| commit | b6955d1057fd9ae0fe5e2c8f1c97455651641404 | [log] [tgz] |
|---|---|---|
| author | Edwin Kempin <ekempin@google.com> | Tue Aug 13 12:44:03 2024 +0000 |
| committer | Edwin Kempin <ekempin@google.com> | Wed Aug 14 14:24:00 2024 +0000 |
| tree | 271cf9fa680fc52a7cf20bcc9c83ba6027c59151 | |
| parent | dd0e1b86d37f009d15c628f2c196e7a61e6fee19 [diff] |
Distinguish btw. messages that can be shown to all users vs. admins only Calling the CheckCodeOwner REST endpoint requires the caller to be an admin (have the 'Administrate Server' capability or the 'Check Code Owner Capability'). Due to this normal users cannot debug issues with OWNERS files on their own, but have to file tickets to find someone that calls the REST endpoint and explains them the result. To reduce the ticket load we intend to offer the CheckCodeOwner REST endpoint as a self-service that every user can invoke. For this we must hide all debug messages that contain information that requires admin permissions. As a first step towards offering the CheckCodeOwner REST endpoint as a self service we distinguish between messages that can be shown to any calling user and messages that must only be shown to admin users: * Most messages can be shown to the calling user (e.g. they contain information about the code owner config files that they can access through other APIs). * Messages that explain why a code owner email is not resolvable reveal information about whether an email exists or not and hence can be shown only to admins (e.g. we must not reveal whether a non-visible secondary email exists). Instead of the detailed message, for normal users we just show a generic message that the email cannot be resolved because it doesn't exist or because it is not visible. * Messages that explain what another user can see must only be shown to admins (when we offer the CheckCodeOwner REST endpoint as a self service we will not allow to specify a user for whom the evalution should be done, so these message will never be triggered for normal users, but to be safe we suppress them). On API level there is no change yet: Since for now debug messages are only returned for admins we always return the admin messages. Bug: Google b/345161989 Change-Id: Ib28802d38dc637dde82919f17b25014a174dbafc Signed-off-by: Edwin Kempin <ekempin@google.com>
This plugin provides support for defining code owners for files in a repository.
If the code-owners plugin is enabled, changes can only be submitted if all touched files are covered by approvals from code owners.
For a detailed description of the plugin functionality please refer to the plugin documentation.
IMPORTANT: Before installing/enabling the plugin follow the instructions from the setup guide.
NOTE: The plugin documentation only renders correctly when the plugin is installed in Gerrit and the documentation is accessed via https:///plugins/code-owners/Documentation/index.html. If you want to read the documentation before installing the plugin, you can find it properly rendered here.
From the root of the gerrit repository.
bazel test //plugins/code-owners/web:karma_test
For testing the plugin with the Gerrit FE Dev Helper the command below builds
bazel build //plugins/code-owners/web:code-owners
ln -s bazel-bin/plugins/code-owners/web/code-owners.js polygerrit-ui/app/plugins/
and let the Dev Helper redirect from .+/plugins/code-owners/static/code-owners.js to http://localhost:8081/plugins/code-owners.js.