VisibleRefFilter: Check visibility of refs/users/ branches

The user branch of a user was always advertised to that user even if READ permissions had been denied or blocked. Doing a visibility check for the user branches means that by default they are now no longer visible to the owning users, but the default will be changed by a follow-up change. The next change implements a parameter variable for ref patterns that can be expanded to the sharded account ID. This new parameter variable will then be used to assign the default permissions for the user branches. Leave an exception for change edit refs since the inline edit feature depends on the change edit refs being always visible to the owning user. Change-Id: If836518de4e4d6b084b675b050bb992fec5fb1e6 Signed-off-by: Edwin Kempin <ekempin@google.com>
2016-05-04 18:13:33 +02:00
parent 88fcd6bcfa
commit adb1ed4c77
5 changed files with 122 additions and 19 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/git/VisibleRefFilter.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/git/VisibleRefFilter.java
@@ -110,18 +110,16 @@ public class VisibleRefFilter extends AbstractAdvertiseRefsHook {
      Account.Id accountId;
      if (ref.getName().startsWith(RefNames.REFS_CACHE_AUTOMERGE)) {
        continue;
-      } else if ((accountId =
-          Account.Id.fromRef(ref.getLeaf().getName())) != null) {
-        // Reference related to an account is visible only for the current
-        // account.
+      } else if (showMetadata
+          && (RefNames.isRefsEditOf(ref.getLeaf().getName(), currAccountId)
+              || (RefNames.isRefsEdit(ref.getLeaf().getName())
+                  && canViewMetadata))) {
+        // Change edit reference related is visible to the account that owns the
+        // change edit.
        //
-        // TODO(dborowitz): If a ref matches an account and a change, verify
-        // both (to exclude e.g. edits on changes that the user has lost access
-        // to).
-        if (showMetadata
-            && (canViewMetadata || accountId.equals(currAccountId))) {
-          result.put(ref.getName(), ref);
-        }
+        // TODO(dborowitz): Verify if change is visible (to exclude edits on
+        // changes that the user has lost access to).
+        result.put(ref.getName(), ref);

      } else if ((changeId = Change.Id.fromRef(ref.getName())) != null) {
        // Reference related to a change is visible if the change is visible.
@@ -143,7 +141,18 @@ public class VisibleRefFilter extends AbstractAdvertiseRefsHook {
        // symbolic we want the control around the final target. If its
        // not symbolic then getLeaf() is a no-op returning ref itself.
        //
-        result.put(ref.getName(), ref);
+
+        if ((accountId =
+            Account.Id.fromRef(ref.getLeaf().getName())) != null) {
+          // Reference related to an account is visible only for the current
+          // account.
+          if (showMetadata
+              && (canViewMetadata || accountId.equals(currAccountId))) {
+            result.put(ref.getName(), ref);
+          }
+        } else {
+          result.put(ref.getName(), ref);
+        }
      }
    }