*****************************************************************
***** *****
***** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!! *****
***** *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, CYANOGENMOD, *****
***** INTERNAL ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.*****
***** *****
***** THOSE ISSUES BELONG IN DIFFERENT ISSUE TRACKERS *****
***** *****
*****************************************************************
Affected Version: v2.8.6.1
What steps will reproduce the problem?
There are 3 projects "All-Project", "Sencondary-Parent-Project" and "Child-Project" exist in Gerrit. And the latter project is the child of previous one in turns.
Projects configurations has follow sections:
All-Project:
[access refs/*]
read = Registered User
Sencondary-Parent-Project
[access refs/heads/test]
read = deny group Registered User
read = allow group Administrator
Child-Project
[access refs/heads/test]
read = allow group Group_Test
What is the expected output? What do you see instead?
[Expected]
I expect Only Administor and Group_Test can access refs/heads/test in Child-Project. Permission read is forbidden to group Registered User in Sencondary-Parent-Project project and it is overrided by Child-Project.
[Instead]
Gerrit is not the case.(Permission read in Child-Project on refs/heads/test cannot limit read that configured on refs/* in All-Project)
Gerrit follow my expection only when All-Project new a access section with same branch or same branch wild
All-Project:
[access refs/*]
read = Registered User
[access refs/test]
read = Registered User
All 3 projects in inheritance have to grant the permission in the same branch (or same wild) as above can follow the design perpose "Deny can be override and Block cannot"