Grant the InternalUser back access to changes
The refactoring of the changes visibility in v2.16 had accidentally broken the super-powers given to the InternalUser to access all changes in read-only, including querying changes. InternalUser is the base class of the PluginUser, hence the breakage impacted the ability for plugins to query changes using its internal identity. Consider the InternalUser as an exceptional case for granting read only visibility and give back the ability to read any change, regardless of current user. Add the missing use-case to the change query visibility tests so that InternalUser won't risk to break anymore in the future. Bug: Issue 12747 Change-Id: Ic6901eb2561ec15eb51aa98decbfc99eaa939f0a
This commit is contained in:
Luca Milanesio
@@ -21,6 +21,7 @@ import com.google.gerrit.reviewdb.client.Change;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.AnonymousUser;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.InternalUser;
|
||||
import com.google.gerrit.server.index.IndexUtils;
|
||||
import com.google.gerrit.server.notedb.ChangeNotes;
|
||||
import com.google.gerrit.server.permissions.ChangePermission;
|
||||
@@ -91,7 +92,7 @@ public class ChangeIsVisibleToPredicate extends IsVisibleToPredicate<ChangeData>
|
||||
? permissionBackend.absentUser(user.getAccountId())
|
||||
: permissionBackend.user(
|
||||
Optional.of(user)
|
||||
.filter(u -> u instanceof SingleGroupUser)
|
||||
.filter(u -> u instanceof SingleGroupUser || u instanceof InternalUser)
|
||||
.orElseGet(anonymousUserProvider::get));
|
||||
try {
|
||||
withUser.indexedChange(cd, notes).database(db).check(ChangePermission.READ);
|
||||
|
||||
Reference in New Issue
Block a user