我在gerrit中为我的公司设置了访问控制,在我们当前的内部流程中,同行评审员和编码员之间存在交叉(他们往往是同一群人)。我们还希望只需要1位评论员对代码进行同行评审,如果看起来不错,请提交。
使用默认设置,任何具有+2: Looks good to me, approved选项的用户都可以查看自己的代码。
有没有办法阻止作者查看自己的代码,但仍然允许他们全面审查其他代码?我无法在访问控制组设置或权限设置中找到任何类型的排除作者。
答案 0 :(得分:4)
The Gerrit Cookbook Example 8并不严格阻止作者查看他/她自己的更改,但在提交之前需要其他人+2。
答案 1 :(得分:2)
这对我有用,但这是一个快速的黑客攻击:
我已经调整了我之前的答案,所以它不会假设您使用的是mysql服务器。
您可能希望将日志文件移动到任何正常日志轮换的位置 - 可能在../ logs / comment-added.log中。
我试图把可配置位拉到前面。将此文件称为comment-hook和 把它放在$ gerrit_root / hooks,chmod it 755或类似的。在管理员中设置机器人用户 组,所以钩子可以使用sql接口(并在有足够+ 1s的东西上注释+2)。
#!/usr/bin/perl
#
# comment-hook for a +2 approval from a simple quorum of +1 votes.
#
# Licence: Public domain. All risk is yours; if it breaks, you get to keep both pieces.
$QUORUM = 2; # Total number of +1 votes causing a +2
$PLEBIANS = 'abs(value) < 2'; # or 'value = 1' to ignore -1 unvotes
$AUTO_SUBMIT_ON_QUORACY = '--submit'; # or '' for none
$AND_IGNORE_UPLOADER = 'and uploader_account_id != account_id'; # or '' to let uploaders votes count
$GERRIT_SSH_PORT = 29418;
$SSH_PRIVATE_KEY = '/home/gerrit2/.ssh/id_rsa';
$SSH_USER_IN_ADMIN_GROUP = 'devuser';
# Hopefully you shouldn't need to venture past here.
$SSH = "ssh -i $SSH_PRIVATE_KEY -p $GERRIT_SSH_PORT $SSH_USER_IN_ADMIN_GROUP\@localhost";
$LOG = "/home/gerrit2/hooks/log.comment-added";
open LOG, ">>$LOG" or die;
sub count_of_relevant_votes {
# Total selected code review votes for this commit
my $relevance = shift;
$query = "
select sum(value) from patch_sets, patch_set_approvals
where patch_sets.change_id = patch_set_approvals.change_id
and patch_sets.patch_set_id = patch_set_approvals.patch_set_id
and revision = '$V{commit}'
and category_id = 'CRVW'
and $relevance
$AND_IGNORE_UPLOADER
;";
$command = "$SSH \"gerrit gsql -c \\\"$query\\\"\"";
#print LOG "FOR... $command\n";
@lines = qx($command);
chomp @lines;
#print LOG "GOT... ", join("//", @lines), "\n";
# 0=headers 1=separators 2=data 3=count and timing.
return $lines[2];
}
sub response {
my $review = shift;
return "$SSH 'gerrit review --project=\"$V{project}\" $review $V{commit}'";
}
# ######################
# Parse options
$key='';
while ( $_ = shift @ARGV ) {
if (/^--(.*)/) {
$key = $1;
}
else {
$V{$key} .= " " if exists $V{$key};
$V{$key} .= $_;
}
}
#print LOG join("\n", map { "$_ = '$V{$_}'" } keys %V), "\n";
# ######################
# Ignore my own comments
$GATEKEEPER="::GATEKEEPER::";
if ($V{comment} =~ /$GATEKEEPER/) {
# print LOG localtime() . "$V{commit}: Ignore $GATEKEEPER comments\n";
exit 0;
}
# ######################
# Forbear to analyse anything already +2'd
$submittable = count_of_relevant_votes('value = 2');
if ($submittable > 0) {
# print LOG "$V{commit} Already +2'd by someone or something.\n";
exit 0;
