| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When toogleWipState permission was implemented these push options were
forgotten:
* 6def400 Add new change permission: Toggle Work In Progress state
Bug: Issue 13775
Change-Id: I98fc845b6f93b4a6eeff9eba86c3f246b724400d
|
|\ \ \ \
| |/ / /
|/| / /
| |/ /
| | |
| | |
| | |
| | |
| | | |
* stable-3.0:
Update JGit to 5.3.9.202012012026-r
Update JGit to 5.1.15.202012011955-r
Upgrade JGit to 5.1.14.202011251942-r
Change-Id: Ic72797b920cf6d838e22f5422cd814239d32ebd2
|
| |\|
| | |
| | |
| | |
| | |
| | |
| | | |
* stable-2.16:
Update JGit to 5.1.15.202012011955-r
Change-Id: I9f1dba85ca7860082254ba2437dec3bc7b170e16
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This version fixes a bug occurring when processing a fetch request and
running gc concurrently.
Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=569349
Change-Id: I605749727d39822683371b98d996f5afdf1604e9
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This version fixes a bug occurring when processing a fetch request and
running gc concurrently.
Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=569349
Change-Id: I6aa23a9ac75a059156ee26b5a4e72bab676b7655
|
| |\|
| | |
| | |
| | |
| | |
| | |
| | | |
* stable-2.16:
Upgrade JGit to 5.1.14.202011251942-r
Change-Id: I3e6c74fa97044e3c16a7c74b01b05d4e7eac1dc7
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This version contains the following fix:
Ensure that GC#deleteOrphans respects pack lock
If pack or index files are guarded by a pack lock (.keep file)
deleteOrphans() should not touch the respective files protected by the
lock file. Otherwise it may interfere with PackInserter concurrently
inserting a new pack file and its index.
Release Notes:
https://projects.eclipse.org/projects/technology.jgit/releases/5.1.14
Bug: Issue 13544
Change-Id: Ieeb5a883bcb487a4d45f299aec5b31475002cdd3
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This version fixes a bug occurring when processing a fetch request and
running gc concurrently.
Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=569349
Change-Id: If9262d80bb50e107d6ba478b781160adc51cacdc
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* stable-3.0:
Bump up jetty version to 9.4.33.v20201020
Upgrade JGit to 5.3.8.202011260953-r
Fix bazel run_shell usage for newer versions
Use strict equality
Add a warning if submitting a change with an open change edit
Change-Id: I96701e61e1e2b5daed0be9cc106ba858419f3926
|
| |\|
| | |
| | |
| | |
| | |
| | |
| | | |
* stable-2.16:
Fix bazel run_shell usage for newer versions
Change-Id: I8abcf83cb4886f18a340eda46e560a10e0060ebd
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Bazel option `--incompatible_run_shell_command_string` is going to be flipped to true in upcoming Bazel 4.0 release per default, see: [1] for more details.
Test Plan:
bazel build :release
[1] https://github.com/bazelbuild/bazel/issues/5903
Bug: Issue 13612
Change-Id: Icc9589906198386b1e4805ceeabbb420a7ea1afb
(cherry picked from commit c1f4e91406b9da411dd2f5eab4ee92bfc761e1f4)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This version, in particular, fixes the bug:
"Request without Host header fails with NullPointerException in
ForwardedRequestCustomizer" [1]
This bug caused Gerrit to throw a NullPointerException when serving
forwarded http/1.0 requests having no `Host` header set.
[1] https://github.com/eclipse/jetty.project/issues/5443
Bug: Issue 13752
Change-Id: I9f9f7df74f6d6c3996e044ba9883b2aa8951c209
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This version contains the following fix:
Ensure that GC#deleteOrphans respects pack lock
If pack or index files are guarded by a pack lock (.keep file)
deleteOrphans() should not touch the respective files protected by the
lock file. Otherwise it may interfere with PackInserter concurrently
inserting a new pack file and its index.
Release Notes:
https://projects.eclipse.org/projects/technology.jgit/releases/5.1.14
Bug: Issue 13544
Change-Id: I81272f4cac9923b63b0966bcf227325efbf7d0e9
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | | |
* changes:
Use strict equality
Add a warning if submitting a change with an open change edit
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This was done in another commit [1].
