commit | f1598c54311460db7632d06cc855b8a18bbcf494 | [log] [tgz] |
---|---|---|
author | Edwin Kempin <ekempin@google.com> | Mon Apr 15 10:12:56 2024 +0000 |
committer | Edwin Kempin <ekempin@google.com> | Tue Apr 16 09:06:31 2024 +0000 |
tree | ebf9fbbd7256a0e329f39bd867d090a0ce69a227 | |
parent | a356b05807119733e392e94b29fe1304d15895e9 [diff] |
Disallow removing votes from merged changes by removing reviewers Once a change has been merged it should be no longer possible to remove/reduce approvals of the change as this could remove approvals that were necessary for the submission and it's confusing to see a merged change which doesn't have the necessary approvals to fulfill the submit requirements. E.g. this is why PostReview doesn't allow to remove/reduce votes (see PostReviewOp#validatePostSubmitLabels). Hence it's a bug that having the 'Remove Reviewer' permission allows users to remove approvals from merged changes. If approvals are removed from a change after it has been merged we can have the following inconsistencies: * the change is shown as merged with fulfilled submit requirements but without any votes which is confusing to users, note that the submit requirements are still shown as fulfilled because the submit requirement results are persisted in NoteDb when the change is submitted * tools that analyse merged changes may get confused if there are merged changes without approvals * the submitter is recorded by an approval on the magic SUBM label which can be lost when the submitter is removed from the reviewers of the change RemoveReviewerControl intended to prevent removing reviewers that have non-zero votes on merged changes (see check in canRemoveReviewerWithoutPermissionCheck) but failed to do so because having the "Remove Reviewer" permission bypassed this in testRemoveReview/checkRemoveReviewer). In addition ChangeJson wrongly assumed that having the "Remove Reviewer" permission is sufficient to remove any vote, even on merged changes and it also doesn't take the magic SUBM approval into account (removableReviewers only iterated over the labels that are returned to the caller where the SUBM approval had been filtered out, although the presence of the SUBM approval still makes the submitter a reviewer). Not needing to check whether approvals with non-zero votes can be removed for merged changes can also improve the latency for change queries that return merged changes, since the "Get removable reviewers" is not as a reason for change quries to be slow. Release-Notes: Disallowed removing votes from merged changes by removing reviewers Bug: Google b/334796368 Bug: Google b/335095952 Change-Id: Ia8edde3652c93251902cdafa8aba3f57b8e0915b Signed-off-by: Edwin Kempin <ekempin@google.com>
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Bazel and run the following:
git clone --recurse-submodules https://gerrit.googlesource.com/gerrit cd gerrit && bazel build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update && apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
On Fedora run:
dnf clean all && dnf install gerrit-<version>[-<release>]
Docker images of Gerrit are available on DockerHub
To run a CentOS 8 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-centos8
To run a Ubuntu 20.04 based Gerrit image:
docker run -p 8080:8080 gerritcodereview/gerrit[:version]-ubuntu20
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.