My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 3464: ls-user-refs after upgrading to 2.11.1 displaying restricted contents for Administrators
1 person starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by rages...@gmail.com, Jul 3, 2015
*****************************************************************
*****                                                       *****
***** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!!  *****
*****                                                       *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, CYANOGENMOD,  *****
***** INTERNAL ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.*****
*****                                                       *****
*****   THOSE ISSUES BELONG IN DIFFERENT ISSUE TRACKERS     *****
*****                                                       *****
*****************************************************************

Affected Version: 2.11.1

What steps will reproduce the problem?
1. ssh -p 29418 <Admin user@our gerrit server> gerrit ls-user-refs -p <our git> -u <Admin user> | tee log-before_upgrade_2.10.4
2.ssh -p 29418 <Admin user@our gerrit server> gerrit ls-user-refs -p <our git> -u <Admin user> | tee log-after_upgrade_2.11.1
3. diff log-after_upgrade_2.11.1 log-before_upgrade_2.10.4


What is the expected output? What do you see instead?
No difference was expected but found some additional references listed after upgrade which was then confirmed as references from branch which the admin user doesnt have access. It was given exclusive access to a group where the admin member is not part of. The listed changes were not accessible from GUI as expected and it was only getting listed with ssh ls-user-refs command

Please provide any additional information below.
We have verified these steps for normal users (developers) and offsite (more restricted than normal developers) and found no issues. Only Admin has this additional data getting displayed which they are not supposed to see. Yes only from ssh command line its displayed but not from GUI.
Jul 3, 2015
Project Member #1 edwin.ke...@gmail.com
Which refs differ in the result?
Status: AwaitingInformation
Jul 3, 2015
#2 rages...@gmail.com
Its the refs/changes .... sample as below
refs/changes/08/1001008/1
Jul 3, 2015
Project Member #3 edwin.ke...@gmail.com
(No comment was entered for this change.)
Status: New
Sign in to add a comment

Powered by Google Project Hosting