x/build: give a few people access to delete TryBot-Result label, but not change it #21299
Comments
|
Btw, the harm in the current system is that the UI is cluttered now and it's too easy to accidentally "vote" on TryBot-Result instead of Run-TryBot:
|
|
Andy, did you see this earlier? |
|
I did not. Will take a look. Need to go through all my assigned bugs. |
|
/cc @FiloSottile FYI, since you're changing or considering changing Gerrit permissions. |
|
Pretty sure I fixed this at some point, and it should not be possible for people to vote TryBot-Result anymore. If that's not the case, please reopen.
|
|
That's not what this bug is about. This bug is about letting people delete TryBot-Result but not change it. |
|
Oh, nevermind... this is indeed fixed. I thought you were just showing that you don't have permission to change it, whereas my concern was for people who did have the permission. But I can see that I can both delete the TryBot-Result label and also not change it. Let me look through the git history to see when & how that was fixed. |
commit 9a62ff8f7f73852684d6fef26e57e679057ba655
Author: Filippo Valsorda <filippo@golang.org>
Date: Wed Jun 6 20:48:03 2018 +0000
Let trybot-result-changers change TryBot-Result
Current permission only lets them cast it on their own behalf.
Change-Id: I90c09cba2e157152de6946f592f9833537841827
Reviewed-on: https://go-review.googlesource.com/116760
Reviewed-by: Filippo Valsorda <filippo@golang.org>
diff --git a/project.config b/project.config
index b3f86a9..0ab6c4a 100644
--- a/project.config
+++ b/project.config
@@ -52,9 +52,9 @@
editTopicName = group approvers
label-Run-TryBot = +0..+1 group approvers
label-Run-TryBot = +0..+1 group may-start-trybots
- label-TryBot-Result = -1..+1 group trybot-result-changers
editHashtags = group approvers
editHashtags = group gobot
+ labelAs-TryBot-Result = group trybot-result-changers
[access "refs/meta/config"]
exclusiveGroupPermissions = read
read = group Project Ownersand commit e5f87f16b9926cde199b363057a18b853d9d71c0
Author: Filippo Valsorda <filippo@golang.org>
Date: Wed Jun 6 23:27:16 2018 +0000
Restore gobot's permission to cast TryBot-Result
gobot was using its membership of trybot-result-changers to do that,
but that group was switched to casting the vote on behalf of in
I90c09cba2e157152de6946f592f9833537841827
Change-Id: I94df0d7c546ecef94f783ff1f175374773ab43cc
Reviewed-on: https://go-review.googlesource.com/116764
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/project.config b/project.config
index 0ab6c4a..c0e2b09 100644
--- a/project.config
+++ b/project.config
@@ -55,6 +55,7 @@
editHashtags = group approvers
editHashtags = group gobot
labelAs-TryBot-Result = group trybot-result-changers
+ label-TryBot-Result = -1..+1 group gobot
[access "refs/meta/config"]
exclusiveGroupPermissions = read
read = group Project OwnersAh, so it's "
Update: durr, the same docs I found and replied with two years ago. |
Currently we have a Gerrit group called "trybot-result-changers":
https://go-review.googlesource.com/admin/groups/1025
The intent of that group is that some people can delete TryBot-Result on failed flakes and cause the trybots to re-run.
But the way we implemented that group is this ACL:
(in All-Projects project.config)
I think we want to use this instead:
https://gerrit-review.googlesource.com/Documentation/access-control.html#category_review_labels
We want some people to be able to delete the gopherbot's TryBot-Result label, but not set it themselves.
Is that possible?
Leaving for @andybons
The text was updated successfully, but these errors were encountered: