ProjectControl: READ does not imply isOwner

If a project BLOCKs refs/heads/foo, then allRefsAreVisible will return false. This should even apply for project owners, so callers that depend on allRefsAreVisible to bypass refs filtering would see false, entering the filtering codepath. By including isOwner in the READ branch project owners never enter ref filtering, which deviates from prior behavior. Remove the isOwner branch. READ is only granted if all refs are readable by the user. Change-Id: I63097dda719ae6d1e0fb4916b8e548e0735f38a7 See-also: https://gerrit-review.googlesource.com/c/98216/8/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java#615
2017-04-26 16:06:48 +02:00
parent a8817bcd1e
commit b84ab960a2
1 changed files with 1 additions and 1 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
@@ -558,7 +558,7 @@ public class ProjectControl {
              || isOwner();

        case READ:
-          return (!isHidden() && allRefsAreVisible(Collections.emptySet())) || isOwner();
+          return !isHidden() && allRefsAreVisible(Collections.emptySet());
      }
      throw new PermissionBackendException(perm + " unsupported");
    }