project-config/gerrit/acls/openstack/requirements.config
Jeremy Stanley f62e441f24 Unshadow All-Projects in exclusiveGroupPermissions
Whenever a project-specific ACL declares exclusiveGroupPermissions
on some permission, it can block other valid uses of that permission
which would otherwise be inherited from the All-Projects pseudoACL.
Make sure that Project Bootstrappers retains access to abandon,
-2..+2 on label-Code-Review and -1..+1 on label-Workflow. Also make
sure Change Owners can still abandon and add -1..0 on
label-Workflow, and that Registered Users can always -1..+1 on
label-Code-Review.

This change corrects existing ACLs to meet the above criteria, and
also introduces a normalization rule to prevent regression.

Change-Id: I2eecb7028bcab7d5d82ad4155a775a9b2daa441f
2016-02-17 22:39:03 +00:00

26 lines
842 B
Plaintext

[access "refs/heads/*"]
abandon = group requirements-core
label-Code-Review = -2..+2 group requirements-core
label-Workflow = -1..+1 group requirements-core
[access "refs/heads/stable/*"]
abandon = group Change Owner
abandon = group Project Bootstrappers
abandon = group stable-maint-core
exclusiveGroupPermissions = abandon label-Code-Review label-Workflow
label-Code-Review = -2..+2 group Project Bootstrappers
label-Code-Review = -2..+2 group infra-core
label-Code-Review = -2..+2 group stable-maint-core
label-Code-Review = -1..+1 group Registered Users
label-Workflow = -1..+0 group Change Owner
label-Workflow = -1..+1 group Project Bootstrappers
label-Workflow = -1..+1 group infra-core
label-Workflow = -1..+1 group stable-maint-core
[receive]
requireChangeId = true
requireContributorAgreement = true
[submit]
mergeContent = true