Icc105c39e introduced severe security problem, allowing non admin
users that was granted modifyAccount capability to modify SSH keys
of all users, including administrators. But that means such a user
can change the authentication of an existing administrator and then
impersonate the admin to elevate their own account status to that
of an admin.
Rectify it but restricting changing of SSH keys for a user only to
members of administrators group.
Change-Id: If82965391369121b282b969e7072a2bfa3074be9
Remove the Generate HTTP Password capability because it exposes a
security vulnerability. Any user that is granted this capability
can modify an administrator's http password and impersonate the
admin user. Other reasons for removing this capability are that
the usage of it is inconsistent with the modifyAccount capability
and this capability encourages adding additional capabilities to
restrict permissions, which is not desired.
With this change only administrators are allowed to generate and
delete other users' http passwords.
The motivation behind this change is from comments in changes
Ib1971fad and If8296539.
Change-Id: Id907cc103591eed029fd08af700bb1bb6a618ff8
GetUserFilter is adding the user to the request attribute so the user
who requested the URL is printed in the httpd_log but it is only
applied when running Gerrit with the embedded servlet container.
Move GetUserFilter from the gerrit-pgm to gerrit-httpd so it can be
applied when running Gerrit in a servlet container (e.g. Tomcat). Add
a parameter http.addUserAsRequestAttribute in gerrit config to
enable/disable this filter. It is enabled by default.
In tomcat, pattern %{User}r can be used in the AccessLog to print user
to get same functionality as httpd_log when running with the embedded
servlet container.
Change-Id: I591d594848a5b2d4aa9389965365e0621b39a51c
See this bug report for references [1].
[1] https://github.com/facebook/buck/issues/197
Reported-by: David Borowitz <dborowitz@google.com>
Change-Id: I2113251a1be5597810b9680b64d09e18df8588dc
Add a new diff preference that allows the user to decide whether the
diff table header with the patch set selection should be automatically
hidden when scrolling down more than half of a page. At the moment
this behaviour cannot be disabled, but some users find it annoying
that the header disappears and that they need to scroll up to be able
to change the patch set selection.
By default the diff table header is automatically hidden as this is
the current behaviour.
Change-Id: I1d65c5058222c924ccaf3276f7d2d83fac7f4d32
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
This change also makes it possible to configure maximum
displayed reviewers.
On some Gerrit instances the full name is formatted like:
<given name> <surname>
and email like:
<given name>.<surname>@...
This would make it impossible to get reviewer suggestions from
surnames.
Since gwtorm doesn't support sql LIKE there is no straight forward
way of filtering on substring in the DB. Hence this in memory approach.
For performance reasons this implementation differs from the default
implementation in that it does not look at the email_address in
account_external_ids but only at the preferred_email of accounts.
The default implementation does only look for 10 matches and afterwards
filters out the acconts that are not allowed to view the change.
Configuration:
suggest.maxSuggestedReviewers
Maximum number of suggested reviewers (default 10).
suggest.fullTextSearch
Enable full text search (default "false").
suggest.fullTextSearchMaxMatches
Maximum number of matches to be checked for accessability when using
full text search (default 100).
Change-Id: Ia4c3a15263783bc144e66a05854c3915392095b5
Plugins can now control the target window in which a web link should
be opened.
This is an incompatible change and plugins implementing web links must
be adapted.
Change-Id: I5aec40ce425251b10fcb912131d547982d27cd55
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
Administrators may want to inspect the full ref state of a repository
without having direct git access. Reuse the accessDatabase capability
within VisibleRefFilter for this purpose. Users with this capability
can access basically all data on the server, so we are not giving
them significantly more visibility.
Change-Id: I592557528915ab216acce5fa7e057df8f2fc1640
One not-so-well-known feature of gerrit is that, you can set a
%base for the RevWalk in ReceiveCommits when pushing changes to
Gerrit. This makes it possible to push a commit for review and
override Gerrits default algorithm for creating new changes on
push to refs/for/*. For instance, one could submit a commit in
a private branch and, afterward, push the same commit to a
release branch.
Specifying the tip of the destination branch as the %base would
have an effect of creating a new change for every commit reachable
from the pushed commit and not reachable from the target branch.
