opendev/gerrit
Code Issues Proposed changes

Use uploader for approvals specified on push, not the committer

Browse Source 
When the uploader has the Forge Committer Identity access right he can
upload commits where another user is committer. This means uploader
and committer can be different users.

When the committer is used for the approvals that are specified on
push then users with the Forge Committer Identity access right can put
votes on behalf of the committer onto the new change. This must not
be.

This was only possible when there were at least two labels defined.

When on upload the committer is forged he is automatically added as
reviewer to the change. This results in a dummy 0 vote. If there was
only one label this dummy 0 vote collided with any vote for the same
label that was specified in the push specification and hence the
upload failed, which means in this case it was not possible to forge a
vote.

However if there were multiple labels defined forging a vote was
possible.

The push also failed with a NullPointerException when a commit was
pushed that had a committer that didn't exist in the Gerrit database,
or when that account didn't have an email address registered.

Putting votes on behalf of another user is possible via the REST API
but this requires the special on behalf of permission for the label.
One can imagine a new option for putting label votes on behalf of
another user on push too, but this is not implemented yet.

Bug: Issue 3602
Signed-off-by: Edwin Kempin <ekempin@google.com>
Change-Id: I2e848c32cfad81979f22613d2a631fad6e0cea66
This commit is contained in:
Edwin Kempin
2015-10-14 18:22:29 +02:00
committed by David Ostrovsky
parent f06050f125
commit 945c23c089
4 changed files with 72 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveCommits.java
View File

@@ -2197,7 +2197,7 @@ public class ReceiveCommits {
approvalCopier.copy(db, changeCtl, newPatchSet);
approvalsUtil.addReviewers(db, update, labelTypes, change, newPatchSet,
info, recipients.getReviewers(), oldRecipients.getAll());
approvalsUtil.addApprovals(db, update, labelTypes, newPatchSet, info,
approvalsUtil.addApprovals(db, update, labelTypes, newPatchSet,
changeCtl, approvals);
recipients.add(oldRecipients);