Merge "Fix temporary file creation and cleanup during testing"
diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt
index 73072a7..4dc1acb6 100644
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@@ -15,6 +15,7 @@
in the `system_config` table within the database, so the groups
can be renamed after installation if desired.
+
[[administrators]]
Administrators
~~~~~~~~~~~~~~
@@ -33,6 +34,7 @@
to permit administrative users to otherwise access Gerrit as any
other normal user would, without needing two different accounts.
+
[[anonymous_users]]
Anonymous Users
~~~~~~~~~~~~~~~
@@ -48,6 +50,7 @@
to grant `Read` access to this group as Gerrit requires an account
identity for all other operations.
+
[[non-interactive_users]]
Non-Interactive Users
~~~~~~~~~~~~~~~~~~~~~
@@ -63,6 +66,7 @@
users. This ensures that the interactive users can keep working when
resources are tight.
+
[[project_owners]]
Project Owners
~~~~~~~~~~~~~~
@@ -80,6 +84,7 @@
avoid the need to initially configure access rights for
newly created child projects.
+
[[registered_users]]
Registered Users
~~~~~~~~~~~~~~~~
@@ -134,6 +139,7 @@
members of `Foo` have submit rights on a project, and the members of
`Foo-admin` typically do not need to have such rights.
+
[[ldap_groups]]
LDAP Groups
-----------
@@ -255,6 +261,7 @@
|Foo Leads |refs/heads/qa |Code-Review| -2..+2 |
|==============================================================
+
OpenID Authentication
~~~~~~~~~~~~~~~~~~~~~
@@ -264,6 +271,7 @@
of its OpenID identities match one or more of the patterns listed
in the `auth.trustedOpenID` list from `gerrit.config`.
+
All Projects
~~~~~~~~~~~~
@@ -283,6 +291,7 @@
`Administrators` does, as group members would be able to alter
permissions for every managed project including global capabilities.
+
Per-Project
~~~~~~~~~~~
@@ -394,23 +403,13 @@
draft patch sets of a change into public patch sets for review.
-[[access_labels]]
-Review Labels
--------------
+[[access_categories]]
+Access Categories
+-----------------
-For every configured label `My-Name` in the project, there is a
-corresponding permission `label-My-Name` with a range corresponding to
-the defined values.
+Gerrit has several permission categories that can be granted to groups
+within projects, enabling functionality for that group's members.
-Gerrit comes pre-configured with several default labels that can be
-granted to groups within projects, enabling functionality for that
-group's members. link:config-labels.html[Custom labels] may also be
-defined globally or on a per-project basis.
-
-With the release of the Gerrit 2.2.x series, the web GUI for ACL
-configuration was rewritten from scratch. Use this
-<<conversion_table,table>> to better understand the access rights
-conversions from the Gerrit 2.1.x to the Gerrit 2.2.x series.
[[category_abandon]]
Abandon
@@ -423,6 +422,7 @@
This also grants the permission to restore a change if the change
can be uploaded.
+
[[category_create]]
Create reference
~~~~~~~~~~~~~~~~
@@ -615,6 +615,7 @@
the intention of the `Push Merge Commit` entry is to allow direct pushes
of merge commits.
+
[[category_push_annotated]]
Push Annotated Tag
~~~~~~~~~~~~~~~~~~
@@ -724,6 +725,7 @@
can still do the rebase locally and upload the rebased commit as a new
patch set.
+
[[category_remove_reviewer]]
Remove Reviewer
~~~~~~~~~~~~~~~
@@ -739,6 +741,20 @@
reviewer list on a change.
+[[category_review_labels]]
+Review Labels
+~~~~~~~~~~~~~
+
+For every configured label `My-Name` in the project, there is a
+corresponding permission `label-My-Name` with a range corresponding to
+the defined values.
+
+Gerrit comes pre-configured with a default 'Code-Review' label that can
+be granted to groups within projects, enabling functionality for that
+group's members. link:config-labels.html[Custom labels] may also be
+defined globally or on a per-project basis.
+
+
[[category_submit]]
Submit
~~~~~~
@@ -813,6 +829,7 @@
general guidelines for a typical way to set up your project on a
brand new Gerrit instance.
+
[[examples_contributor]]
Contributor
~~~~~~~~~~~
@@ -956,6 +973,7 @@
* <<category_owner,`Owner`>> in the gits they mostly work with.
