throws Exception { projectOperations .project(localKey) @@ -991,7 +1005,7 @@ public class RefControlTest { ProjectControl u = user(localKey, DEVS); assertWithMessage("u can edit topic name") - .that(u.controlForRef("refs/heads/master").canForceEditTopicName()) + .that(u.controlForRef("refs/heads/master").canForceEditTopicName(false)) .isTrue(); } @@ -1010,7 +1024,7 @@ public class RefControlTest { ProjectControl u = user(localKey, REGISTERED_USERS); assertWithMessage("u can't edit topic name") - .that(u.controlForRef("refs/heads/master").canForceEditTopicName()) + .that(u.controlForRef("refs/heads/master").canForceEditTopicName(false)) .isFalse(); } |