diff --git a/java/com/google/gerrit/server/git/receive/ReceiveCommits.java b/java/com/google/gerrit/server/git/receive/ReceiveCommits.java index 6e1f8d3120..8fb5ca2841 100644 --- a/java/com/google/gerrit/server/git/receive/ReceiveCommits.java +++ b/java/com/google/gerrit/server/git/receive/ReceiveCommits.java @@ -25,7 +25,7 @@ import static com.google.gerrit.git.ObjectIds.abbreviateName; import static com.google.gerrit.server.change.HashtagsUtil.cleanupHashtag; import static com.google.gerrit.server.git.MultiProgressMonitor.UNKNOWN; import static com.google.gerrit.server.git.receive.ReceiveConstants.COMMAND_REJECTION_MESSAGE_FOOTER; -import static com.google.gerrit.server.git.receive.ReceiveConstants.ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP; +import static com.google.gerrit.server.git.receive.ReceiveConstants.ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP; import static com.google.gerrit.server.git.receive.ReceiveConstants.PUSH_OPTION_SKIP_VALIDATION; import static com.google.gerrit.server.git.receive.ReceiveConstants.SAME_CHANGE_ID_IN_MULTIPLE_CHANGES; import static com.google.gerrit.server.git.validators.CommitValidators.NEW_PATCHSET_PATTERN; @@ -2883,9 +2883,9 @@ class ReceiveCommits { if (!hasWriteConfigPermission) { try { - permissionBackend.user(user).check(GlobalPermission.ADMINISTRATE_SERVER); + permissions.change(notes).check(ChangePermission.TOGGLE_WORK_IN_PROGRESS_STATE); } catch (AuthException e1) { - reject(inputCommand, ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP); + reject(inputCommand, ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP); } } } diff --git a/java/com/google/gerrit/server/git/receive/ReceiveConstants.java b/java/com/google/gerrit/server/git/receive/ReceiveConstants.java index 03a1b33bbe..df1888be3f 100644 --- a/java/com/google/gerrit/server/git/receive/ReceiveConstants.java +++ b/java/com/google/gerrit/server/git/receive/ReceiveConstants.java @@ -20,8 +20,8 @@ public final class ReceiveConstants { public static final String PUSH_OPTION_SKIP_VALIDATION = "skip-validation"; @VisibleForTesting - public static final String ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP = - "only change owner or project owner can modify Work-in-Progress"; + public static final String ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP = + "only users with Toogle-Wip-State permission can modify Work-in-Progress"; static final String COMMAND_REJECTION_MESSAGE_FOOTER = "Contact an administrator to fix the permissions"; diff --git a/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java b/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java index 671d0edd2e..bb1a2eb8ff 100644 --- a/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java +++ b/javatests/com/google/gerrit/acceptance/git/AbstractPushForReview.java @@ -889,7 +889,19 @@ public abstract class AbstractPushForReview extends AbstractDaemonTest { GitUtil.fetch(user2Repo, r.getPatchSet().refName() + ":ps"); user2Repo.reset("ps"); r = amendChange(r.getChangeId(), "refs/for/master%ready", user2, user2Repo); - r.assertErrorStatus(ReceiveConstants.ONLY_CHANGE_OWNER_OR_PROJECT_OWNER_CAN_MODIFY_WIP); + r.assertErrorStatus(ReceiveConstants.ONLY_USERS_WITH_TOGGLE_WIP_STATE_PERM_CAN_MODIFY_WIP); + + // Non owner, non admin and non project owner with toggleWipState should succeed. + projectOperations + .project(project) + .forUpdate() + .add( + allow(Permission.TOGGLE_WORK_IN_PROGRESS_STATE) + .ref(RefNames.REFS_HEADS + "*") + .group(REGISTERED_USERS)) + .update(); + r = amendChange(r.getChangeId(), "refs/for/master%ready", user2, user2Repo); + r.assertOkStatus(); // Project owner trying to move from WIP to ready should succeed. projectOperations diff --git a/plugins/gitiles b/plugins/gitiles index 641476e153..b8ea789876 160000 --- a/plugins/gitiles +++ b/plugins/gitiles @@ -1 +1 @@ -Subproject commit 641476e153143c2b67e334b35626beb9b2534956 +Subproject commit b8ea789876c0661e1aef9fa3f54a6ac3b8abd62c