+
[[examples_administrator]]
Administrator
~~~~~~~~~~~~~
@@ -973,6 +991,7 @@
* <<examples_project-owner,Project owner rights>>
+
Enforcing site wide access policies
-----------------------------------
@@ -997,6 +1016,7 @@
* Project owners can manage access rights of their projects without a danger
of violating a site wide policy
+
[[block]]
'BLOCK' access rule
~~~~~~~~~~~~~~~~~~~
@@ -1045,6 +1065,7 @@
different access section of the same project or in any access section in an
inheriting project cannot override a 'BLOCK' rule.
+
Examples
~~~~~~~~
@@ -1074,6 +1095,7 @@
pushTag = group Project Owners
====
+
Let only a dedicated group vote in a special category
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -1091,41 +1113,6 @@
label-Release-Process = -1..+1 group Release Engineers
====
-[[conversion_table]]
-Conversion table from 2.1.x series to 2.2.x series
---------------------------------------------------
-
-[options="header"]
-|=================================================================================
-|Gerrit 2.1.x |Gerrit 2.2.x
-|Code review |link:config-labels.html#label_Code-Review[Label: Code-Review]
-|Verify |link:config-labels.html#label_Verified[Label: Verify]
-|Forge Identity +1 |Forge <<category_forge_author,author>> identity
-|Forge Identity +2 |Forge <<category_forge_committer,committer>> & <<category_forge_author,author>> identity
-|Forge Identity +3 |Forge <<category_forge_server,server>> & <<category_forge_committer,committer>> & <<category_forge_author,author>> identity
-|Owner |<<category_owner,Owner>>
-|Push branch +1 |<<category_push_direct,Push>>
-|Push branch +2 |<<category_create,Create reference>> & <<category_push_direct,Push>>
-|Push branch +3 |<<category_push_direct,Push>> (with force) & <<category_create,Create reference>>
-|Push tag +1 & Push Branch +2 |No support to limit to push signed tag
-|Push tag +2 & Push Branch +2 |<<category_push_annotated,Push annotated tag>>
-|Push Branch +2 (refs/tags/*) |<<category_create,Create reference>> (refs/tags/...)
-|Push Branch +3 (refs/tags/*) |<<category_push_direct,Push>> (with force on refs/tags/...)
-|Read +1 |<<category_read,Read>>
-|Read +2 |<<category_read,Read>> & <<category_push_review,Push>> (refs/for/refs/...)
-|Read +3 |<<category_read,Read>> & <<category_push_review,Push>> (refs/for/refs/...) & <<category_push_merge,Push Merge Commit>>
-|Submit |<<category_submit,Submit>>
-|=================================================================================
-
-
-[NOTE]
-In Gerrit 2.2.x, the way to set permissions for upload has changed entirely.
-To upload a change for review is no longer a separate permission type,
-instead you grant ordinary push permissions to the actual
-receiving reference. In practice this means that you set push permissions
-on `refs/for/refs/heads/<branch>` rather than permissions to upload changes
-on `refs/heads/<branch>`.
-
[[global_capabilities]]
Global Capabilities
@@ -1186,6 +1173,7 @@
either link:cmd-create-project.html[create new git projects via ssh]
or via the web UI.
+
[[capability_emailReviewers]]
Email Reviewers
~~~~~~~~~~~~~~~
@@ -1196,6 +1184,7 @@
emailed. The allow rules are evaluated before deny rules, however the default
is to allow emailing, if no explicit rule is matched.
+
[[capability_flushCaches]]
Flush Caches
~~~~~~~~~~~~
diff --git a/Documentation/config-labels.txt b/Documentation/config-labels.txt
index bd3b116..9d7c469 100644
--- a/Documentation/config-labels.txt
+++ b/Documentation/config-labels.txt
@@ -4,9 +4,9 @@
As part of the code review process, reviewers score each change with
values for each label configured for the project. The label values that
a given user is allowed to set are defined according to the
-link:access-control.html#access_labels[access controls]. Gerrit comes
-pre-configured with the Code-Review label that can be granted to groups
-within projects, enabling functionality for that group's members.
+link:access-control.html#category_review_labels[access controls]. Gerrit
+comes pre-configured with the Code-Review label that can be granted to
+groups within projects, enabling functionality for that group's members.
[[label_Code-Review]]