Ignore '--no-limit' query changes option for anonymous usersupstream/stable-3.3-issue-15563

Setting 'maxPages' is not enough to limit resources consumed by the anonymous users as one can still request low page number with unlimited result set (adding 'no-limit' option to REST API query changes call). In order to solve it make 'no-limit' not applicable for anonymous users. Notes: * one can still configure them to request unlimited results by setting 'Query Limit' Global Capability to Integer.MAX_VALUE for 'Anonymous Users' group * 'no-limit' option is only a part of query changes API hence accounts, groups and projects are not affected by this change Release-Notes: Ignore '--no-limit' for anonymous users change queries Bug: Issue 15563 Change-Id: Ic789690ffd2f94f02989c2906fcd75e442df86f8
author: Jacek Centkowski <geminica.programs@gmail.com> 2022-03-04 11:07:15 +0100
committer: Jacek Centkowski <geminica.programs@gmail.com> 2022-03-09 17:14:08 +0100
commit: 7072e5c2cb89b9126f9078d708c7f60845ba04b8 (patch)
tree: 8ba7d9f1fb0c223b14e8fbab23bd680067f93d9a /java/com/google/gerrit/server/restapi/change/QueryChanges.java
parent: fa06a731b989f5bd81edca5afb00e767cebad827 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/java/com/google/gerrit/server/restapi/change/QueryChanges.java b/java/com/google/gerrit/server/restapi/change/QueryChanges.java
index 3c8157b51e..7df74f817f 100644
--- a/java/com/google/gerrit/server/restapi/change/QueryChanges.java
+++ b/java/com/google/gerrit/server/restapi/change/QueryChanges.java
@@ -27,6 +27,7 @@ import com.google.gerrit.extensions.restapi.TopLevelResource;
 import com.google.gerrit.index.query.QueryParseException;
 import com.google.gerrit.index.query.QueryRequiresAuthException;
 import com.google.gerrit.index.query.QueryResult;
+import com.google.gerrit.server.AnonymousUser;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.DynamicOptions;
 import com.google.gerrit.server.change.ChangeJson;
@@ -95,7 +96,9 @@ public class QueryChanges implements RestReadView<TopLevelResource>, DynamicOpti
     this.start = start;
   }
 
-  @Option(name = "--no-limit", usage = "Return all results, overriding the default limit")
+  @Option(
+      name = "--no-limit",
+      usage = "Return all results, overriding the default limit. Ignored for anonymous users.")
   public void setNoLimit(boolean on) {
     this.noLimit = on;
   }
@@ -168,7 +171,7 @@ public class QueryChanges implements RestReadView<TopLevelResource>, DynamicOpti
     if (start != null) {
       queryProcessor.setStart(start);
     }
-    if (noLimit != null) {
+    if (noLimit != null && !AnonymousUser.class.isAssignableFrom(userProvider.get().getClass())) {
       queryProcessor.setNoLimit(noLimit);
     }
     if (skipVisibility != null) {
author	Jacek Centkowski <geminica.programs@gmail.com>	2022-03-04 11:07:15 +0100
committer	Jacek Centkowski <geminica.programs@gmail.com>	2022-03-09 17:14:08 +0100
commit	7072e5c2cb89b9126f9078d708c7f60845ba04b8 (patch)
tree	8ba7d9f1fb0c223b14e8fbab23bd680067f93d9a /java/com/google/gerrit/server/restapi/change/QueryChanges.java
parent	fa06a731b989f5bd81edca5afb00e767cebad827 (diff)