opendev/gerrit
Code Issues Proposed changes

Merge "Explicitly check READ permission when processing a git push"

Browse Source
This commit is contained in:
Patrick Hiesel
2020-08-26 09:26:39 +00:00
committed by Gerrit Code Review
parent 907b99179b c2d48fb765
commit ce406559ee
3 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/com/google/gerrit/server/git/receive/ReceiveCommits.java
View File

@@ -1839,7 +1839,9 @@ class ReceiveCommits {
magicBranch.perm = permissions.ref(ref);
Optional<AuthException> err =
checkRefPermission(magicBranch.perm, RefPermission.CREATE_CHANGE);
checkRefPermission(magicBranch.perm, RefPermission.READ)
.map(Optional::of)
.orElse(checkRefPermission(magicBranch.perm, RefPermission.CREATE_CHANGE));
if (err.isPresent()) {
rejectProhibited(cmd, err.get());
return;