This behavior seems to be wanted by some Gerrit users and is
implemented as a project config option by this change (although
it contradicts the Gerrit's philosophy of reviewing one commit once).
If a %base is explicitly set on during uploading changes,
new-change-for-all-not-in-target is ignored.
To avoid incidental pushes with merges,
new-change-for-all-not-in-target rejects uploads if changes
contain merge commits. In such cases to push a merge commit, you
need to explicitly set the %base parameter as described in
Uploading Changes / Selecting Merge Base documentation.
Bug: issue 1195
Change-Id: Ifa90184352c912885e52d2060356fcc039d0ef03
There is now only one supported way to debug GWT, so remove the "SDM"
naming, as it's basically an implementation detail. Be consistent
between the launcher and class names,
gerrit_gwt_dbg -> GerritGwtDebugLauncher.
Update the documentation to be consistent as well, and link to the
article about Super Dev Mode.
Change-Id: If541bc48bf828a8af64d631d7acd6f663d5ecea1
Simplify SDM experience by embedding codeserver and daemon in one
process: no multiple launch configurations must be started and
the output must not be captured in different IDE console windows.
Unfortunately, as is Codeserver implementation is based on outdated
Jetty. Replace WebServer.java from GWT project (same license like
Gerrit itself, preserving the license header) and adjust it to run
against Jetty 9 that is used by Gerrit.
This also removes the need to fetch outdated Jetty version that we
have just wiped out from gwt-dev.jar during download from Central.
Change-Id: I616a53eb080d49a2bdf7a2211067b821af9f85d7
Adds gerrit.disableReverseDnsLookup configuration option to disable
reverse DNS lookup during audit log entry creation for identified user.
By default this option is set to 'false'.
Setting this option to 'true' would improve push time from host without
reverse DNS entry. Currently JVM will wait for 5s until it gives up
reverse resolution, this can be bypassed by changing this new
configuration option.
Based on input from old mail thread[1]
[1]
https://groups.google.com/d/msg/repo-discuss/pqq4I0-hiUY/ZmaXA0oWvbwJ
Change-Id: I13247799e2a2e8793b3c35d9fffb8f2c069e5ce0
Signed-off-by: Dariusz Luksza <dariusz@luksza.org>
* stable-2.10:
Release notes for Gerrit 2.9.1
Set version to 2.9.1
Display parents for all changes, not only merge commits
Fix JS plugin load when using non-root Gerrit URLs
Don't require secondary index when running daemon in slave mode
Remove fixed limit of results returned by secondary index query
Conflicts:
gerrit-pgm/src/main/java/com/google/gerrit/pgm/Reindex.java
gerrit-server/src/main/java/com/google/gerrit/server/index/IndexRewriteImpl.java
Change-Id: I66a9909edc789ee826f5091ca87044e160a25926
* changes:
InlineEdit: Preserve active edit mode on change screen reload
InlineEdit: Fix navigation for path column in file table
InlineEdit: Respect change edits in download commands drop down
InlineEdit: Allow restoring of files in change edit
InlineEdit: Allow deletion of files in change edit
InlineEdit: Support adding new files to the change
InlineEdit: Implement SBS2 integration
InlineEdit: Make revision resource change edit aware
InlineEdit: Reuse edit message box to edit file content
InlineEdit: Add change content file API for change edits
InlineEdit: Add edit/review mode to the file table
* stable-2.9:
Release notes for Gerrit 2.9.1
Set version to 2.9.1
Display parents for all changes, not only merge commits
Fix JS plugin load when using non-root Gerrit URLs
Don't require secondary index when running daemon in slave mode
Remove fixed limit of results returned by secondary index query
Conflicts:
VERSION
gerrit-extension-api/pom.xml
gerrit-gwtui/src/main/java/com/google/gerrit/client/change/CommitBox.java
gerrit-plugin-api/pom.xml
gerrit-plugin-archetype/pom.xml
gerrit-plugin-gwt-archetype/pom.xml
gerrit-plugin-gwtui/pom.xml
gerrit-plugin-js-archetype/pom.xml
gerrit-war/pom.xml
Change-Id: Id7a49d3792510653da4312e240924d47e8b52724
Upstream buck project changed the name of the bash completion script.
Update the documentation accordingly.
