6be659b085e48523f273ad1e2f9d67868a48bed5 - plugins/pull-replication

commit	6be659b085e48523f273ad1e2f9d67868a48bed5	[log] [tgz]
author	Álvaro Vilaplana García <alvaro.vilaplana@gmail.com>	Wed Oct 05 14:00:11 2022 +0000
committer	Alvaro Vilaplana Garcia <alvaro.vilaplana@gmail.com>	Mon Oct 10 20:27:37 2022 +0100
tree	ad6fc7150aa008fc32a2d3e969ec4b6eb18517d7
parent	b7c58020a6fc71e16daebae749d5b536c05fe26f [diff]

Remove authorisation from PullReplicationFilter

Assuming that the caller of the pull-replication APIs
is an identified user is not something that the filter
should do: Gerrit has already authentication defined
in its filters and we should rely on them.

Without the check of identified user, the pul-replication
must trust internal users to call its own APIs, therefore
add the condition of being an internal user in the ACL
evaluation.

Bug: Issue 16298
Change-Id: I5660b08fe1f8abeceefbc454b3fd7da6600e67ee

src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/FetchPreconditions.java[diff]
src/main/java/com/googlesource/gerrit/plugins/replication/pull/api/PullReplicationFilter.java[diff]
src/test/java/com/googlesource/gerrit/plugins/replication/pull/api/ApplyObjectActionIT.java[diff]
src/test/java/com/googlesource/gerrit/plugins/replication/pull/api/FetchActionIT.java[diff]
src/test/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectDeletionActionIT.java[diff]
src/test/java/com/googlesource/gerrit/plugins/replication/pull/api/ProjectInitializationActionIT.java[diff]
src/test/java/com/googlesource/gerrit/plugins/replication/pull/api/PullReplicationFilterTest.java[diff]

7 files changed

tree: ad6fc7150aa008fc32a2d3e969ec4b6eb18517d7

src/
BUILD
Jenkinsfile
LICENSE