Ignore '--no-limit' query changes option for anonymous users
Adding 'no-limit' option to query changes REST API can result in
substantial resources usage. This change ensures that it cannot be used
(or abused) by anonymous users.
Notes:
* one can still configure them to request unlimited results by setting
'Query Limit' Global Capability to Integer.MAX_VALUE for 'Anonymous
Users' group
* 'no-limit' option is only a part of query changes API hence accounts,
groups and projects are not affected by this change
Release-Notes: Ignore '--no-limit' for anonymous users change queries
Change-Id: Ic789690ffd2f94f02989c2906fcd75e442df86f8
diff --git a/Documentation/rest-api-changes.txt b/Documentation/rest-api-changes.txt
index 2bfb5d5..32bfc6b 100644
--- a/Documentation/rest-api-changes.txt
+++ b/Documentation/rest-api-changes.txt
@@ -74,8 +74,8 @@
link:user-search.html#_search_operators[query string] must be provided
by the `q` parameter. The `n` parameter can be used to limit the
returned results. The `no-limit` parameter can be used remove the default
-limit on queries and return all results. This might not be supported by
-all index backends.
+limit on queries and return all results (does not apply to anonymous requests).
+This might not be supported by all index backends.
As result a list of link:#change-info[ChangeInfo] entries is returned.
The change output is sorted by the last update time, most recently
diff --git a/java/com/google/gerrit/server/restapi/change/QueryChanges.java b/java/com/google/gerrit/server/restapi/change/QueryChanges.java
index 3c8157b..7df74f8 100644
--- a/java/com/google/gerrit/server/restapi/change/QueryChanges.java
+++ b/java/com/google/gerrit/server/restapi/change/QueryChanges.java
@@ -27,6 +27,7 @@
import com.google.gerrit.index.query.QueryParseException;
import com.google.gerrit.index.query.QueryRequiresAuthException;
import com.google.gerrit.index.query.QueryResult;
+import com.google.gerrit.server.AnonymousUser;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.DynamicOptions;
import com.google.gerrit.server.change.ChangeJson;
@@ -95,7 +96,9 @@
this.start = start;
}
- @Option(name = "--no-limit", usage = "Return all results, overriding the default limit")
+ @Option(
+ name = "--no-limit",
+ usage = "Return all results, overriding the default limit. Ignored for anonymous users.")
public void setNoLimit(boolean on) {
this.noLimit = on;
}
@@ -168,7 +171,7 @@
if (start != null) {
queryProcessor.setStart(start);
}
- if (noLimit != null) {
+ if (noLimit != null && !AnonymousUser.class.isAssignableFrom(userProvider.get().getClass())) {
queryProcessor.setNoLimit(noLimit);
}
if (skipVisibility != null) {
diff --git a/javatests/com/google/gerrit/acceptance/api/change/ChangeIT.java b/javatests/com/google/gerrit/acceptance/api/change/ChangeIT.java
index 0c30ef5..7c504b8 100644
--- a/javatests/com/google/gerrit/acceptance/api/change/ChangeIT.java
+++ b/javatests/com/google/gerrit/acceptance/api/change/ChangeIT.java
@@ -2618,7 +2618,7 @@
}
@Test
- public void queryChangesNoLimit() throws Exception {
+ public void queryChangesNoLimitRegisteredUser() throws Exception {
projectOperations
.allProjectsForUpdate()
.add(
@@ -2636,6 +2636,26 @@
}
@Test
+ public void queryChangesNoLimitIgnoredForAnonymousUser() throws Exception {
+ int limit = 2;
+ projectOperations
+ .allProjectsForUpdate()
+ .add(
+ allowCapability(GlobalCapability.QUERY_LIMIT)
+ .group(SystemGroupBackend.ANONYMOUS_USERS)
+ .range(0, limit))
+ .update();
+ for (int i = 0; i < 3; i++) {
+ createChange();
+ }
+ requestScopeOperations.setApiUserAnonymous();
+ List<ChangeInfo> resultsWithDefaultLimit = gApi.changes().query().get();
+ List<ChangeInfo> resultsWithNoLimit = gApi.changes().query().withNoLimit().get();
+ assertThat(resultsWithDefaultLimit).hasSize(limit);
+ assertThat(resultsWithNoLimit).hasSize(limit);
+ }
+
+ @Test
public void queryChangesStart() throws Exception {
PushOneCommit.Result r1 = createChange();
createChange();