| commit | 58c58e783d7fbb55308dfa6d96c1da404c3d9439 | [log] [tgz] |
|---|---|---|
| author | Kamil Musin <kamilm@google.com> | Tue Jun 18 16:43:29 2024 +0200 |
| committer | Kamil Musin <kamilm@google.com> | Wed Jun 19 13:08:44 2024 +0200 |
| tree | e78f139e5af8bd056e5967bf3bdf1e97a37b593d | |
| parent | 17e556717b2dd44b073b68df221bb9124b99feef [diff] |
Fix missing Submit ACL on dependant changes The MergeOp logic doesn't check Submit permissions for dependant changes. This can cause an issue with topics, since changes in the same topic are not necessarily in the same branch (or even project). This issue was caused by inconsistancy in checks between Submit UiAction and MergeOp. To avoid similar issues in the future, instead of simply fixing the check in MergeOp, we update both Submit.java and MergeOp to use a shared implementation. As the result of this, READ permission is potentially checked multiple times. However there are potential reasons why it can be useful (staleness) and trying to avoid it would add more complexity to the change. The check in Submit.java used to have special logic that uses current ChangeData, instead of potentially stale information in ChangeSet (because it's generated from index). To maintain the behaviour we replace the data for the triggering change in the ChangeSet before calling checkCommonSubmitProblems. countChangesThatWereSubmittedWithRebaserApproval was moved out of checking logic and now only counts the changes, if all changes passed the checks. Which seems more inline with the intention based on the name. The Submit permission error for dependent changes is surfaced as ResourceConflictException (as opposed to AuthException), since the error message can contain multiple problems from commitStatus, and it's not worth having a custom logic to "sometimes" have better error code. Google-Bug-Id: b/347935402 Release-Notes: skip Change-Id: Ic6dbda6dec1deebb6c14bb9056e0c20db768a9e1
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Bazel and run the following:
git clone --recurse-submodules https://gerrit.googlesource.com/gerrit
cd gerrit && bazel build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update && apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
On Fedora run:
dnf clean all && dnf install gerrit-<version>[-<release>]
Docker images of Gerrit are available on DockerHub
To run a CentOS 8 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-centos8
To run a Ubuntu 20.04 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-ubuntu20
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.