diff options
author | Jacek Centkowski <geminica.programs@gmail.com> | 2022-03-04 11:07:15 +0100 |
---|---|---|
committer | Jacek Centkowski <geminica.programs@gmail.com> | 2022-03-09 17:14:08 +0100 |
commit | 7072e5c2cb89b9126f9078d708c7f60845ba04b8 (patch) | |
tree | 8ba7d9f1fb0c223b14e8fbab23bd680067f93d9a /java/com/google/gerrit/server/restapi/change/QueryChanges.java | |
parent | fa06a731b989f5bd81edca5afb00e767cebad827 (diff) |
Ignore '--no-limit' query changes option for anonymous usersupstream/stable-3.3-issue-15563
Setting 'maxPages' is not enough to limit resources consumed by the
anonymous users as one can still request low page number with unlimited
result set (adding 'no-limit' option to REST API query changes call).
In order to solve it make 'no-limit' not applicable for anonymous users.
Notes:
* one can still configure them to request unlimited results by setting
'Query Limit' Global Capability to Integer.MAX_VALUE for 'Anonymous
Users' group
* 'no-limit' option is only a part of query changes API hence accounts,
groups and projects are not affected by this change
Release-Notes: Ignore '--no-limit' for anonymous users change queries
Bug: Issue 15563
Change-Id: Ic789690ffd2f94f02989c2906fcd75e442df86f8
Diffstat (limited to 'java/com/google/gerrit/server/restapi/change/QueryChanges.java')
-rw-r--r-- | java/com/google/gerrit/server/restapi/change/QueryChanges.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/java/com/google/gerrit/server/restapi/change/QueryChanges.java b/java/com/google/gerrit/server/restapi/change/QueryChanges.java index 3c8157b51e..7df74f817f 100644 --- a/java/com/google/gerrit/server/restapi/change/QueryChanges.java +++ b/java/com/google/gerrit/server/restapi/change/QueryChanges.java @@ -27,6 +27,7 @@ import com.google.gerrit.extensions.restapi.TopLevelResource; import com.google.gerrit.index.query.QueryParseException; import com.google.gerrit.index.query.QueryRequiresAuthException; import com.google.gerrit.index.query.QueryResult; +import com.google.gerrit.server.AnonymousUser; import com.google.gerrit.server.CurrentUser; import com.google.gerrit.server.DynamicOptions; import com.google.gerrit.server.change.ChangeJson; @@ -95,7 +96,9 @@ public class QueryChanges implements RestReadView<TopLevelResource>, DynamicOpti this.start = start; } - @Option(name = "--no-limit", usage = "Return all results, overriding the default limit") + @Option( + name = "--no-limit", + usage = "Return all results, overriding the default limit. Ignored for anonymous users.") public void setNoLimit(boolean on) { this.noLimit = on; } @@ -168,7 +171,7 @@ public class QueryChanges implements RestReadView<TopLevelResource>, DynamicOpti if (start != null) { queryProcessor.setStart(start); } - if (noLimit != null) { + if (noLimit != null && !AnonymousUser.class.isAssignableFrom(userProvider.get().getClass())) { queryProcessor.setNoLimit(noLimit); } if (skipVisibility != null) { |