From 5b75c006254fef7d80a3d4a27e5ce23c7ad8af3e Mon Sep 17 00:00:00 2001 From: Fredrik Luthander Date: Fri, 20 Jan 2012 07:29:43 +0100 Subject: [PATCH] Access control documentation: Push Annotated Tags This change describes what can be done with the Push Annotated Tags access. Change-Id: Ia7ba07208500e6fb85cc0ec67c508871d4596543 Signed-off-by: Fredrik Luthander --- Documentation/access-control.txt | 36 ++++++++------------ Documentation/error-prohibited-by-gerrit.txt | 5 ++- 2 files changed, 16 insertions(+), 25 deletions(-) diff --git a/Documentation/access-control.txt b/Documentation/access-control.txt index f4023c8d60..6cd5a3b921 100644 --- a/Documentation/access-control.txt +++ b/Documentation/access-control.txt @@ -642,9 +642,9 @@ wish to restrict merges to being created by Gerrit. By granting system will be those created by Gerrit. -[[category_pTAG]] -Push Tag -~~~~~~~~ +[[category_push_annotated]] +Push Annotated Tag +~~~~~~~~~~~~~~~~~~ This category permits users to push an annotated tag object over SSH into the project's repository. Typically this would be done @@ -660,29 +660,21 @@ should exist in the `refs/tags/` namespace, and should be new. This category is intended to be used to publish tags when a project reaches a stable release point worth remembering in history. -The range of values is: - -* +1 Create Signed Tag -+ -A new signed tag may be created. The tagger email address must be -verified for the current user. - -* +2 Create Annotated Tag -+ -A new annotated (unsigned) tag may be created. The tagger email -address must be verified for the current user. +It allows for a new annotated (unsigned) tag to be created. The +tagger email address must be verified for the current user. To push tags created by users other than the current user (such -as tags mirrored from an upstream project), `Forge Identity +2` -must be also granted in addition to `Push Tag >= +1`. +as tags mirrored from an upstream project), `Forge Committer Identity` +must be also granted in addition to `Push Annotated Tag`. -To push lightweight (non annotated) tags, grant `Push Branch +2 -Create Branch` for reference name `refs/tags/*`, as lightweight -tags are implemented just like branches in Git. +To push lightweight (non annotated) tags, grant +<> for reference name +`refs/tags/*`, as lightweight tags are implemented just like +branches in Git. -To delete or overwrite an existing tag, grant `Push Branch +3 -Force Push Branch; Delete Branch` for reference name `refs/tags/*`, -as deleting a tag requires the same permission as deleting a branch. +To delete or overwrite an existing tag, grant `Push` with the force +option enabled for reference name `refs/tags/*`, as deleting a tag +requires the same permission as deleting a branch. [[category_READ]] Read Access diff --git a/Documentation/error-prohibited-by-gerrit.txt b/Documentation/error-prohibited-by-gerrit.txt index 864b5ebcd1..7adbe8e864 100644 --- a/Documentation/error-prohibited-by-gerrit.txt +++ b/Documentation/error-prohibited-by-gerrit.txt @@ -14,9 +14,8 @@ In particular this error occurs: 2. if you bypass code review without link:access-control.html#category_push_direct['Push'] privileges on `refs/heads/*` -3. if you push a signed or annotated tag without sufficient - privileges in the link:access-control.html#category_pTAG['Push Tag'] - category +3. if you push a signed or annotated tag without + link:access-control.html#category_pTAG['Push Tag'] privileges 4. if you push a lightweight tag without the access right link:access-control.html#category_create['Create Reference'] for the reference name 'refs/tags/*'