My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 2173: Submit access control not working for Project Owners
1 person starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by romain.c...@gmail.com, Oct 8, 2013
************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

Affected Version: 2.7

What steps will reproduce the problem?
1. In all projects, grant 'Submit' rights to refs/heads/* to 'Project owners'
2. Create a project inheriting from all projects and grant ownership rights to a LDAP group to (for eg.) refs/heads/subsystem/*
3. Try to submit a patch while being part of that LDAP group.

What is the expected output? What do you see instead?

I expected the 'Submit' right to be granted to any patches submitted to branches starting with refs/heads/subsystem/*. All other rights (Abandon, Remove Reviewer for example) are properly inherited. However, this does not happen.

The weirdest thing is that if I explicitly (in the child project), grant submit rights to the SAME LDAP group as the owner right, it works.

So, to summarize:

All-Projects:
    - On refs/heads/*, ALLOW Submit to Project Owners

SubProject:
    - On refs/heads/subsystem/*:
        - ALLOW Owner to ldap/mygroup does not allow Submit to people in ldap/mygroup
        - ALLOW Submit to ldap/mygroup <- adding this makes it work

Please provide any additional information below.

I don't know if I am misunderstanding something and since I am new to Gerrit, please let me know if that is the case.

Thanks.
Sign in to add a comment

Powered by Google Project Hosting