Require branch deletion permission for pushes over HTTP

Since smart HTTP can perform a branch deletion over HTTP requests, we need to disambiguate web requests from the web UI from HTTP requests coming from a git client tool such as git push. Moving all git commands into the AccessPath.GIT category and making a different category for the web UI allows us to tell these apart, so we can correctly require delete branch permission when removing a branch through a git command. This is a safety feature to prevent project owners from accidentally creating or deleting branches over git push, even though they can do this through the web UI without additional access controls. Bug: issue 393 Change-Id: I14cc68e31f5263913f5d9715a8f2241b5766bf23 Signed-off-by: Shawn O. Pearce <sop@google.com> Reviewed-by: Nico Sallembien <nsallembien@google.com>
2010-01-29 10:29:38 -08:00
parent f6a13f4eed
commit 53b0e7ffb5
9 changed files with 89 additions and 22 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/AccessPath.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/AccessPath.java
@@ -19,11 +19,14 @@ public enum AccessPath {
  /** An unknown access path, probably should not be special. */
  UNKNOWN,

-  /** Access through the web interface. */
-  WEB,
+  /** Access through the web UI. */
+  WEB_UI,

-  /** Access through an SSH command, e.g. git fetch or push. */
-  SSH,
+  /** Access through an SSH command that is not invoked by Git. */
+  SSH_COMMAND,
+
+  /** Access from a Git client using any Git protocol. */
+  GIT,

  /** Access through replication */
  REPLICATION;