Bug P2
Status Update
No update yet.
Comments
lu...@gmail.com
Background: the AccountLimits class did not take into consideration the InternalUser and was applying the ACLs and returning always the default 500 value.
ap...@google.com
Project: gerrit
Branch: master
commit beea169a6a27341f42bc2e7234fac76cef42f903
Author: Marcin Czech <maczech@gmail.com>
Date: Thu May 23 12:45:32 2024
Ignore global capabilities ACLs query limit for internal user
InternalUser does not belong to any group. This mean that always falls
back to the default query limit of 500. InternalUser should not be
subject to ACLs or user limits at all. The only limit that should be
respected is the inherent limit of the indexing backend.
Bug:
Release-Notes: Ignore global ACLs query limit for internal user
Change-Id: I5eecbd902d32f5eff61da7b8c3cfd5ef6da8c138
M java/com/google/gerrit/server/account/AccountLimits.java
A javatests/com/google/gerrit/acceptance/server/account/AccountLimitsIT.java
https://gerrit-review.googlesource.com/426157
Branch: master
commit beea169a6a27341f42bc2e7234fac76cef42f903
Author: Marcin Czech <maczech@gmail.com>
Date: Thu May 23 12:45:32 2024
Ignore global capabilities ACLs query limit for internal user
InternalUser does not belong to any group. This mean that always falls
back to the default query limit of 500. InternalUser should not be
subject to ACLs or user limits at all. The only limit that should be
respected is the inherent limit of the indexing backend.
Bug:
Release-Notes: Ignore global ACLs query limit for internal user
Change-Id: I5eecbd902d32f5eff61da7b8c3cfd5ef6da8c138
M java/com/google/gerrit/server/account/AccountLimits.java
A javatests/com/google/gerrit/acceptance/server/account/AccountLimitsIT.java
Description
Step to reproduce
Registered-UsersExpected result
The metric should return 501
Obtained result
The metric returns 500
Observation
Internal users queries shouldn't be limited by ACLs, because they are by definition above that. Any limits, except the indexing backend, should be bypassed. Somehow the limit set to
5in the ACLs is ignored, but for a different reason:InternalUserdoes not belong toRegistered-Usersand, actually, doesn't belong to any group.However,
InternalUserthen falls back to the default limit of500(hardcoded) which also does not make sense because theInternalUsershould not be subject to ACLs or user limits at all.The only limit that should be respected is the inherent limit of the indexing backend.