My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 1656: The gerrit web front end is publicly viewable without even being a registered user
1 person starred this issue and may be notified of changes. Back to list
Status:  Invalid
Owner:  ----
Closed:  Nov 2012


Sign in to add a comment
 
Reported by chapp...@gmail.com, Nov 10, 2012
************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

Affected Version:

2.5

What steps will reproduce the problem?
1. Access a gerrit site for which you do not have a user account
2. Browse through all of the information it provides.

What is the expected output? What do you see instead?

I would expect there to be an option to lock down the main web front end so that unregistered users cannot browse through all of the information. I realize that gerrit is used in many cases where the repositories are public. However, in my case I would like to use it in a commercial environment where not all of the repositories are suitable to public viewing. Even within the organization itself. It would be nice to guard access via a login screen. In addition to this, giving the administrators control to add/remove users would be required.

Nov 10, 2012
Project Member #1 edwin.ke...@gmail.com
Just make sure that read access is not granted to 'Anonymous Users', then you shouldn't see anything if you're not logged in.
Nov 13, 2012
#2 david.ch...@exinda.com
Perfect. That worked :) Still getting used to the flexibility of the access control mechanisms.
Nov 13, 2012
Project Member #3 edwin.ke...@gmail.com
(No comment was entered for this change.)
Status: Invalid
Sign in to add a comment

Powered by Google Project Hosting