Google Git
Sign in
gerrit / gerrit / 843032f2f9287e1df75bee1b72fce6b498eba4a7
commit843032f2f9287e1df75bee1b72fce6b498eba4a7[log] [tgz]
authorEdwin Kempin <edwin.kempin@sap.com>Tue Nov 29 07:56:08 2011 +0100
committerShawn O. Pearce <sop@google.com>Sat Jun 16 11:03:18 2012 -0700
tree7e43e09800afc3d53585bcbdb0b4733effe96cfe
parent23bb0df05c437fe91acb980868870c50d17cb0ab [diff]
Ensure that only administrators can change the global capabilities

Only Gerrit server administrators (members of the groups that have
the 'administrateServer' capability) should be able to edit the
global capabilities because being able to edit the global capabilities
means being able to assign the 'administrateServer' capability.

Because of this we disallow on the AllProjects project to assign
1. the 'owner' access rights on 'refs/*'
Project owners (members of groups to which the 'owner' access right
is assigned) are able to edit the access control list of the projects
they own. Hence being owner of the AllProjects project would allow to
edit the global capabilities and assign the 'administrateServer'
capabilitiy without being Gerrit administrator.

In earlier Gerrit versions (2.1.x) it was already implemented like
this but the corresponding checks got lost.

2. the 'push' access right on 'refs/meta/config'
Being able to push configuration changes to the AllProjects project
allows to edit the global capabilities and hence a user with this
access right could assign the 'administrateServer' capability without
being Gerrit administrator.

This change ensures that from the Gerrit WebUI (ProjectAccessScreen) it
is not possible to assign on the AllProjects project the 'owner' access
right on 'refs/*' and the 'push' access right on 'refs/meta/config'.

In addition this change ensures that an 'owner' access right that is
assigned for 'refs/*' on the AllProjects project has no effect and that
only Gerrit administrators with the 'push' access right can push
configuration changes to the AllProjects project.

It is still possible to assign both access rights ('owner' on 'refs/*'
and 'push' on 'refs/meta/config') on the AllProjects project by directly
editing its 'project.config' file and pushing to 'refs/meta/config'.
To fix this it would be needed to reject assigning these access rights
on the AllProjects project as invalid configuration, however doing this
would mean to break existing configurations of the AllProjects project
that assign these access rights. At the moment there is no migration
framework in place that would allow to migrate 'project.config' files.
Hence this check is currently not done and these access rights in this
case have simply no effect.

Change-Id: Icbee947742a0bc0cf0a26cad0df3e37ad2713be4
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
5 files changed
tree: 7e43e09800afc3d53585bcbdb0b4733effe96cfe
  1. contrib/
  2. Documentation/
  3. gerrit-antlr/
  4. gerrit-cache-h2/
  5. gerrit-common/
  6. gerrit-extension-api/
  7. gerrit-gwtdebug/
  8. gerrit-gwtui/
  9. gerrit-httpd/
  10. gerrit-launcher/
  11. gerrit-main/
  12. gerrit-openid/
  13. gerrit-patch-commonsnet/
  14. gerrit-patch-jgit/
  15. gerrit-pgm/
  16. gerrit-plugin-api/
  17. gerrit-plugin-archetype/
  18. gerrit-prettify/
  19. gerrit-reviewdb/
  20. gerrit-server/
  21. gerrit-sshd/
  22. gerrit-util-cli/
  23. gerrit-util-ssl/
  24. gerrit-war/
  25. ReleaseNotes/
  26. tools/
  27. .gitignore
  28. COPYING
  29. INSTALL
  30. pom.xml
  31. SUBMITTING_PATCHES