Remove authorisation from ProjectInitializationAction Assuming that the caller of the pull-replication APIs is an identified user is not something that the ProjectInitializationAction servlet should do: Gerrit has already authentication defined in its filters and we should rely on them. Without the check of identified user, the pull-replication must trust internal users to call its own APIs, therefore add the condition of being an internal user in the ACL evaluation. Bug: Issue 16327 Change-Id: Iee192dfb74b45ef4fbb18aad0eaf20e774d6bb5e
diff --git a/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectInitializationAction.java b/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectInitializationAction.java index 63d32c4..c1174c9 100644 --- a/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectInitializationAction.java +++ b/src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectInitializationAction.java
@@ -14,7 +14,6 @@ package com.googlesource.gerrit.plugins.replication.pull.api; -import static com.googlesource.gerrit.plugins.replication.pull.api.FetchApiCapability.CALL_FETCH_ACTION; import static com.googlesource.gerrit.plugins.replication.pull.api.HttpServletOps.checkAcceptHeader; import static com.googlesource.gerrit.plugins.replication.pull.api.HttpServletOps.setResponse; @@ -70,17 +69,8 @@ return; } - if (!userProvider.get().isIdentifiedUser()) { - setResponse( - httpServletResponse, - HttpServletResponse.SC_UNAUTHORIZED, - "Unauthorized user. '" + CALL_FETCH_ACTION + "' capability needed."); - return; - } - String path = httpServletRequest.getRequestURI(); String projectName = Url.decode(path.substring(path.lastIndexOf('/') + 1)); - try { if (initProject(projectName)) { setResponse(