| commit | 00a30a88f2369e3a11931d218b15744c483a14a8 | [log] [tgz] |
|---|---|---|
| author | Edwin Kempin <ekempin@google.com> | Tue Sep 10 12:56:29 2024 +0000 |
| committer | Edwin Kempin <ekempin@google.com> | Tue Sep 10 13:09:36 2024 +0000 |
| tree | 4d68117591424be28a85c5971af27b23dce7b4a3 | |
| parent | 004bac3c1183ef2f47f7d0c90fafafdc7aefcf52 [diff] |
Check permissions of uploader when validating imports on submit We do validate code owner config files on upload. One validation that is performed for imports is that the project/branch of the imported code owner config is visible to the uploader. It's possible that this project/branch is not visible to everyone. By referring to another project/branch in a code owner config file the uploader reveals the existence of the project/branch to everyone who can see the code owner config file. If enabled, the validation of code owner config files is also done on submit. At this point it's intended to do the exact same validation as on upload. In particular this means that all visibility checks should be done from the perspective of the uploader (and not for the submitter) [1]. We already did the visibility checks for the code owners for the uploader, but wrongly checked the visibility of projects/branches from which code owner config files are imported for the submitter. This change fixes this so that visibility checks for projects/branches from which code owner config files are imported are also done for the uploader. [1] https://gerrit-review.googlesource.com/plugins/code-owners/Documentation/validation.html#:~:text=If%20enabled%2C%20on%20submit%20we%20repeat%20the%20exact%20same%20validation%20that%20was%20done%20on%20upload.%20This%20means%2C%20all%20visibility%20checks%20will%20be%20done%20from%20the%20perspective%20of%20the%20uploader. Bug: Google b/365550280 Change-Id: I6b1cc65f90f1fce1d9fb2930d40103390b6d10f0 Signed-off-by: Edwin Kempin <ekempin@google.com>
This plugin provides support for defining code owners for files in a repository.
If the code-owners plugin is enabled, changes can only be submitted if all touched files are covered by approvals from code owners.
For a detailed description of the plugin functionality please refer to the plugin documentation.
IMPORTANT: Before installing/enabling the plugin follow the instructions from the setup guide.
NOTE: The plugin documentation only renders correctly when the plugin is installed in Gerrit and the documentation is accessed via https:///plugins/code-owners/Documentation/index.html. If you want to read the documentation before installing the plugin, you can find it properly rendered here.
From the root of the gerrit repository.
bazel test //plugins/code-owners/web:karma_test
For testing the plugin with the Gerrit FE Dev Helper the command below builds
bazel build //plugins/code-owners/web:code-owners
ln -s bazel-bin/plugins/code-owners/web/code-owners.js polygerrit-ui/app/plugins/
and let the Dev Helper redirect from .+/plugins/code-owners/static/code-owners.js to http://localhost:8081/plugins/code-owners.js.