Fixed: Draft patch sets are visible in diff screens

If a change included drafts that were not visible to the
user, the drafts were still being shown and were selectable
in the header of the diff screens.  The user was therefore
able to view diffs including patch sets that he should not
be able to see.

Add checks to prevent non-visible drafts from being shown.

Bug: Issue 1915
Change-Id: I89841e59c9f8171824919f847f18b3bd65e46d68
Signed-off-by: David Pursehouse <david.pursehouse@sonymobile.com>
Signed-off-by: Gustaf Lundh <gustaf.lundh@sonymobile.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/patch/PatchScriptFactory.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/patch/PatchScriptFactory.java
index e0ec4654c1..797229c992 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/patch/PatchScriptFactory.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/patch/PatchScriptFactory.java
@@ -138,6 +138,11 @@ class PatchScriptFactory extends Handler<PatchScript> {
     aId = psa != null ? toObjectId(db, psa) : null;
     bId = toObjectId(db, psb);
 
+    if ((psa != null && !control.isPatchVisible(db.patchSets().get(psa), db)) ||
+        (psb != null && !control.isPatchVisible(db.patchSets().get(psb), db))) {
+      throw new NoSuchChangeException(changeId);
+    }
+
     final Repository git;
     try {
       git = repoManager.openRepository(projectKey);
@@ -232,6 +237,9 @@ class PatchScriptFactory extends Handler<PatchScript> {
     // proper rename detection between the patch sets.
     //
     for (final PatchSet ps : db.patchSets().byChange(changeId)) {
+      if (!control.isPatchVisible(ps, db)) {
+        continue;
+      }
       String name = patchKey.get();
       if (psa != null) {
         switch (changeType) {