commit c56f72b09f1a7f20da2920fae134f76902d2fd76
author Bruce Zu <bruce.zu@sonymobile.com> Thu Aug 28 17:21:39 2014 +0800
committer Edwin Kempin <edwin.kempin@sap.com> Thu Sep 11 12:41:18 2014 +0200
tree 3645190470a9f5508b319bb2685ca547b2825c15
parent 0b58982a179b5cbb29be7aa81005658c2d2f3ff7

Fix: permission on user specific reference name cannot work

In ExpandParameters.match() the parameter 'ref' may also contain
"${username}", e.g. in ProjectControl.canPerformOnAnyRef() the call
on controlForRef() puts in a access section name, in this case 'ref'
also need evaluation before doing next match, else it will not be
matched and that section is skipped in preparing RefControl.relevant,
as a result when a user has PUSH power *only* on that section, Gerrit
will reject any upload request from this user.

Fixed. evaluate any per-user ref in ExpandParameters.match().

Change-Id: I42c8e15d147eb4ad031b929cf51ccfc1e17a16e3

gerrit-server/src/main/java/com/google/gerrit/server/project/RefPatternMatcher.java

diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefPatternMatcher.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefPatternMatcher.java
index dcf6841..d882e0d 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/RefPatternMatcher.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/RefPatternMatcher.java
@@ -110,13 +110,24 @@
         u = username;
       }
 
-      RefPatternMatcher next =
-          getMatcher(template.replace(Collections.singletonMap("username", u)));
-      return next != null && next.match(ref, username);
+      RefPatternMatcher next = getMatcher(expand(template, u));
+      return next != null ? next.match(expand(ref, u), username) : false;
     }
 
     boolean matchPrefix(String ref) {
       return ref.startsWith(prefix);
     }
+
+    private String expand(String parameterizedRef, String userName) {
+      if (parameterizedRef.contains("${")) {
+        return expand(new ParameterizedString(parameterizedRef), userName);
+      }
+      return parameterizedRef;
+    }
+
+    private String expand(ParameterizedString parameterizedRef, String userName) {
+      return parameterizedRef.replace(Collections.singletonMap("username",
+          userName));
+    }
   }
 }

gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java

diff --git a/gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java b/gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java
index 54765ac..74156dd 100644
--- a/gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java
+++ b/gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java
@@ -256,6 +256,13 @@
   }
 
   @Test
+  public void testUsernamePatternCanUploadToAnyRef() {
+    grant(local, PUSH, REGISTERED_USERS, "refs/heads/users/${username}/*");
+    ProjectControl u = util.user(local, "a-registered-user");
+    assertTrue("can upload", u.canPushToAtLeastOneRef() == Capable.OK);
+  }
+
+  @Test
   public void testUsernamePatternNonRegex() {
     grant(local, READ, DEVS, "refs/sb/${username}/heads/*");