Issue 668: Read Access +2 inherited ACLs are excluded by specific rules that don't apply
Status:  Released
Owner: ----
Closed:  Mar 2012
Reported by di...@google.com, Aug 19, 2010
Affected Version: 2.1.4

What steps will reproduce the problem?
1. Have a project inherit from another one (say All Projects) the default Read Access +2 for Registered Users for refs/*
2. Define a specific Read Access + 1 for Registered Users for a specific branch in that repository (refs/heads/foobar)
3. Try to push a change for code review on a different branch than the one above

What is the expected output? What do you see instead?
Should push it just fine. The specific branch restriction should not apply when pushing to refs outside of that branch namespace. Instead I get an error "Upload denied for project ...".

Please provide any additional information below.
I noticed the issue for Read Access and I did not try to reproduce it for other rights.
Aug 19, 2010
#1 sop@google.com
(No comment was entered for this change.)
Status: Accepted
Labels: -Priority-Minor Priority-Major Milestone-2.1.5
Aug 21, 2010
#2 sop@google.com
OK, so I fixed the bug you documented here in
I4ff6c02918990b36447186c569ec95f0db21e3ac.

Step 2 sounds like you want to block upload to
refs/heads/foobar.  To do that you would need
it to be an exclusive right by starting with "-".
Otherwise the inherited Read +2 is granted, and
the user can still upload to foobar.
Status: Fixed
Labels: -Milestone-2.1.5 FixedIn-2.1.5
Aug 23, 2010
#3 di...@google.com
Yeah, that was used as a technique to block Upload for other users to that specific branch in earlier Gerrit versions. Now I think I will use "-" prefixing for that but in the meantime found the reported bug :)
Mar 27, 2012
#4 sop@google.com
(No comment was entered for this change.)
Status: Released