[1] https://gerrit-review.googlesource.com/c/gerrit/+/281526/3/polygerrit-ui/app/elements/change/gr-confirm-submit-dialog/gr-confirm-submit-dialog.ts#71
Change-Id: I2ae7435922b55a4e5f5422b73a65bc83c44cdf94
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bug: Issue 12287
Change-Id: I25aa799a69d0fcce1db55d9d1ed87675a6d3f1fb
(cherry picked from commit a36f08348aaab175cab001d6f50be1db903a6d7b)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This version contains the following fix:
Ensure that GC#deleteOrphans respects pack lock
If pack or index files are guarded by a pack lock (.keep file)
deleteOrphans() should not touch the respective files protected by the
lock file. Otherwise it may interfere with PackInserter concurrently
inserting a new pack file and its index.
Bug: Issue 13544
Change-Id: I7266f7b0c164826140726b939a647489902633b9
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-3.0:
Update bazel-toolchains to 3.1.0
Change-Id: Iea68c8df802120c2ba18e9fdb75c390660f13db4
|
| |\ \ \
| | | |/
| | |/|
| | | |
| | | |
| | | |
| | | | |
* stable-2.16:
Update bazel-toolchains to 3.1.0
Change-Id: I77a62d8a61814b46a867fa2784679ed787934c6b
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The version of bazel-toolchain in the current WORKSPACE file has some invalid escape sequences (https://buildkite.com/bazel/bazel-at-head-plus-downstream/builds/1756#951353b2-9c81-4819-b89e-e448b043f284). Bazel itself uses bazel-toolchains 3.1.0 right now, and those invalid escape sequences have been fixed some time before 3.1.0.
Change-Id: I013dfb1202bb2cbecd0d479e0fcd9e59a80ce929
(cherry picked from commit f100cda91ea0278bf2d4b1e68f18d35779d3209e)
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-3.0:
Disk cache metrics require cache.enableDiskStatMetrics
Set version to 2.14.22
ElasticContainer: Upgrade V6_8 to elasticsearch 6.8.13
Upgrade testcontainers to 1.15.0
Workaround Gitiles bug on All-Users visibility
Validate Gerrit changes on stable-2.15 with Jenkins
Set version to 2.15.22-SNAPSHOT
Set version to 3.0.16-SNAPSHOT
Set version to 2.15.21
Set version to 3.0.15
Set version to 2.16.26-SNAPSHOT
Set version to 2.16.25
Workaround Gitiles bug on All-Users visibility
Workaround Gitiles bug on All-Users visibility
Workaround Gitiles bug on All-Users visibility
Set version to 2.15.21-SNAPSHOT
Set version to 2.15.20
Fetch JGit documentation from the archive site
Remove generation for c.g.gwtexpui.* JavaDoc
Set version to 3.0.15-SNAPSHOT
Set version to 2.16.25-SNAPSHOT
Set version to 3.0.14
Set version to 2.16.24
Make PermissionBackend#ForRef authoritative
Validate Gerrit changes on stable-2.15 with Jenkins
Fix tests for stable-2.15 branch
Make PermissionBackend#ForRef authoritative
Make PermissionBackend#ForRef authoritative
Change-Id: I04b831523d35856d88718f31ccb9005911ec64bd
|
| |\| |
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* stable-2.16:
Disk cache metrics require cache.enableDiskStatMetrics
Set version to 2.14.22
Workaround Gitiles bug on All-Users visibility
Validate Gerrit changes on stable-2.15 with Jenkins
Set version to 2.15.22-SNAPSHOT
Set version to 2.15.21
Set version to 2.16.26-SNAPSHOT
Set version to 2.16.25
Workaround Gitiles bug on All-Users visibility
Workaround Gitiles bug on All-Users visibility
Set version to 2.15.21-SNAPSHOT
Set version to 2.15.20
Fetch JGit documentation from the archive site
Remove generation for c.g.gwtexpui.* JavaDoc
Set version to 2.16.25-SNAPSHOT
Set version to 2.16.24
Make PermissionBackend#ForRef authoritative
Validate Gerrit changes on stable-2.15 with Jenkins
Fix tests for stable-2.15 branch
Make PermissionBackend#ForRef authoritative
Change-Id: I43524c086a41461138d29dcea1aaf2edefce42c5
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* stable-2.15:
Set version to 2.14.22
Workaround Gitiles bug on All-Users visibility
Validate Gerrit changes on stable-2.15 with Jenkins
Set version to 2.15.22-SNAPSHOT
Set version to 2.15.21
Workaround Gitiles bug on All-Users visibility
Set version to 2.15.21-SNAPSHOT
Set version to 2.15.20
Fetch JGit documentation from the archive site
Remove generation for c.g.gwtexpui.* JavaDoc
Make PermissionBackend#ForRef authoritative
Validate Gerrit changes on stable-2.15 with Jenkins
Fix tests for stable-2.15 branch
Change-Id: I8cf90d6a78c946f12140462f97e81cca3f3c18e3
|
| | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* stable-2.14:
Set version to 2.14.22
Workaround Gitiles bug on All-Users visibility
Validate Gerrit changes on stable-2.15 with Jenkins
Change-Id: I1839c9aebbbe14544464e07025fbd96d576dd5bf
|
| | | | |\
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* stable-2.14-2020-11.notedb-refs-tags:
Set version to 2.14.22
Workaround Gitiles bug on All-Users visibility
Validate Gerrit changes on stable-2.15 with Jenkins
Also, set target version to 2.14.23-SNAPSHOT.
