f62e441f24
Whenever a project-specific ACL declares exclusiveGroupPermissions on some permission, it can block other valid uses of that permission which would otherwise be inherited from the All-Projects pseudoACL. Make sure that Project Bootstrappers retains access to abandon, -2..+2 on label-Code-Review and -1..+1 on label-Workflow. Also make sure Change Owners can still abandon and add -1..0 on label-Workflow, and that Registered Users can always -1..+1 on label-Code-Review. This change corrects existing ACLs to meet the above criteria, and also introduces a normalization rule to prevent regression. Change-Id: I2eecb7028bcab7d5d82ad4155a775a9b2daa441f
26 lines
842 B
Plaintext
26 lines
842 B
Plaintext
[access "refs/heads/*"]
|
|
abandon = group requirements-core
|
|
label-Code-Review = -2..+2 group requirements-core
|
|
label-Workflow = -1..+1 group requirements-core
|
|
|
|
[access "refs/heads/stable/*"]
|
|
abandon = group Change Owner
|
|
abandon = group Project Bootstrappers
|
|
abandon = group stable-maint-core
|
|
exclusiveGroupPermissions = abandon label-Code-Review label-Workflow
|
|
label-Code-Review = -2..+2 group Project Bootstrappers
|
|
label-Code-Review = -2..+2 group infra-core
|
|
label-Code-Review = -2..+2 group stable-maint-core
|
|
label-Code-Review = -1..+1 group Registered Users
|
|
label-Workflow = -1..+0 group Change Owner
|
|
label-Workflow = -1..+1 group Project Bootstrappers
|
|
label-Workflow = -1..+1 group infra-core
|
|
label-Workflow = -1..+1 group stable-maint-core
|
|
|
|
[receive]
|
|
requireChangeId = true
|
|
requireContributorAgreement = true
|
|
|
|
[submit]
|
|
mergeContent = true
|