Issue 672: Branch owners cannot add exclusive ACLs.
Status:  Released
Owner: ----
Closed:  Aug 2010
Reported by maze@google.com, Aug 20, 2010
Gerrit 2.1.4
This is effectively a regression from 2.1.2, since '-' syntax was not required for ACL sub-delegation in previous versions of Gerrit.

Having the following project access rights:

  Owner  Admin  refs/*            +1: Administer All Settings
  Owner  Blah   refs/heads/x/*    +1: Administer All Settings
  Owner  Blah   -refs/heads/x/*   +1: Administer All Settings

Does not allow a member of Blah to add a new access right starting with a minus ('-') - for example a member of Blah trying to add:
  Submit  Blah  -refs/heads/x/*   +1: Submit
fails with an "Application Error: the page you requested was not found", but succeeds as an Admin.

Furthermore I would venture to say that the above "Owner Blah -refs/heads/x/*..." access right (ie. the one with the minus) should not be necessary (and indeed not having it doesn't fix the problem).
Aug 21, 2010
#1 sop@google.com
This will be fixed in 2.1.5 by change
I8842ed89eb8011f06e0bd7b78c8d4df633270491.

You are correct that the rule "Owner Blah -refs/heads/x/*"
isn't necessary.  The problem was actually caused by Gerrit
testing a literal "-refs/heads/x/master" string, which would
have failed every ACL, as none of them look like that during
evaluation.  (During evaluation the leading "-" is stripped
from a rule and moved over to a boolean field.)
Status: Fixed
Labels: FixedIn-2.1.5
Aug 27, 2010
#2 maze@google.com
I can add, but I can't delete.

With above setup, just added:

Submit	Blah  -refs/heads/x/bar  +1: Submit

But now can't delete it.

Also can't delete:

Owner  Blah   -refs/heads/x/*   +1: Administer All Settings
Aug 27, 2010
#3 sop@google.com
I assume this delete trouble is on 2.1.5?
Status: Accepted
Labels: -Priority-Minor -FixedIn-2.1.5 Priority-Major Milestone-2.1.6
Aug 27, 2010
#4 maze@google.com
yup.
Aug 28, 2010
#5 sop@google.com
Sadly it was the same bug, different class.  :-(

Fixed in I2ac508d2ccdf6c0d301faddefc4328af250436af
Status: Submitted
Labels: -Milestone-2.1.6 FixedIn-2.1.6
Dec 15, 2010
#6 sop@google.com
(No comment was entered for this change.)
Status: Released