New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user
Status: Released
Owner:
Last visit > 30 days ago
Closed: Feb 2016



Sign in to add a comment
ssh command allows creating groups with the same name as a system group
Project Member Reported by zaro0...@gmail.com, Jan 20 2016 Back to list
Affected Version: 2.11+

What steps will reproduce the problem?
1. Create a "Registered Users" group with the SSH command:  ssh -p 29418 localhost gerrit create-group '"Registered Users"'.  Gerrit doesn't prevent this and the group is created.
2. Now if you attempt to configure access rules with "Registered Users" group it will use this newly created group instead of the system group.

What is the expected output? What do you see instead?
Users should not be able to create internal groups with the same names as systems groups.

Please provide any additional information below.
This works as expected from the Gerrit UI [1] and from the REST API[2].  It also works as expected if you attempt to create duplicate internal group.


[1] With an Admin account, attempt to create a "Registered Users" group from the Gerrit UI.  Gerrit won't allow it, the response is "Resource already exists".  
 
[2] curl -X PUT --digest --digest --user $user:$pasword http://localhost:8080/a/groups/Registered%20Users
Response is "Group already exists"

 
Project Member Comment 1 by zaro0...@gmail.com, Jan 26 2016
Owner: zaro0...@gmail.com
Status: ChangeUnderReview
proposed fix: https://gerrit-review.googlesource.com/#/c/74312
Project Member Comment 2 by ekempin@google.com, Feb 8 2016
Labels: FixedIn-2.13
Status: Submitted
Project Member Comment 3 by huga...@gmail.com, Sep 22 2016
Status: Released
Sign in to add a comment