Merge "Fix temporary file creation and cleanup during testing"
diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt
index 73072a7..4dc1acb6 100644
--- a/Documentation/access-control.txt
+++ b/Documentation/access-control.txt
@@ -15,6 +15,7 @@
 in the `system_config` table within the database, so the groups
 can be renamed after installation if desired.
 
+
 [[administrators]]
 Administrators
 ~~~~~~~~~~~~~~
@@ -33,6 +34,7 @@
 to permit administrative users to otherwise access Gerrit as any
 other normal user would, without needing two different accounts.
 
+
 [[anonymous_users]]
 Anonymous Users
 ~~~~~~~~~~~~~~~
@@ -48,6 +50,7 @@
 to grant `Read` access to this group as Gerrit requires an account
 identity for all other operations.
 
+
 [[non-interactive_users]]
 Non-Interactive Users
 ~~~~~~~~~~~~~~~~~~~~~
@@ -63,6 +66,7 @@
 users. This ensures that the interactive users can keep working when
 resources are tight.
 
+
 [[project_owners]]
 Project Owners
 ~~~~~~~~~~~~~~
@@ -80,6 +84,7 @@
 avoid the need to initially configure access rights for
 newly created child projects.
 
+
 [[registered_users]]
 Registered Users
 ~~~~~~~~~~~~~~~~
@@ -134,6 +139,7 @@
 members of `Foo` have submit rights on a project, and the members of
 `Foo-admin` typically do not need to have such rights.
 
+
 [[ldap_groups]]
 LDAP Groups
 -----------
@@ -255,6 +261,7 @@
 |Foo Leads       |refs/heads/qa |Code-Review| -2..+2 |
 |==============================================================
 
+
 OpenID Authentication
 ~~~~~~~~~~~~~~~~~~~~~
 
@@ -264,6 +271,7 @@
 of its OpenID identities match one or more of the patterns listed
 in the `auth.trustedOpenID` list from `gerrit.config`.
 
+
 All Projects
 ~~~~~~~~~~~~
 
@@ -283,6 +291,7 @@
 `Administrators` does, as group members would be able to alter
 permissions for every managed project including global capabilities.
 
+
 Per-Project
 ~~~~~~~~~~~
 
@@ -394,23 +403,13 @@
 draft patch sets of a change into public patch sets for review.
 
 
-[[access_labels]]
-Review Labels
--------------
+[[access_categories]]
+Access Categories
+-----------------
 
-For every configured label `My-Name` in the project, there is a
-corresponding permission `label-My-Name` with a range corresponding to
-the defined values.
+Gerrit has several permission categories that can be granted to groups
+within projects, enabling functionality for that group's members.
 
-Gerrit comes pre-configured with several default labels that can be
-granted to groups within projects, enabling functionality for that
-group's members. link:config-labels.html[Custom labels] may also be
-defined globally or on a per-project basis.
-
-With the release of the Gerrit 2.2.x series, the web GUI for ACL
-configuration was rewritten from scratch.  Use this
-<<conversion_table,table>> to better understand the access rights
-conversions from the Gerrit 2.1.x to the Gerrit 2.2.x series.
 
 [[category_abandon]]
 Abandon
@@ -423,6 +422,7 @@
 This also grants the permission to restore a change if the change
 can be uploaded.
 
+
 [[category_create]]
 Create reference
 ~~~~~~~~~~~~~~~~
@@ -615,6 +615,7 @@
 the intention of the `Push Merge Commit` entry is to allow direct pushes
 of merge commits.
 
+
 [[category_push_annotated]]
 Push Annotated Tag
 ~~~~~~~~~~~~~~~~~~
@@ -724,6 +725,7 @@
 can still do the rebase locally and upload the rebased commit as a new
 patch set.
 
+
 [[category_remove_reviewer]]
 Remove Reviewer
 ~~~~~~~~~~~~~~~
@@ -739,6 +741,20 @@
 reviewer list on a change.
 
 
+[[category_review_labels]]
+Review Labels
+~~~~~~~~~~~~~
+
+For every configured label `My-Name` in the project, there is a
+corresponding permission `label-My-Name` with a range corresponding to
+the defined values.
+
+Gerrit comes pre-configured with a default 'Code-Review' label that can
+be granted to groups within projects, enabling functionality for that
+group's members. link:config-labels.html[Custom labels] may also be
+defined globally or on a per-project basis.
+
+
 [[category_submit]]
 Submit
 ~~~~~~
@@ -813,6 +829,7 @@
 general guidelines for a typical way to set up your project on a
 brand new Gerrit instance.
 
