)]}'
{
  "commit": "00a30a88f2369e3a11931d218b15744c483a14a8",
  "tree": "4d68117591424be28a85c5971af27b23dce7b4a3",
  "parents": [
    "004bac3c1183ef2f47f7d0c90fafafdc7aefcf52"
  ],
  "author": {
    "name": "Edwin Kempin",
    "email": "ekempin@google.com",
    "time": "Tue Sep 10 12:56:29 2024 +0000"
  },
  "committer": {
    "name": "Edwin Kempin",
    "email": "ekempin@google.com",
    "time": "Tue Sep 10 13:09:36 2024 +0000"
  },
  "message": "Check permissions of uploader when validating imports on submit\n\nWe do validate code owner config files on upload. One validation that is\nperformed for imports is that the project/branch of the imported code\nowner config is visible to the uploader.\n\nIt\u0027s possible that this project/branch is not visible to everyone. By\nreferring to another project/branch in a code owner config file the\nuploader reveals the existence of the project/branch to everyone who can\nsee the code owner config file.\n\nIf enabled, the validation of code owner config files is also done on\nsubmit. At this point it\u0027s intended to do the exact same validation as\non upload. In particular this means that all visibility checks should be\ndone from the perspective of the uploader (and not for the submitter)\n[1].\n\nWe already did the visibility checks for the code owners for the\nuploader, but wrongly checked the visibility of projects/branches from\nwhich code owner config files are imported for the submitter. This\nchange fixes this so that visibility checks for projects/branches from\nwhich code owner config files are imported are also done for the\nuploader.\n\n[1] https://gerrit-review.googlesource.com/plugins/code-owners/Documentation/validation.html#:~:text\u003dIf%20enabled%2C%20on%20submit%20we%20repeat%20the%20exact%20same%20validation%20that%20was%20done%20on%20upload.%20This%20means%2C%20all%20visibility%20checks%20will%20be%20done%20from%20the%20perspective%20of%20the%20uploader.\n\nBug: Google b/365550280\nChange-Id: I6b1cc65f90f1fce1d9fb2930d40103390b6d10f0\nSigned-off-by: Edwin Kempin \u003cekempin@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "858b1a253a8f8b859f1da47a6894a43b680e9f79",
      "old_mode": 33188,
      "old_path": "java/com/google/gerrit/plugins/codeowners/validation/CodeOwnerConfigValidator.java",
      "new_id": "84115680368d97a0cb74bf7156d0f495144602a4",
      "new_mode": 33188,
      "new_path": "java/com/google/gerrit/plugins/codeowners/validation/CodeOwnerConfigValidator.java"
    },
    {
      "type": "modify",
      "old_id": "0198cc42c95ca55a22c164354cd2ff960bf3135a",
      "old_mode": 33188,
      "old_path": "javatests/com/google/gerrit/plugins/codeowners/acceptance/api/CodeOwnerConfigValidatorIT.java",
      "new_id": "4c1b82368fd97b5facdcf46aaa82d3f02cac1e2b",
      "new_mode": 33188,
      "new_path": "javatests/com/google/gerrit/plugins/codeowners/acceptance/api/CodeOwnerConfigValidatorIT.java"
    }
  ]
}