Do not evaluate ${username} and ${shardeduserid} in LabelTypes
Gerrit does ref pattern matching for any refs configured in
project.config. This includes username and shardeduserid. While that
makes sense for access control, it is confusing for labels.
Consider the following case:
- Label is configured on refs/heads/sandbox/${username}/*
- User A creates a change on User B's ref refs/heads/sandbox/B
We usually evaluate these patterns to match the current user. That would
mean that we get different labels depending on if user A or user B looks
at the change.
Alternatively, we could also evaluate the ref using the change owner,
but that would be wrong in the example as well.
This commit removes the option to have these magic operators in label
specs. Users who need this can use a wildcard instead.
Sandbox branches are rarely used and user-ref patterns in labels are also
not used very frequently. In fact, the way that Gerrit currently behaves
is not easy to understand I would doubt that people use user-ref
patterns on labels productively.
Change-Id: I8284a1b35edd0c108ce2e3a471993c1ead897b83
diff --git a/Documentation/config-labels.txt b/Documentation/config-labels.txt
index cf78c6d..3db621d 100644
--- a/Documentation/config-labels.txt
+++ b/Documentation/config-labels.txt
@@ -368,6 +368,9 @@
ignored if the label doesn't apply for that branch.
Additionally, the `branch` modifier has no effect when the submit rule
is customized in the rules.pl of the project or inherited from parent projects.
+Branch can be a ref pattern similar to what is documented
+link:access-control.html#reference[here], but must not contain `${username}` or
+`${shardeduserid}`.
[[label_example]]
=== Example
