62c156857e
Each tag type requires a special permission for the tag creation: - Lightweight tags require 'Create Reference' - Annontated tags require 'Push Annotated Tag' - Signed tags require 'Push Signed Tag' This naming is inconsistent and may be confusing. E.g. whether tags can be updated is controlled by the 'Push' permission on 'refs/tags/*' and not by the 'Push Annotated/Signed Tag' permission, as some users might expect. This change includes a schema migration that renames the permissions for creating annotated/signed tags. Permission rules in project.config that use the old names are still respected. They are automatically converted when the project config is saved the next time. This is needed so that multi-master sites can do a multi-step-migration: 1. First upgrade all hosts to the new binary: Projects may still contain permissions with the old names, new permissions are saved with the new names. 2. Run a background job on all hosts that migrates the permissions for all projects to the new names: Projects do not contain permissions with the old names, new permissions are saved with the new names. 3. Upgrade all hosts to a binary that doesn't respect the old names anymore. The migration for schema 130 is rewritten because ProjectConfig no longer allows to change the force flag for 'pushTag' without converting it to 'createTag'. Change-Id: I839be24f82a908b5184f15e746f3588a0d397b7e Signed-off-by: Edwin Kempin <ekempin@google.com>
47 lines
1.9 KiB
Plaintext
47 lines
1.9 KiB
Plaintext
= prohibited by Gerrit
|
|
|
|
This is a general error message that is returned by Gerrit if a push
|
|
is not allowed, e.g. because the pushing user has no sufficient
|
|
privileges.
|
|
|
|
In particular this error occurs:
|
|
|
|
1. if you push a commit for code review to a branch for which you
|
|
don't have upload permissions (access right
|
|
link:access-control.html#category_push_review['Push'] on
|
|
`+refs/for/refs/heads/*+`)
|
|
2. if you bypass code review without
|
|
link:access-control.html#category_push_direct['Push'] access right
|
|
on `+refs/heads/*+`
|
|
3. if you bypass code review pushing to a non-existing branch without
|
|
link:access-control.html#category_create['Create Reference'] access
|
|
right on `+refs/heads/*+`
|
|
4. if you push an annotated tag without
|
|
link:access-control.html#category_create_annotated['Create Annotated Tag']
|
|
access right on `+refs/tags/*+`
|
|
5. if you push a signed tag without
|
|
link:access-control.html#category_create_signed['Create Signed Tag']
|
|
access right on `+refs/tags/*+`
|
|
6. if you push a lightweight tag without the access right link:access-control.html#category_create['Create
|
|
Reference'] for the reference name `+refs/tags/*+`
|
|
7. if you push a tag with somebody else as tagger and you don't have the
|
|
link:access-control.html#category_forge_committer['Forge Committer']
|
|
access right for the reference name `+refs/tags/*+`
|
|
8. if you push to a project that is in state 'Read Only'
|
|
|
|
For new users it often happens that they accidentally try to bypass
|
|
code review. The push then fails with the error message 'prohibited
|
|
by Gerrit' because the project didn't allow to bypass code review.
|
|
Bypassing the code review is done by pushing directly to `+refs/heads/*+`
|
|
(e.g. `refs/heads/master`) instead of pushing to `+refs/for/*+` (e.g.
|
|
`refs/for/master`). Details about how to push commits for code review
|
|
are explained link:user-upload.html#push_create[here].
|
|
|
|
|
|
GERRIT
|
|
------
|
|
Part of link:error-messages.html[Gerrit Error Messages]
|
|
|
|
SEARCHBOX
|
|
---------
|