Create "Revert" permission

Create a dedicated revert permission to only allow specific groups to revert changes. Groups that don't have the "Revert" permission will not see the Revert button and will not be allowed to revert changes from the GUI. This change is created due to spammers that easily use the "Revert Submission" button to create many changes quickly. Change-Id: If5180bc982659ab5c9ddaa096ac455823484c50c
2020-01-22 10:36:35 +01:00
parent 037a4680f5
commit 6c9ed9550d
13 changed files with 99 additions and 18 deletions
--- a/java/com/google/gerrit/server/permissions/ChangeControl.java
+++ b/java/com/google/gerrit/server/permissions/ChangeControl.java
@@ -117,6 +117,12 @@ class ChangeControl {
    return canAbandon() && refControl.asForRef().testOrFalse(RefPermission.CREATE_CHANGE);
  }

+  /** Can this user revert this change? */
+  private boolean canRevert() {
+    return (refControl.canRevert())
+        && refControl.asForRef().testOrFalse(RefPermission.CREATE_CHANGE);
+  }
+
  /** The range of permitted values associated with a label permission. */
  private PermissionRange getRange(String permission) {
    return refControl.getRange(permission, isOwner());
@@ -303,6 +309,8 @@ class ChangeControl {
            return canRebase();
          case RESTORE:
            return canRestore();
+          case REVERT:
+            return canRevert();
          case SUBMIT:
            return refControl.canSubmit(isOwner());
          case TOGGLE_WORK_IN_PROGRESS_STATE:
--- a/java/com/google/gerrit/server/permissions/ChangePermission.java
+++ b/java/com/google/gerrit/server/permissions/ChangePermission.java
@@ -54,6 +54,7 @@ public enum ChangePermission implements ChangePermissionOrLabel {
   * change is not locked by calling {@code PatchSetUtil.isPatchSetLocked}.
   */
  REBASE,
+  REVERT,
  SUBMIT,
  SUBMIT_AS("submit on behalf of other users"),
  TOGGLE_WORK_IN_PROGRESS_STATE;
--- a/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java
+++ b/java/com/google/gerrit/server/permissions/DefaultPermissionMappings.java
@@ -96,6 +96,7 @@ public class DefaultPermissionMappings {
          .put(ChangePermission.REMOVE_REVIEWER, Permission.REMOVE_REVIEWER)
          .put(ChangePermission.ADD_PATCH_SET, Permission.ADD_PATCH_SET)
          .put(ChangePermission.REBASE, Permission.REBASE)
+          .put(ChangePermission.REVERT, Permission.REVERT)
          .put(ChangePermission.SUBMIT, Permission.SUBMIT)
          .put(ChangePermission.SUBMIT_AS, Permission.SUBMIT_AS)
          .put(
--- a/java/com/google/gerrit/server/permissions/RefControl.java
+++ b/java/com/google/gerrit/server/permissions/RefControl.java
@@ -162,6 +162,10 @@ class RefControl {
    return projectControl.controlForRef("refs/for/" + refName).canPerform(Permission.PUSH);
  }

+  boolean canRevert() {
+    return canPerform(Permission.REVERT);
+  }
+
  /** @return true if this user can submit merge patch sets to this ref */
  private boolean canUploadMerges() {
    return projectControl.controlForRef("refs/for/" + refName).canPerform(Permission.PUSH_MERGE);