Change-Id: I400d374a5950c95d9abfedc8a6ff07a6b4864b66
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: Id3c767d04411ac7551e7016a37136a77e4ae8118
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Gitiles has special FilteredRepository wrapper that
allows to carefully hide refs based on the project's ACLs.
There is however an optimisation that skips the filtering
in case a user has READ permissions on every ACLs patterns.
When the target repository is All-Users, the optimisation
turns into a security issue because it allows seeing everything
that belongs to everyone:
- draft comments
- PII of all users
- external ids
- draft edits
Block Gitiles or any other part of Gerrit to abuse of this
power when the target repository is All-Users, where nobody
can be authorised to skip the ACLs evaluation.
Cover the additional special case of the All-Users project
access with two explicit positive and negative tests,
so that the security check is covered.
Bug: Issue 13621
Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7
(cherry picked from commit 45071d6977932bca5a1427c8abad24710fed2e33)
(cherry picked from commit 1be1d6ff45f18c978fd21e5c7d437d0a1351d7d8)
|
| | | | |/
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I35c47ba60c08e8d5d1f767672b5e83b7d29fea1b
(cherry picked from commit 1346eab23259f8dc4adec9cb098e2f818c9cf79d)
|
| | | |\ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* stable-2.15-2020-11.notedb-refs-tags:
Set version to 2.15.22-SNAPSHOT
Set version to 2.15.21
Workaround Gitiles bug on All-Users visibility
Set version to 2.15.21-SNAPSHOT
Set version to 2.15.20
Fetch JGit documentation from the archive site
Remove generation for c.g.gwtexpui.* JavaDoc
Make PermissionBackend#ForRef authoritative
Validate Gerrit changes on stable-2.15 with Jenkins
Fix tests for stable-2.15 branch
Change-Id: I91db12c2c627550b2e897ccb4d7e27ee760cd32d
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I1ed863213d9946b77ae558d52094731db10ff721
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I3e3eb891d717169f912a20e7de948cea1f47fab3
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Gitiles has special FilteredRepository wrapper that
allows to carefully hide refs based on the project's ACLs.
There is however an optimisation that skips the filtering
in case a user has READ permissions on every ACLs patterns.
When the target repository is All-Users, the optimisation
turns into a security issue because it allows seeing everything
that belongs to everyone:
- draft comments
- PII of all users
- external ids
- draft edits
Block Gitiles or any other part of Gerrit to abuse of this
power when the target repository is All-Users, where nobody
can be authorised to skip the ACLs evaluation.
Cover the additional special case of the All-Users project
access with two explicit positive and negative tests,
so that the security check is covered.
Bug: Issue 13621
Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7
(cherry picked from commit 45071d6977932bca5a1427c8abad24710fed2e33)
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I3f5c762fda9d47da21685ca12b0f6c80032a3be2
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I83a8ece5ace5da608b3377461c572399b70962d0
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I8e78f5064fda7c2ff73134f6ac3d681c6be2e7d1
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The JavaDoc for com.google.gwtexpui.* cannot be generated
because the source files are not accessible anymore.
Failing to generate the JavaDocs caused the Gerrit build to
fail with 'No source files for package com.google.gwtexpui...'.
Change-Id: Ie36e650962636813d8f9f615e495a980b7280420
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This change fixes a misconception that leads to data being accessible
through Gerrit APIs that should be locked down.
Gerrit had two components for determining if a Git ref is visible to a
user: (Default)RefFilter and PermissionBackend#ForRef (ex RefControl).
The former was always capable of providing correct results for all refs.
The latter only had logic to decide if a Git ref is visible according to
the Gerrit READ permissions. This includes all refs under refs/heads as
well as any other ref that isn't a database ref or a Git tag. This
component was unware of Git tags and database references. Hence, when
asked for a database reference such as refs/changes/xx/yyyyxx/meta the
logic would allow access if the user has READ permissions on any of the
ref prefixes, such as the default "read refs/* Anonymous Users".
