From ee5320abd7c58bc2c563dad4bb612e9a70d8a364 Mon Sep 17 00:00:00 2001
From: "Shawn O. Pearce" <sop@google.com>
Date: Mon, 8 Nov 2010 17:07:26 -0800
Subject: Hide access rights not visible to user

It may be an information leak to display to a user other branches
and the group those users have access to read.  When displaying the
access rights of a project, filter the list of displayed RefRights
to only those RefRights that are owned by the user, or are visible
to them via READ +1 permission.

Change-Id: I70d04d494ec9cef81c2108ecb451a81ac0293615
Signed-off-by: Shawn O. Pearce <sop@google.com>
---
 .../httpd/rpc/project/ProjectDetailFactory.java     | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ProjectDetailFactory.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ProjectDetailFactory.java
index 3ff3892f9a..ef632c44bd 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ProjectDetailFactory.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ProjectDetailFactory.java
@@ -26,6 +26,7 @@ import com.google.gerrit.server.account.GroupCache;
 import com.google.gerrit.server.project.NoSuchProjectException;
 import com.google.gerrit.server.project.ProjectControl;
 import com.google.gerrit.server.project.ProjectState;
+import com.google.gerrit.server.project.RefControl;
 import com.google.inject.Inject;
 import com.google.inject.assistedinject.Assisted;
 
@@ -75,8 +76,14 @@ class ProjectDetailFactory extends Handler<ProjectDetail> {
     final List<InheritedRefRight> refRights = new ArrayList<InheritedRefRight>();
 
     for (final RefRight r : projectState.getInheritedRights()) {
-      InheritedRefRight refRight = new InheritedRefRight(
-          r, true, pc.controlForRef(r.getRefPattern()).isOwner());
+      RefControl rc = pc.controlForRef(r.getRefPattern());
+      boolean isOwner = rc.isOwner();
+
+      if (!isOwner && !rc.isVisible()) {
+        continue;
+      }
+
+      InheritedRefRight refRight = new InheritedRefRight(r, true, isOwner);
       if (!refRights.contains(refRight)) {
         refRights.add(refRight);
         wantGroup(r.getAccountGroupId());
@@ -84,8 +91,14 @@ class ProjectDetailFactory extends Handler<ProjectDetail> {
     }
 
     for (final RefRight r : projectState.getLocalRights()) {
-      refRights.add(new InheritedRefRight(
-          r, false, pc.controlForRef(r.getRefPattern()).isOwner()));
+      RefControl rc = pc.controlForRef(r.getRefPattern());
+      boolean isOwner = rc.isOwner();
+
+      if (!isOwner && !rc.isVisible()) {
+        continue;
+      }
+
+      refRights.add(new InheritedRefRight(r, false, isOwner));
       wantGroup(r.getAccountGroupId());
     }
 
-- 
cgit v1.2.3