How to prohibit someone from downloading project by “git clone” from gerrit server

73 views
Skip to first unread message

Jamie Berndsen

unread,
Apr 2, 2024, 2:58:03 AM4/2/24
to Repo and Gerrit Discussion
Hi all,  

now i have grant read permision to GroupA。Now UserB in GroupA,  i want to make  UserA view project repo only in Gitiles browser, and  prohibit  UserB   from downloading project  by “git clone” from gerrit server. How could i achieve this goal. 
 
looking forward to your reply
thank you

Sven Selberg

unread,
Apr 2, 2024, 5:05:51 AM4/2/24
to Repo and Gerrit Discussion
On Tuesday, April 2, 2024 at 8:58:03 AM UTC+2 Jamie Berndsen wrote:
Hi all,  

now i have grant read permision to GroupA。Now UserB in GroupA,  i want to make  UserA view project repo only in Gitiles browser, and  prohibit  UserB   from downloading project  by “git clone” from gerrit server. How could i achieve this goal. 

I don't think this is doable using Gerrit's ACLs since the ACLs doesn't differentiate between different kind of reads.

Ref access:
Create - git push, REST PUT/POST
Read - git fetch/git clone, REST GET
Update - git push, REST PUT/POST
Delete - git push --force, REST PUT/DELETE

AFAIK there's no out-of-the-box functionality to limit who can issue a git fetch/git clone.
Possibly you can accomplish this with a plugin and/or configuration of proxy servers.

But I don't see how you would gain anything by limiting who can fetch/clone from a access perspective, looking at the code in Gitiles has the same implications as git fetch:ing the code to a local machine, both are non-destructive reads and does not implicitly give the user Update or Delete.

/Sven
Reply all
Reply to author
Forward
0 new messages