Merge branch 'stable-2.7'

* stable-2.7:
  Fix compilation failure in RefControlTest
  Verify access to source ref during add branch operation

Conflicts:
	gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
	gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java

Change-Id: I05be78df8d2717105146e7f285e092598756fff0

gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java

@@ -29,16 +29,25 @@ import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.reviewdb.client.Branch;
 import com.google.gerrit.reviewdb.client.Change;
 import com.google.gerrit.reviewdb.client.Project;
+import com.google.gerrit.reviewdb.client.Project.NameKey;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.InternalUser;
 import com.google.gerrit.server.config.CanonicalWebUrl;
 import com.google.gerrit.server.config.GitReceivePackGroups;
 import com.google.gerrit.server.config.GitUploadPackGroups;
+import com.google.gerrit.server.git.GitRepositoryManager;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.assistedinject.Assisted;
 
+import org.eclipse.jgit.lib.Ref;
+import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.revwalk.RevCommit;
+import org.eclipse.jgit.revwalk.RevWalk;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.io.IOException;
 import java.util.Collection;
 import java.util.Collections;
@@ -47,12 +56,15 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.Map.Entry;
 
 /** Access control management for a user accessing a project's data. */
 public class ProjectControl {
   public static final int VISIBLE = 1 << 0;
   public static final int OWNER = 1 << 1;
 
+  private static final Logger log = LoggerFactory.getLogger(ProjectControl.class);
+
   public static class GenericFactory {
     private final ProjectCache projectCache;
 
@@ -129,6 +141,7 @@ public class ProjectControl {
   private final String canonicalWebUrl;
   private final CurrentUser user;
   private final ProjectState state;
+  private final GitRepositoryManager repoManager;
   private final PermissionCollection.Factory permissionFilter;
   private final Collection<ContributorAgreement> contributorAgreements;
 
@@ -142,8 +155,10 @@ public class ProjectControl {
   ProjectControl(@GitUploadPackGroups Set<AccountGroup.UUID> uploadGroups,
       @GitReceivePackGroups Set<AccountGroup.UUID> receiveGroups,
       final ProjectCache pc, final PermissionCollection.Factory permissionFilter,
+      final GitRepositoryManager repoManager,
       @CanonicalWebUrl @Nullable final String canonicalWebUrl,
       @Assisted CurrentUser who, @Assisted ProjectState ps) {
+    this.repoManager = repoManager;
     this.uploadGroups = uploadGroups;
     this.receiveGroups = receiveGroups;
     this.permissionFilter = permissionFilter;
@@ -471,4 +486,29 @@ public class ProjectControl {
     }
     return false;
   }
+
+  public boolean canReadCommit(RevWalk rw, RevCommit commit) {
+    NameKey projName = state.getProject().getNameKey();
+    try {
+      Repository repo = repoManager.openRepository(projName);
+      try {
+        for (Entry<String, Ref> entry : repo.getAllRefs().entrySet()) {
+          RevCommit tip = rw.parseCommit(entry.getValue().getObjectId());
+          if (rw.isMergedInto(commit, tip)
+              && controlForRef(entry.getKey()).canPerform(Permission.READ)) {
+            return true;
+          }
+        }
+      } finally {
+        repo.close();
+      }
+    } catch (IOException e) {
+      String msg =
+          String.format(
+              "Cannot verify permissions to commit object %s in repository %s",
+              commit.name(), projName.get());
+      log.error(msg, e);
+    }
+    return controlForRef("refs/*").canPerform(Permission.READ);
+  }
 }

gerrit-server/src/main/java/com/google/gerrit/server/project/RefControl.java

@@ -247,8 +247,9 @@ public class RefControl {
     }
 
     if (object instanceof RevCommit) {
-      return owner || canPerform(Permission.CREATE);
+      return owner
-
+          || (canPerform(Permission.CREATE) && projectControl.canReadCommit(rw,
+              (RevCommit) object));
     } else if (object instanceof RevTag) {
       final RevTag tag = (RevTag) object;
       try {

gerrit-server/src/test/java/com/google/gerrit/server/project/Util.java

@@ -219,7 +219,7 @@ public class Util {
 
     return new ProjectControl(Collections.<AccountGroup.UUID> emptySet(),
         Collections.<AccountGroup.UUID> emptySet(), projectCache,
-        sectionSorter, canonicalWebUrl, new MockUser(name, memberOf),
+        sectionSorter, null, canonicalWebUrl, new MockUser(name, memberOf),
         newProjectState(local));
   }