Google Git
Sign in
gerrit / gerrit / 3488eece9f1a197aedfe41d0b3275065c4981c82
commit3488eece9f1a197aedfe41d0b3275065c4981c82[log] [tgz]
authorDariusz Luksza <dariusz@luksza.org>Mon Sep 30 15:05:59 2013 +0200
committerDariusz Luksza <dariusz@luksza.org>Tue Oct 01 09:12:49 2013 +0200
tree2b2e04cbd4e6c3f723769e022e044ba5120bab4c
parentb78d04e534dbc93975e0ce2d955f9c4f36e56c93 [diff]
Verify access to source ref during add branch operation

Previously Gerrit didn't check access to source ref during add branch
operation. Because of that users could create a branch from any known
commit SHA1, even when they didn't have access to that commit.

This patch adds additional validation to RefControl.canCreate() that
will check that a given commit object belongs to branch that the user
already has access to.

Change-Id: I16d893e0ce584ae01825aadd083c0e0e41eb5610
Signed-off-by: Dariusz Luksza <dariusz@luksza.org>
2 files changed
tree: 2b2e04cbd4e6c3f723769e022e044ba5120bab4c
  1. contrib/
  2. Documentation/
  3. gerrit-acceptance-tests/
  4. gerrit-antlr/
  5. gerrit-cache-h2/
  6. gerrit-common/
  7. gerrit-extension-api/
  8. gerrit-gwtdebug/
  9. gerrit-gwtui/
  10. gerrit-httpd/
  11. gerrit-launcher/
  12. gerrit-main/
  13. gerrit-openid/
  14. gerrit-patch-commonsnet/
  15. gerrit-patch-jgit/
  16. gerrit-pgm/
  17. gerrit-plugin-api/
  18. gerrit-plugin-archetype/
  19. gerrit-plugin-gwt-archetype/
  20. gerrit-plugin-gwtui/
  21. gerrit-plugin-js-archetype/
  22. gerrit-prettify/
  23. gerrit-reviewdb/
  24. gerrit-server/
  25. gerrit-sshd/
  26. gerrit-util-cli/
  27. gerrit-util-ssl/
  28. gerrit-war/
  29. plugins/
  30. ReleaseNotes/
  31. tools/
  32. .gitignore
  33. .gitmodules
  34. COPYING
  35. INSTALL
  36. pom.xml
  37. SUBMITTING_PATCHES