Change-Id: Iff6e4abb569f593712498b5df56692a2e30a7610
To be able to run buckd from the command line, it needs to be in
the path. Add a symbolic link to the executable in buck/bin like
we already do for the buck executable.
Change-Id: If3efcc577d3bf2fcb95ed3e8030975e7933148cb
Currently TopMenu extensions are not context aware, which is not a
problem for most of them, but in case of the 'Projects' section this
could be problematic.
With this approach plugins cannot contribute TopMenu items that will
only be shown when a project is selected and the url (and the history
item) contains a project name.
This change improves this by adding a possibility to provide a menu
item within the 'Projects' context without the previously mentioned
limitation.
Now when a TopMenu item contains a '${projectName}' placeholder it
will be replaced with name of project that is selected in the
'Projects' section.
Change-Id: I516f129dc73b5b98fd6c2d385690e51febfc00a3
Signed-off-by: Dariusz Luksza <dariusz@luksza.org>
* changes:
InlineEdit: Expose UiAction to rebase change edit on latest patch set
InlineEdit: Expose UiAction to publish change edit
InlineEdit: Expose UiAction to delete change edit
InlineEdit: Add UiActions support for change edits
InlineEdit: Implement CS2 integration
InlineEdit: GET change edit using /changes/{id}/edit REST endpoint
Enables a plugin to provide a URL to an image that
is displayed as the img of the link.
This change breaks previous plugins using the WebLink extensionpoint
and that don't implement getImageUrl().
Change-Id: I8a59f28e0ea8d3462f9f20f8da563d949a7a2f8b
Add rule to build search-free documentation for static hosting, and update
dev-release documentation to reflect the new rule.
Change-Id: Ifc9284d3c44349e3099ad582fcc14ba27695f30a
Search boxes in documentation are useful when search feature is
available, but it's useless when we host the documentation statically.
Add this option so we can generate search-free version of the
documentation.
Change-Id: I35aadee989ae04b7bbcffd67011634cd0dd085c1
* stable-2.10:
Add full names for options on list groups REST API
Add full names for options on list projects REST API
Make `-S` an alias of `--start` in changes query REST API
Mention deprecation of sortkey parameters in 2.9 release notes
Set the version to 2.10-SNAPSHOT
Run change hooks and ref-updated events after indexing is done.
Fix Guice module auto-discover for plugin providers
Fix broken formatting in changes REST documentation
Restrict the input of plugin_archetype_deploy.sh
Gracefully handle `buck audit` failure
Revert "Make VisibleRefFilter.Filter reuse the refs passed from JGit."
Conflicts:
VERSION
gerrit-extension-api/pom.xml
gerrit-plugin-api/pom.xml
gerrit-plugin-archetype/pom.xml
gerrit-plugin-gwt-archetype/pom.xml
gerrit-plugin-gwtui/pom.xml
gerrit-plugin-js-archetype/pom.xml
gerrit-war/pom.xml
Change-Id: I01f5e9ffa67058d914485c53c8c7b64643da4c84
* stable-2.9:
Add full names for options on list groups REST API
Add full names for options on list projects REST API
Make `-S` an alias of `--start` in changes query REST API
Mention deprecation of sortkey parameters in 2.9 release notes
Run change hooks and ref-updated events after indexing is done.
Fix broken formatting in changes REST documentation
Restrict the input of plugin_archetype_deploy.sh
Gracefully handle `buck audit` failure
Revert "Make VisibleRefFilter.Filter reuse the refs passed from JGit."
Conflicts:
gerrit-server/src/main/java/com/google/gerrit/server/change/PutTopic.java
gerrit-server/src/main/java/com/google/gerrit/server/git/MergeOp.java
tools/pack_war.py
Change-Id: I89a9b42c049ec1365ef6dec53c73c7a10a41e888
The option had been added with the name `-S`. Change the name
to `--start` with `-S` as an alias, making it consistent with the
naming in other REST APIs.
Add the option to the documentation.
Remove the documentation of `-P` and `-N`. These options only exist
to support online reindexing from clients with outdated JS, and are
deprecated. Keeping them in the documentation will potentially
cause confusion.
Bug: Issue 2878
Change-Id: I992acf4a3d1aeebb1ef40c6fed1afcb0fe26fa92