+
 [[examples_contributor]]
 Contributor
 ~~~~~~~~~~~
@@ -956,6 +973,7 @@
 
 * <<category_owner,`Owner`>> in the gits they mostly work with.
 
+
 [[examples_administrator]]
 Administrator
 ~~~~~~~~~~~~~
@@ -973,6 +991,7 @@
 
 * <<examples_project-owner,Project owner rights>>
 
+
 Enforcing site wide access policies
 -----------------------------------
 
@@ -997,6 +1016,7 @@
 * Project owners can manage access rights of their projects without a danger
   of violating a site wide policy
 
+
 [[block]]
 'BLOCK' access rule
 ~~~~~~~~~~~~~~~~~~~
@@ -1045,6 +1065,7 @@
 different access section of the same project or in any access section in an
 inheriting project cannot override a 'BLOCK' rule.
 
+
 Examples
 ~~~~~~~~
 
@@ -1074,6 +1095,7 @@
     pushTag = group Project Owners
 ====
 
+
 Let only a dedicated group vote in a special category
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -1091,41 +1113,6 @@
     label-Release-Process = -1..+1 group Release Engineers
 ====
 
-[[conversion_table]]
-Conversion table from 2.1.x series to 2.2.x series
---------------------------------------------------
-
-[options="header"]
-|=================================================================================
-|Gerrit 2.1.x                 |Gerrit 2.2.x
-|Code review                  |link:config-labels.html#label_Code-Review[Label: Code-Review]
-|Verify                       |link:config-labels.html#label_Verified[Label: Verify]
-|Forge Identity +1            |Forge <<category_forge_author,author>> identity
-|Forge Identity +2            |Forge <<category_forge_committer,committer>> & <<category_forge_author,author>> identity
-|Forge Identity +3            |Forge <<category_forge_server,server>> & <<category_forge_committer,committer>> & <<category_forge_author,author>> identity
-|Owner                        |<<category_owner,Owner>>
-|Push branch +1               |<<category_push_direct,Push>>
-|Push branch +2               |<<category_create,Create reference>> & <<category_push_direct,Push>>
-|Push branch +3               |<<category_push_direct,Push>> (with force) & <<category_create,Create reference>>
-|Push tag +1 & Push Branch +2 |No support to limit to push signed tag
-|Push tag +2 & Push Branch +2 |<<category_push_annotated,Push annotated tag>>
-|Push Branch +2 (refs/tags/*) |<<category_create,Create reference>> (refs/tags/...)
-|Push Branch +3 (refs/tags/*) |<<category_push_direct,Push>> (with force on refs/tags/...)
-|Read +1                      |<<category_read,Read>>
-|Read +2                      |<<category_read,Read>> & <<category_push_review,Push>> (refs/for/refs/...)
-|Read +3                      |<<category_read,Read>> & <<category_push_review,Push>> (refs/for/refs/...) & <<category_push_merge,Push Merge Commit>>
-|Submit                       |<<category_submit,Submit>>
-|=================================================================================
-
-
-[NOTE]
-In Gerrit 2.2.x, the way to set permissions for upload has changed entirely.
-To upload a change for review is no longer a separate permission type,
-instead you grant ordinary push permissions to the actual
-receiving reference. In practice this means that you set push permissions
-on `refs/for/refs/heads/<branch>` rather than permissions to upload changes
-on `refs/heads/<branch>`.
-
 
 [[global_capabilities]]
 Global Capabilities
@@ -1186,6 +1173,7 @@
 either link:cmd-create-project.html[create new git projects via ssh]
 or via the web UI.
 
+
 [[capability_emailReviewers]]
 Email Reviewers
 ~~~~~~~~~~~~~~~
@@ -1196,6 +1184,7 @@
 emailed.  The allow rules are evaluated before deny rules, however the default
 is to allow emailing, if no explicit rule is matched.
 
+
 [[capability_flushCaches]]
 Flush Caches
 ~~~~~~~~~~~~
diff --git a/Documentation/config-labels.txt b/Documentation/config-labels.txt
index bd3b116..9d7c469 100644
--- a/Documentation/config-labels.txt
+++ b/Documentation/config-labels.txt
@@ -4,9 +4,9 @@
 As part of the code review process, reviewers score each change with
 values for each label configured for the project.  The label values that
 a given user is allowed to set are defined according to the
-link:access-control.html#access_labels[access controls].  Gerrit comes
-pre-configured with the Code-Review label that can be granted to groups
-within projects, enabling functionality for that group's members.
+link:access-control.html#category_review_labels[access controls].  Gerrit
+comes pre-configured with the Code-Review label that can be granted to
+groups within projects, enabling functionality for that group's members.
 
 
 [[label_Code-Review]]