Remove authorisation from PullReplicationFilter
Assuming that the caller of the pull-replication APIs
is an identified user is not something that the filter
should do: Gerrit has already authentication defined
in its filters and we should rely on them.
Without the check of identified user, the pul-replication
must trust internal users to call its own APIs, therefore
add the condition of being an internal user in the ACL
evaluation.
Bug: Issue 16298
Change-Id: I5660b08fe1f8abeceefbc454b3fd7da6600e67ee
7 files changed