commit | d4a2865f205ab46971658206e58a8f731ca7f18c | [log] [tgz] |
---|---|---|
author | Edwin Kempin <ekempin@google.com> | Mon Mar 27 12:03:58 2023 +0200 |
committer | Edwin Kempin <ekempin@google.com> | Tue Mar 28 07:34:04 2023 +0000 |
tree | 187d5ff87c23c1006f5c5b837df50e2f0aa13ce2 | |
parent | 1a96d08aef59b4ed98acb3bca3e6c9f422facac2 [diff] |
Add global capability that allows to view secondary emails If users have multiple emails only the preferred email is visible to other users. This means when users change their preferred email, the new preferred email becomes visible while the old preferred email stops to be visible. This can be a problem for bots that operate on emails, as emails can suddenly become non-visible. E.g. if all users have a corporate email and optionally other emails, a bot that uses the corporate emails (e.g. to auto-assign reviewers on changes) stops working when users change their preferred email to a non-corporate email, as this makes the corporate email non-visible. Now, with the new View Secondary Emails global capability it's possible to allow the bot to view all emails, so that this is no longer a problem. This became an issue now after change I799bf1c57 fixed an issue that allowed users to resolve secondary emails although they should not have been able to see them. So far the only work-around was to assign the bot the Modify Account global capability that allows to view secondary emails too, but this capability is too broad as it also allows to modify all accounts. So basically the new View Secondary Emails capability is just a subset of the existing Modify Account capability: both capabilities allow to see secondary emails of other accounts, but the Modify Account capability allows in addition to modify accounts. The Modify Account global capability continues allowing to view secondary emails. This means having the Modify Account capability implies having the View Secondary Emails capability. Having the permission to view secondary emails of other accounts, doesn't change anything about account visibility, but it only allows resolving secondary emails to visible accounts. This means if a secondary email is used as account identifier in the REST API it can only be resolved if the account is visible and the calling user can see secondary emails. If a user asks for secondary emails of an account (e.g. a REST call to list all emails of an account, or querying accounts with ListAccountsOption ALL_EMAILS), but the user cannot see secondary emails we return "view secondary emails not permitted" as the error message now (before the error message was "modify account not permitted"). The new error message should be easier to understand. Bug: Google b/272679324 Release-Notes: Added global capability that allows to view secondary emails Signed-off-by: Edwin Kempin <ekempin@google.com> Change-Id: Iec901ec050974ed62bc74c9df5f8ca88c2956fae
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Bazel and run the following:
git clone --recurse-submodules https://gerrit.googlesource.com/gerrit cd gerrit && bazel build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update && apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
On Fedora run:
dnf clean all && dnf install gerrit-<version>[-<release>]
Docker images of Gerrit are available on DockerHub
To run a CentOS 8 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-centos8
To run a Ubuntu 20.04 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-ubuntu20
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.