gerrit 2.1.3-rc0
Simplify reference level access control.

The initial implementation of reference level access control only
supports a corner case, that of "locking down" access for a specific

Upon further discussion, we've decided that this is not the more
general need. Most Gerrit configurations prefer to have a more "open"
access model, where access rights on a reference specified with a
wildcard, such as "refs/heads/*" aren't overridden by a more specific
access right. So this change makes the default behavior to evaluate
all rights, including the wild card ones.

However, in order to accomodate the corner case we were supporting
before, this change also introduces a new way to specify exclusive
reference level access rights. All access rights that start with the
'-' prefix are considered exclusive, and will prevent all wild card
rights from being considered.

Change-Id: I629f5439967b2141e46098614fadb25ff28e5f45
14 files changed