Issue 2841: REST:API can not do POST/PUT/DELETE
Status:  Invalid
Owner: ----
Closed:  Aug 2014
Reported by xu...@yahoo-inc.com, Aug 18, 2014
************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

I have set the project owner with "Anonymous Users" group.  But I still get 403 error when try to call REST PUT/DELETE/POST API


Aug 19, 2014
#1 dborowitz@google.com
Which endpoints specifically?

I would not be at all surprised to find that some/many endpoints don't work with anonymous users, even if you've granted what seems like the correct permissions.
Aug 19, 2014
#2 xu...@yahoo-inc.com
two cases:
1. Set "Anonymous Users" can create projects in global capability.  REST API 403 error.

2. "Tom" is the owner of one project and already submit an code review id = "99999",
Through REST API to update more comments,  403 error 
Aug 19, 2014
#3 xu...@yahoo-inc.com
by the way, i use "development_become_any_account" mode,  how to do authentication in REST call
Aug 20, 2014
Project Member #4 david.pu...@sonymobile.com
Using development_become_any_account does not make any difference to authentication.  You still give the account a username, generate the HTTP password, and then use those to authenticate with HTTP digest authentication as described in the REST API documentation.

Aug 20, 2014
#5 xu...@yahoo-inc.com
development_become_any_account  no need password based on my experience, just a username.  so how to associate the username and password ?  
I mean how does Gerrit verify the password? I just leave the password blank, but failed.

 
Aug 20, 2014
#6 xu...@yahoo-inc.com
where does Gerrit store the user password?  Currently I will tom as the admin of Gerrit, but I do not know where to set the password for "tom"
Aug 20, 2014
#7 xu...@yahoo-inc.com
one more question: if a user in the "administrator" group, does it mean, he can run all the REST APIs without any permission issue?  with default global capabilities
Aug 20, 2014
#8 xu...@yahoo-inc.com
resolved
Aug 20, 2014
Project Member #9 david.pu...@sonymobile.com
Set the http password in the user account, and use that.

I see you've commented as "resolved", so I will close this.

Status: Invalid