| Issue 668: | Read Access +2 inherited ACLs are excluded by specific rules that don't apply | |
| 1 person starred this issue and may be notified of changes. | Back to list |
Affected Version: 2.1.4 What steps will reproduce the problem? 1. Have a project inherit from another one (say All Projects) the default Read Access +2 for Registered Users for refs/* 2. Define a specific Read Access + 1 for Registered Users for a specific branch in that repository (refs/heads/foobar) 3. Try to push a change for code review on a different branch than the one above What is the expected output? What do you see instead? Should push it just fine. The specific branch restriction should not apply when pushing to refs outside of that branch namespace. Instead I get an error "Upload denied for project ...". Please provide any additional information below. I noticed the issue for Read Access and I did not try to reproduce it for other rights.
Aug 21, 2010
OK, so I fixed the bug you documented here in I4ff6c02918990b36447186c569ec95f0db21e3ac. Step 2 sounds like you want to block upload to refs/heads/foobar. To do that you would need it to be an exclusive right by starting with "-". Otherwise the inherited Read +2 is granted, and the user can still upload to foobar.
Status:
Fixed
Labels: -Milestone-2.1.5 FixedIn-2.1.5
Aug 23, 2010
Yeah, that was used as a technique to block Upload for other users to that specific branch in earlier Gerrit versions. Now I think I will use "-" prefixing for that but in the meantime found the reported bug :)
Mar 27, 2012
(No comment was entered for this change.)
Status:
Released
|
|
| ► Sign in to add a comment |
Labels: -Priority-Minor Priority-Major Milestone-2.1.5