commit | ec36cba6080bac72790c7875c36f5b86fc55372c | [log] [tgz] |
---|---|---|
author | Kamil Musin <kamilm@google.com> | Wed Jul 24 15:32:36 2024 +0200 |
committer | Kamil Musin <kamilm@google.com> | Thu Jul 25 12:55:52 2024 +0200 |
tree | 734b54a9ee374c41e2dd706a736ac34d768917c8 | |
parent | f94a1643f8b2676a774d9de87071dccdea82a74f [diff] |
Fix onBehalfOf behaviour of Submit When submitting changes using onBehalfOf only permission of the user triggering the Submit need to be considered. With an Ic6dbda6de that logic got broken, it was no longer possible to submit changes on behalf of another user, if that user didn't have the SUBMIT permission themselves. This change fixes this issue by using IdentifiedUser.getRealUser() in MergeOp where appropriate based on the situation. Additionally as part of this change we address the pre-existing issue, where the SUBMIT_AS permission for active user and READ permission for on-behalf-of user would only be checked for the triggering change and not for all changes in the Submission. This lead to potential cases of submitting changes as part of the topic that they would otherwise lack permissions to submit. The extra checks for the "current change" in Submit.java are kept, to allow the possibility of an early exit, as construction of the full Set of changes to be submitted together is an expensive task. By using real user and on-behalf-of user in MergeOp we are able to address another issue, where only READ permission of the on-behalf-of user were considered when constructing Merge Set. With this change we use real user's permission for constructing the Merge Set, but also validate on-behalf-of READ permissions as well once it's constructed. We also fix the permission check in ProjectConfigValidator, where on-behalf-of user would be previously checked instead of the real user performing the Submit. Also added some class docstrings for some of the classes, that I ran across during investigation. Release-Notes: skip Google-Bug-Id: b/351138952 Change-Id: Ib126d5fb75ab46620e302d35aa4a75699739732c
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Bazel and run the following:
git clone --recurse-submodules https://gerrit.googlesource.com/gerrit cd gerrit && bazel build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update && apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
On Fedora run:
dnf clean all && dnf install gerrit-<version>[-<release>]
Docker images of Gerrit are available on DockerHub
To run a CentOS 8 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-centos8
To run a Ubuntu 20.04 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-ubuntu20
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.