Forge Author Identity?

[Nicholas Mucci]

Hello,

I have a few people who are running into trouble when cherry-picking
changes and pushing those changes. I'm seeing this:

$ repo upload .
Counting objects: 15, done.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (8/8), 1.81 KiB, done.
Total 8 (delta 4), reused 0 (delta 0)
To ssh://gerrit.foobar.com:29418/foobar-android/platform/packages/apps/Browser
! [remote rejected] veri2 -> refs/for/eclair-master (you are not
author x...@foobar.com)
error: failed to push some refs to 'ssh://gerrit.foobar.com:29418/
foobar-android/platform/packages/apps/Browser'

I thought that with the Registered Users group having +1 Forge Author
Identity on all projects (including the one in the example above) and
on refs/* that this should work. What am I missing? Thanks!

-Nick

[Shawn Pearce]

That should be all you need.

Are there other per-branch Forge Author Identity access rules
defined? If so those would be overriding the wildcard you have,
resulting in it not being used.

[Nicholas Mucci]

I had the following Forge Identity permissions set on this project:

Forge Identity Registered Users refs/* +1: Forge Author Identity
Forge Identity Administrators refs/heads/* +1: Forge Author Identity,
+3: Forge Gerrit Code Review Server Identity
Forge Identity Branch Modifiers refs/heads/* +1: Forge Author
Identity, +3: Forge Gerrit Code Review Server Identity

I added the following:

Forge Identity Foobar Mergers refs/heads/* +1: Forge Author Identity,
+2: Forge Committer or Tagger Identity

and had the user in Foobar Mergers, and that allowed him to push his
cherry-picked changes. I'm ok with loosening up any of the first
three permissions if they are causing the problem.

Thank you for your help.

-Nick

On Jun 9, 6:32 pm, Shawn Pearce <s...@google.com> wrote:

[Shawn Pearce]

On Fri, Jun 11, 2010 at 08:42, Nicholas Mucci <nick....@gmail.com> wrote:
> I had the following Forge Identity permissions set on this project:
>
> Forge Identity  Registered Users        refs/*  +1: Forge Author Identity
> Forge Identity  Administrators  refs/heads/*    +1: Forge Author Identity,
> +3: Forge Gerrit Code Review Server Identity
> Forge Identity  Branch Modifiers        refs/heads/*    +1: Forge Author
> Identity, +3: Forge Gerrit Code Review Server Identity

I think the problem here is Registered Users is on refs/*. The other
two are on refs/heads/*. Because there are patterns on refs/heads/*
for Forge Identity, the first rule on refs/* is being completely
ignored. Try removing that line and changing it to "Forge Identity
Registered Users refs/heads/* +1 Forge Author Identity". I think it
will start to work again like you expected it to.

[Nicholas Mucci]

Shawn,

Sorry its taken a while for me to reply. Setting Registered Users to
have Forge Identity +1 on refs/heads/* seems to have solved the
problem; at least, I haven't had any new reports of it. I guess I
just didn't fully understand the access control mechanisms. Thank
you.

-Nick

On Jun 11, 10:50 am, Shawn Pearce <s...@google.com> wrote:
> On Fri, Jun 11, 2010 at 08:42, Nicholas Mucci <nick.mu...@gmail.com> wrote:
> > I had the followingForgeIdentitypermissions set on this project:
>
> >ForgeIdentity Registered Users        refs/*  +1:ForgeAuthorIdentity
> >ForgeIdentity Administrators  refs/heads/*    +1:ForgeAuthorIdentity,
> > +3:ForgeGerrit Code Review ServerIdentity
> >ForgeIdentity Branch Modifiers        refs/heads/*    +1:ForgeAuthor
> >Identity, +3:ForgeGerrit Code Review ServerIdentity

>
> I think the problem here is Registered Users is on refs/*.  The other
> two are on refs/heads/*.  Because there are patterns on refs/heads/*

> forForgeIdentity, the first rule on refs/* is being completely

> ignored.  Try removing that line and changing it to "ForgeIdentity

> Registered Users refs/heads/* +1ForgeAuthorIdentity".  I think it