Google Git
Sign in
gerrit / gerrit / c4c51feff46bde3d0f4f395f860d7f8188fe4c67
commitc4c51feff46bde3d0f4f395f860d7f8188fe4c67[log] [tgz]
authorNico Sallembien <nsallembien@google.com>Fri Mar 12 10:31:08 2010 -0800
committerShawn O. Pearce <sop@google.com>Tue Apr 20 19:26:53 2010 -0700
tree5fc85120ebcf8b7e038d8baffbca1eb4e0d360bd
parentee1ad9b60479e88e057d72b5466897b0e856cf00 [diff]
Access control for branch reads

Enable ref level READ +1 access control, so permissions can be
fine-grained down to the branch level within the same project.

There are two parts to this change:

 - Filter the branches that the user can see in Upload and
   ReceiveCommits using the new RefFilter interface in JGit.
   This prevents a user from fetching something they are not
   allowed to read.

 - Ensure that any object created by the user only points to
   objects they can already reach.  This prevents the user
   from being able to discover objects they can't read by
   uploading a change that points at them.

Change-Id: I55a1811694e8f568e3404f625c5f0a8bf7000cac
17 files changed
tree: 5fc85120ebcf8b7e038d8baffbca1eb4e0d360bd
  1. contrib/
  2. Documentation/
  3. gerrit-common/
  4. gerrit-gwtdebug/
  5. gerrit-gwtui/
  6. gerrit-httpd/
  7. gerrit-launcher/
  8. gerrit-main/
  9. gerrit-patch-commonsnet/
  10. gerrit-patch-jgit/
  11. gerrit-pgm/
  12. gerrit-prettify/
  13. gerrit-reviewdb/
  14. gerrit-server/
  15. gerrit-sshd/
  16. gerrit-util-cli/
  17. gerrit-util-ssl/
  18. gerrit-war/
  19. ReleaseNotes/
  20. tools/
  21. .gitignore
  22. COPYING
  23. INSTALL
  24. pom.xml
  25. SUBMITTING_PATCHES