[MediaWiki-commits] [Gerrit] Respect draft visibility when determining visibility of all ... - change (gerrit)

Fri, 17 May 2013 07:07:53 -0700 

QChris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/64308


Change subject: Respect draft visibility when determining visibility of all refs
......................................................................

Respect draft visibility when determining visibility of all refs

When determining whether or not all refs are visible, drafts were not
considered. Thereby, non-visible drafts could get pulled, or
non-visible drafts were browsable through gitweb.

As drafts are refs as well, we now check their readability as well,
when trying to determine whether or not all refs are visible.

This change makes 'View Drafts' permission mandatory to use the
internally managed gitweb, as there is no way to hide drafts from
there.

Change-Id: Id064c38986b667d00a8adcfcb4a31fc04f25cc23
---
M Documentation/config-gitweb.txt
M 
gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
2 files changed, 6 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/gerrit refs/changes/08/64308/1

diff --git a/Documentation/config-gitweb.txt b/Documentation/config-gitweb.txt
index 7ba15b8..6c6f06f 100644
--- a/Documentation/config-gitweb.txt
+++ b/Documentation/config-gitweb.txt
@@ -59,8 +59,10 @@
 Access Control
 ^^^^^^^^^^^^^^
 
-Access controls for internally managed gitweb page views are enforced
-using the standard project READ +1 permission.
+Access to view the internally managed gitweb pages is granted on a per
+project basis. Only the project's owners and users having both 'Read',
+and 'View Drafts' permission for all refs of a project are authorized
+to view the project's gitweb pages.
 
 External/Unmanaged gitweb
 ~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git 
a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
 
b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
index 3f107ec..420d53b 100644
--- 
a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
+++ 
b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
@@ -212,7 +212,8 @@
 
   public boolean allRefsAreVisibleExcept(Set<String> except) {
     return user instanceof InternalUser
-        || canPerformOnAllRefs(Permission.READ, except);
+        || (canPerformOnAllRefs(Permission.READ, except) &&
+            canPerformOnAllRefs(Permission.VIEW_DRAFTS, except));
   }
 
   /** Is this user a project owner? Ownership does not imply {@link 
#isVisible()} */

-- 
To view, visit https://gerrit.wikimedia.org/r/64308
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id064c38986b667d00a8adcfcb4a31fc04f25cc23
Gerrit-PatchSet: 1
Gerrit-Project: gerrit
Gerrit-Branch: wmf
Gerrit-Owner: QChris <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to