Merge "ForRef#check should permit internal users to read all refs" into stable-3.0
diff --git a/java/com/google/gerrit/server/permissions/RefControl.java b/java/com/google/gerrit/server/permissions/RefControl.java
index 650c8ba..10ded3c 100644
--- a/java/com/google/gerrit/server/permissions/RefControl.java
+++ b/java/com/google/gerrit/server/permissions/RefControl.java
@@ -603,6 +603,10 @@
private boolean can(RefPermission perm) throws PermissionBackendException {
switch (perm) {
case READ:
+ /* Internal users such as plugin users should be able to read all refs. */
+ if (getUser().isInternalUser()) {
+ return true;
+ }
if (refName.startsWith(Constants.R_TAGS)) {
return isTagVisible();
}
diff --git a/javatests/com/google/gerrit/server/permissions/RefControlTest.java b/javatests/com/google/gerrit/server/permissions/RefControlTest.java
index 04b84b6..14fa01c 100644
--- a/javatests/com/google/gerrit/server/permissions/RefControlTest.java
+++ b/javatests/com/google/gerrit/server/permissions/RefControlTest.java
@@ -47,6 +47,7 @@
import com.google.gerrit.reviewdb.client.AccountGroup;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.InternalUser;
import com.google.gerrit.server.account.CapabilityCollection;
import com.google.gerrit.server.account.GroupMembership;
import com.google.gerrit.server.account.ListGroupMembership;
@@ -368,6 +369,11 @@
}
@Test
+ public void userRefIsVisibleForInternalUser() throws Exception {
+ internalUser(local).controlForRef("refs/users/default").asForRef().check(RefPermission.READ);
+ }
+
+ @Test
public void branchDelegation1() throws Exception {
allow(local, OWNER, ADMIN, "refs/*");
allow(local, OWNER, DEVS, "refs/heads/x/*");
@@ -1013,6 +1019,21 @@
return repo;
}
+ private ProjectControl internalUser(ProjectConfig local) throws Exception {
+ return new ProjectControl(
+ Collections.emptySet(),
+ Collections.emptySet(),
+ sectionSorter,
+ changeControlFactory,
+ permissionBackend,
+ refVisibilityControl,
+ repoManager,
+ refFilterFactory,
+ allUsersName,
+ new InternalUser(),
+ newProjectState(local));
+ }
+
private ProjectControl user(ProjectConfig local, AccountGroup.UUID... memberOf) {
return user(local, null, memberOf);
}