ForRef#check should permit internal users to read all refs
79d24d4Make PermissionBackend#ForRef authoritative Introduced a regression where InternalUsers where not taken into consideration when checking READ permission. Bug: Issue 13786 Change-Id: I3f18507f65044ac96321c1efecf1f2688f36859f (cherry picked from commit23ff2cfc8f)
This commit is contained in:
Sven Selberg
committed by
Luca Milanesio
Luca Milanesio
parent
fc651f4a0d
commit
68b3492fcb
@@ -608,6 +608,10 @@ class RefControl {
|
||||
private boolean can(RefPermission perm) throws PermissionBackendException {
|
||||
switch (perm) {
|
||||
case READ:
|
||||
/* Internal users such as plugin users should be able to read all refs. */
|
||||
if (getUser().isInternalUser()) {
|
||||
return true;
|
||||
}
|
||||
if (refName.startsWith(Constants.R_TAGS)) {
|
||||
return isTagVisible();
|
||||
}
|
||||
|
||||
@@ -48,6 +48,7 @@ import com.google.gerrit.reviewdb.client.AccountGroup;
|
||||
import com.google.gerrit.reviewdb.client.Project;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.InternalUser;
|
||||
import com.google.gerrit.server.account.CapabilityCollection;
|
||||
import com.google.gerrit.server.account.GroupMembership;
|
||||
import com.google.gerrit.server.account.ListGroupMembership;
|
||||
@@ -391,6 +392,11 @@ public class RefControlTest {
|
||||
assertAllRefsAreNotVisible(user(allUsers, DEVS));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void userRefIsVisibleForInternalUser() throws Exception {
|
||||
internalUser(local).controlForRef("refs/users/default").asForRef().check(RefPermission.READ);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void branchDelegation1() throws Exception {
|
||||
allow(local, OWNER, ADMIN, "refs/*");
|
||||
@@ -1039,6 +1045,21 @@ public class RefControlTest {
|
||||
return repo;
|
||||
}
|
||||
|
||||
private ProjectControl internalUser(ProjectConfig local) throws Exception {
|
||||
return new ProjectControl(
|
||||
Collections.emptySet(),
|
||||
Collections.emptySet(),
|
||||
sectionSorter,
|
||||
changeControlFactory,
|
||||
permissionBackend,
|
||||
refVisibilityControl,
|
||||
repoManager,
|
||||
refFilterFactory,
|
||||
allUsersName,
|
||||
new InternalUser(),
|
||||
newProjectState(local));
|
||||
}
|
||||
|
||||
private ProjectControl user(ProjectConfig local, AccountGroup.UUID... memberOf) {
|
||||
return user(local, null, memberOf);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user