Prevent creation of non-user branches in All-Users under refs/users/

Under refs/user/ in All-Users we only expect to find user branches (and the refs/users/default branch with defaults for all users). Change-Id: I5286bcfba724d0016604299ca11785901dd0f049 Signed-off-by: Edwin Kempin <ekempin@google.com>
2017-04-24 14:49:40 +02:00
parent f8a5455015
commit 5a1d6a882e
2 changed files with 25 additions and 0 deletions
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/accounts/AccountIT.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/accounts/AccountIT.java
@@ -781,6 +781,25 @@ public class AccountIT extends AbstractDaemonTest {
    }
  }

+  @Test
+  @Sandboxed
+  public void cannotCreateNonUserBranchUnderRefsUsersWithAccessDatabaseCapability()
+      throws Exception {
+    allowGlobalCapabilities(REGISTERED_USERS, GlobalCapability.ACCESS_DATABASE);
+    grant(allUsers, RefNames.REFS_USERS + "*", Permission.CREATE);
+    grant(allUsers, RefNames.REFS_USERS + "*", Permission.PUSH);
+
+    String userRef = RefNames.REFS_USERS + "foo";
+    TestRepository<InMemoryRepository> allUsersRepo = cloneProject(allUsers);
+    PushOneCommit.Result r = pushFactory.create(db, admin.getIdent(), allUsersRepo).to(userRef);
+    r.assertErrorStatus();
+    assertThat(r.getMessage()).contains("Not allowed to create non-user branch under refs/users/.");
+
+    try (Repository repo = repoManager.openRepository(allUsers)) {
+      assertThat(repo.exactRef(userRef)).isNull();
+    }
+  }
+
  @Test
  @Sandboxed
  public void createDefaultUserBranch() throws Exception {
--- a/gerrit-server/src/main/java/com/google/gerrit/server/git/validators/RefOperationValidators.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/git/validators/RefOperationValidators.java
@@ -17,6 +17,7 @@ import com.google.common.base.Predicate;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Iterables;
 import com.google.gerrit.extensions.registration.DynamicSet;
+import com.google.gerrit.reviewdb.client.Account;
 import com.google.gerrit.reviewdb.client.Project;
 import com.google.gerrit.reviewdb.client.RefNames;
 import com.google.gerrit.server.IdentifiedUser;
@@ -122,6 +123,11 @@ public class RefOperationValidators {
          if (!refEvent.user.getCapabilities().canAccessDatabase()) {
            throw new ValidationException("Not allowed to create user branch.");
          }
+          if (Account.Id.fromRef(refEvent.command.getRefName()) == null) {
+            throw new ValidationException(
+                String.format(
+                    "Not allowed to create non-user branch under %s.", RefNames.REFS_USERS));
+          }
        } else if (refEvent.command.getType().equals(ReceiveCommand.Type.DELETE)) {
          if (!refEvent.user.getCapabilities().canAccessDatabase()) {
            throw new ValidationException("Not allowed to delete user branch.");