}
# ######################
# Look for a consensus amongst qualified voters.
$plebicite = count_of_relevant_votes($PLEBIANS);
#if ($V{comment} =~ /TEST:(\d)/) {
# $plebicite=$1;
#}
# ######################
# If there's a quorum, approve and submit.
if ( $plebicite >= $QUORUM ) {
$and_submitting = ($AUTO_SUBMIT_ON_QUORACY ? " and submitting" : "");
$review = " --code-review=+2 --message=\"$GATEKEEPER approving$and_submitting due to $plebicite total eligible votes\" $AUTO_SUBMIT_ON_QUORACY";
}
else {
$review = " --code-review=0 --message=\"$GATEKEEPER ignoring $plebicite total eligible votes\"";
# print LOG "$V{commit}: $review\n";
exit 0;
}
$response = response($review);
print LOG "RUNNING: $response\n";
$output = qx( $response 2>&1 );
if ($output =~ /\S/) {
print LOG "$V{commit}: output from commenting: $output";
$response = response(" --message=\"During \Q$review\E: \Q$output\E\"");
print LOG "WARNING: $response\n";
$output = qx( $response 2>&1 );
print LOG "ERROR: $output\n";
}
exit 0;
答案 2 :(得分:0)
Gerrit允许您设置prolog“提交规则”,以定义何时可以提交更改。
documentation包含几个例子,包括阻止作者批准自己更改的例子。
答案 3 :(得分:0)
我刚刚为Gerrit安装编写了这个prolog过滤器。我在父项目中将其作为submit_filter,因为我希望它适用于我们系统中的所有项目。
%filter to require all projects to have a code-reviewer other than the owner
submit_filter(In, Out) :-
%unpack the submit rule into a list of code reviews
In =.. [submit | Ls],
%add the non-owner code review requiremet
reject_self_review(Ls, R),
%pack the list back up and return it (kinda)
Out =.. [submit | R].
reject_self_review(S1, S2) :-
%set O to be the change owner
gerrit:change_owner(O),
%find a +2 code review, if it exists, and set R to be the reviewer
gerrit:commit_label(label('Code-Review', 2), R),
%if there is a +2 review from someone other than the owner, then the filter has no work to do, assign S2 to S1
R \= O, !,
%the cut (!) predicate prevents further rules from being consulted
S2 = S1.
reject_self_review(S1, S2) :-
%set O to be the change owner
gerrit:change_owner(O),
find a +2 code review, if it exists, and set R to be the reviewer
gerrit:commit_label(label('Code-Review', 2), R),
R = O, !,
%if there isn't a +2 from someone else (above rule), and there is a +2 from the owner, reject with a self-reviewed label
S2 = [label('Self-Reviewed', reject(O))|S1].
%if the above two rules didn't make it to the ! predicate, there aren't any +2s so let the default rules through unfiltered
reject_self_review(S1, S1).
此规则相对于rule #8 from the cookbook的好处(IMO)是:
Self-Reviewed标签,而不是在每次更改时向添加Non-Author-Code-Review标签reject(O)规则会导致Self-Reviewed标签字面上成为红旗submit_filter而不是submit_rule,此规则安装在父项目中并适用于所有子项目 请注意:此规则是为防止Owner自我审核更改而创作的,而菜谱中的示例则与Author进行比较。根据您的工作流程,您可能希望将gerrit:change_owner(O)谓词替换为gerrit:commit_author(O)或gerrit:commit_committer(O)
答案 4 :(得分:0)
您可以从访问选项卡中的GUI执行此操作。 转到/ refs / heads / section - &gt;在标签代码 - 审核部分中添加“更改所有者”组 - &gt;选择-1 .. + 1
这将使更改所有者获得-1至+1
的特权