Remove PermissionBackend#user(Provider<CurrentUser>)

Browse Source

Checking permissions of users that aren't the caller on the current request
can have implications on the security of the system. The most prominent
one is creating a group-oracle.

To limit the cases where we could potentially expose Gerrit to these
threats, PermissionBackend removes the method that was operating solely
on the provider of the current user.

Change-Id: I601ea1200a15a5f262ca0770b23cc1c7bee126b1

...

This commit is contained in:

Patrick Hiesel

2018-02-20 12:19:33 +01:00

parent 659ea71969

commit 4bdef6c030

78 changed files with 124 additions and 245 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

2

plugins/replication

Submodule plugins/replication updated: d8f5bcec21...9a24a2368a