| commit | ac00f76711959bf56794d7b4bcedee85b2ef8039 | [log] [tgz] |
|---|---|---|
| author | Edwin Kempin <ekempin@google.com> | Thu Sep 06 08:56:27 2018 +0000 |
| committer | Edwin Kempin <ekempin@google.com> | Fri Sep 07 06:53:55 2018 +0000 |
| tree | f6dd869bcbbc73bdf300901ccd8c8362e9b494e5 | |
| parent | b8acc9eef933e08041aca8cd2495420a742c4c5b [diff] |
Restrict permission to upload patch sets to other users' changes There are some spammers that upload new patch sets to changes that belong to other users (e.g. [1]). To prevent that this happens again we grant the 'Add Patch Set' permission [2] only to the Gerrit maintainers and the gerrit-verifiers group which contains all trusted Gerrit contributors. Block the 'Add Patch Set' permission for Anonymous-Users since on the All-Projects project this permission is granted for Registered-Users). This means only Gerrit maintainers and users of the gerrit-verifiers group can now upload new patch sets to changes that they do not own. Everyone is still allowed to upload patch sets to own changes since this is always allowed regardless of the 'Add Patch Set' permission. [1] https://gerrit-review.googlesource.com/c/plugins/javamelody/+/192431/10..11//COMMIT_MSG [2] https://gerrit-review.googlesource.com/Documentation/access-control.html#category_add_patch_set Change-Id: I99263899fa3a82cbefbc20550b2e07dfd9414184