That is problematic, because it bypasses documented behavior [1] where
a user should only have access to a change if they can see the destination
ref. The same goes for other database references.
This change fixes the problem. It is intentionally kept to a minimally
invasive code change so that it's easier to backport it.
Add tests to assert the correct behavior. These tests would fail before
this fix. We have included them in this change to be able to backport
just a single commit.
[1] https://gerrit-review.googlesource.com/Documentation/access-control.html
Change-Id: Ice3a756cf573dd9b38e3f198ccc44899ccf65f75
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I35c47ba60c08e8d5d1f767672b5e83b7d29fea1b
|
| | | |/ /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add the 'manual' tag to wct test_suite templates,
so it is excluded from bazel test //...
(cherry picked from commit ae42cd00bdfa8a34e75c563b62f0151a561cc82b)
Change-Id: Idc62df90e90e6000fa0792799a3997580fc6b011
|
| | |\ \ \ |
|
| | |\ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
After setting up the metrics-reporter-prometheus, I have missed entries
for caches/disk_cached and caches/disk_hit_ratio. Turns out they are
disabled by default via cache.enableDiskStatMetrics.
The feature flag comes from I41ee2d9a368c312b7b2729d17d6c19bee0d90922
which has been backported to all stable branches.
Add to the metrics documentation a reference to enableDiskStatMetrics
setting.
Change-Id: I3620e0cb68b992f094a1b8d7b0016fc834a8e7e6
|
| | |\ \ \ \ \
| | | |/ / / /
| | |/| | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* stable-2.16-2020-11.notedb-refs-tags:
Set version to 2.16.26-SNAPSHOT
Set version to 2.16.25
Workaround Gitiles bug on All-Users visibility
Set version to 2.16.25-SNAPSHOT
Set version to 2.16.24
Make PermissionBackend#ForRef authoritative
Change-Id: Idec7d52fa1ef663240b4e3ca3900427b87d8d003
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: Icc689699eff3eb06a6b10e8221feab87e38b11e0
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: I67be710b6fda2069e798964ec81ad9add637bab5
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Gitiles has special FilteredRepository wrapper that
allows to carefully hide refs based on the project's ACLs.
There is however an optimisation that skips the filtering
in case a user has READ permissions on every ACLs patterns.
When the target repository is All-Users, the optimisation
turns into a security issue because it allows seeing everything
that belongs to everyone:
- draft comments
- PII of all users
- external ids
- draft edits
Block Gitiles or any other part of Gerrit to abuse of this
power when the target repository is All-Users, where nobody
can be authorised to skip the ACLs evaluation.
Cover the additional special case of the All-Users project
access with two explicit positive and negative tests,
so that the security check is covered.
Bug: Issue 13621
Change-Id: Ia6ea1a9fd5473adff534204aea7d8f25324a45b7
(cherry picked from commit 45071d6977932bca5a1427c8abad24710fed2e33)
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: Icc90a7b68e2764cbdb677c7a7f2261c7cf015e7c
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: If3ea98f0db8ef6b102ce3775e19a64739b883f8e
|
| | |/ / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This change fixes a misconception that leads to data being accessible
through Gerrit APIs that should be locked down.
Gerrit had two components for determining if a Git ref is visible to a
user: (Default)RefFilter and PermissionBackend#ForRef (ex RefControl).
The former was always capable of providing correct results for all refs.
The latter only had logic to decide if a Git ref is visible according to
the Gerrit READ permissions. This includes all refs under refs/heads as
well as any other ref that isn't a database ref or a Git tag. This
component was unware of Git tags and database references. Hence, when
asked for a database reference such as refs/changes/xx/yyyyxx/meta the
logic would allow access if the user has READ permissions on any of the
ref prefixes, such as the default "read refs/* Anonymous Users".
That is problematic, because it bypasses documented behavior [1] where
a user should only have access to a change if they can see the destination
ref. The same goes for other database references.
This change fixes the problem. It is intentionally kept to a minimally
invasive code change so that it's easier to backport it.
Add tests to assert the correct behavior. These tests would fail before
this fix. We have included them in this change to be able to backport
just a single commit.
[1] https://gerrit-review.googlesource.com/Documentation/access-control.html
Change-Id: Ice3a756cf573dd9b38e3f198ccc44899ccf65f75
|
| |\ \ \ \ \ |
|