Restrict permission to upload patch sets to other users' changes

There are some spammers that upload new patch sets to changes that
belong to other users (e.g. [1]). To prevent that this happens again
we grant the 'Add Patch Set' permission [2] only to the Gerrit
maintainers and the gerrit-verifiers group which contains all trusted
Gerrit contributors. Block the 'Add Patch Set' permission for
Anonymous-Users since on the All-Projects project this permission is
granted for Registered-Users).

This means only Gerrit maintainers and users of the gerrit-verifiers
group can now upload new patch sets to changes that they do not own.
Everyone is still allowed to upload patch sets to own changes since
this is always allowed regardless of the 'Add Patch Set' permission.

[1] https://gerrit-review.googlesource.com/c/plugins/javamelody/+/192431/10..11//COMMIT_MSG
[2] https://gerrit-review.googlesource.com/Documentation/access-control.html#category_add_patch_set

Change-Id: I99263899fa3a82cbefbc20550b2e07dfd9414184
1 file changed
tree: f6dd869bcbbc73bdf300901ccd8c8362e9b494e5
  1. groups
  2. project.config