limiting push access on certain branches

2,023 views
Skip to first unread message

Sean Soria

unread,
Oct 17, 2011, 7:30:03 PM10/17/11
to Repo and Gerrit Discussion
I have my repository set up with a number of branches.  I'd like to allow users upload access to all except master.  I've given access to refs/for/refs/* to everyone, but when I try to deny access to refs/for/refs/master, it doesn't seem to prevent anyone from uploading.  This is gerrit 2.2.1.

Nasser Grainawi

unread,
Oct 17, 2011, 7:37:32 PM10/17/11
to Sean Soria, Repo and Gerrit Discussion
On Oct 17, 2011, at 5:30 PM, Sean Soria wrote:

I have my repository set up with a number of branches.  I'd like to allow users upload access to all except master.  I've given access to refs/for/refs/* to everyone, but when I try to deny access to refs/for/refs/master, it doesn't

At the very least you want refs/heads/* and refs/heads/master (not refs/* and refs/master). Hopefully that's all you need to get it working.

Nasser

seem to prevent anyone from uploading.  This is gerrit 2.2.1.


-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum

Sean Soria

unread,
Oct 19, 2011, 3:17:56 PM10/19/11
to Nasser Grainawi, Repo and Gerrit Discussion
That doesn't seem to work.  I've got Push Allow on refs/for/refs/* and Push Deny on refs/for/refs/heads/master and I'm still able to upload a change for master.

On Wed, Oct 19, 2011 at 7:24 AM, Nasser Grainawi <nas...@codeaurora.org> wrote:
Sorry, wasn't clear enough. refs/for/refs/heads/* and refs/for/refs/heads/master

Make more sense?

On Oct 17, 2011, at 11:05 PM, Sean Soria wrote:

Doesn't that allow pushing directly to the branch?  I meant I wanted push for review access to all but master.

Nasser Grainawi

unread,
Oct 19, 2011, 4:05:10 PM10/19/11
to Sean Soria, Repo and Gerrit Discussion
Is Push Allow and Push Deny the right perms? I would think those limit direct push, not upload for review. (I don't know the 2.2.1 access controls well yet).

Oleksandr Presich

unread,
Jul 5, 2013, 9:47:06 AM7/5/13
to repo-d...@googlegroups.com, Sean Soria
Hello guys. I still have the same problem with 2.5.1 version.

Has anybody found a workaround?

Thanks!

Середа, 19 жовтня 2011 р. 23:05:10 UTC+3 користувач Nasser Grainawi написав:

Bailey, Darragh

unread,
Jul 6, 2013, 1:20:04 AM7/6/13
to Oleksandr Presich, repo-d...@googlegroups.com, Sean Soria

Hi,

 

I believe you’ll need to set the ‘exclusive’ mode on the permisions for refs/for/refs/heads/master for it to override the refs/for/refs/head/* if you want to override generic wildcard permissions with branch specific permissions.

 

Example is available in the gerrit documentation:

https://gerrit-review.googlesource.com/Documentation/access-control.html#_project_access_control_lists

 

See where it discusses restricting access to perform Code Reviews on a refs/heads/qa branch so that it is only possible for members of a QA Leads group.

 

I haven’t tried it when using deny permissions, but it seems likely that the same rules would also apply.

 

--

Darragh Bailey

“Nothing is foolproof to a sufficiently talented fool” - unknown

 

--

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Reply all
Reply to author
Forward
0 new messages