<html><head></head><body><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div></div>
<div>Also just tested now, it's because he is an admin. There was no "<span style="font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;">privilege escalation". I tested by creating a change as an admin, then a user adding a file. And saw no delete button under that user account.</span></div><div><br></div>
<div id="yahoo_quoted_0513694560" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Tuesday, 6 March 2018, 16:10:34 GMT, Paladox <thomasmulhall410@yahoo.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div></div>
<div>I've filled this upstream <a href="https://bugs.chromium.org/p/gerrit/issues/detail?id=8493&q=&colspec=ID%20Type%20Stars%20Milestone%20Status%20Priority%20Owner%20Summary" rel="nofollow" target="_blank">https://bugs.chromium.org/p/gerrit/issues/detail?id=8493</a> it seems it was me who added this functionality in gerrit <a href="https://github.com/GerritCodeReview/gerrit/commit/580ae0e94659dcb09463775b93472be129905949" class="ydp8b5e19eaurl" style="margin: 0px; padding: 0px; font-size: 12px; word-wrap: break-word; color: rgb(0, 0, 238); border-top-color: rgb(0, 0, 238); border-right-color: rgb(0, 0, 238); border-left-color: rgb(0, 0, 238); border-bottom-width: 1px; border-bottom-style: dotted; font-family: Courier;" rel="nofollow" target="_blank">https://github.com/GerritCodeReview/gerrit/commit/580ae0e94659dcb09463775b93472be129905949</a> . </div><div><br></div><div><br></div>
<div id="yahoo_quoted_1206171155" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Tuesday, 6 March 2018, 10:02:16 GMT, Jaime Crespo <jcrespo@wikimedia.org> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="yiv8927934248"><div><div dir="ltr"><div>> I suppose if you took control of a change (via adding your patch set to the CR) it would result in you deleting others' changes.<br clear="none"><br clear="none"></div>I didn't, I think it was because I was a gerrit admin.<br clear="none"></div><div class="yiv8927934248gmail_extra"><br clear="none"><div class="yiv8927934248yqt4309405581" id="yiv8927934248yqt03493"><div class="yiv8927934248gmail_quote">On Tue, Mar 6, 2018 at 1:36 AM, Chad Horohoe <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:chorohoe@wikimedia.org" target="_blank" href="mailto:chorohoe@wikimedia.org">chorohoe@wikimedia.org</a>></span> wrote:<br clear="none"><blockquote class="yiv8927934248gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div dir="ltr"><div class="yiv8927934248gmail_quote"><span class="yiv8927934248"></span><div dir="ltr">On Mon, Mar 5, 2018 at 12:01 PM Jaime Crespo <<a rel="nofollow" shape="rect" ymailto="mailto:jcrespo@wikimedia.org" target="_blank" href="mailto:jcrespo@wikimedia.org">jcrespo@wikimedia.org</a>> wrote:<br clear="none"></div><blockquote class="yiv8927934248gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div dir="ltr"><div>I just been told there is now a delete button, DON'T USE IT- I just pressed it by mistake after entering in edit mode thinking it was a "discard patch started on web interface" (but it is very easy to pres it by mistake), and apparently it removes the entire CR. I was told by Paladox this is a new feature on gerrit, and I do not like it already. I managed to delete the work of a workmate. :-(<br clear="none"><br clear="none">I could restore everthing from the database backups, but as it also deletes the git files content, it doesn't work without it -it cannot be reverted- only text can be recover from the database in not the nicest formatting.<br clear="none"><br clear="none"></div>Apologies for the damages caused. Should I file a ticket to propose to disable such a button from the UI?</div></blockquote><div><br clear="none"></div><div>Sooooo, this is supposed to be "Delete Own Changes" but I suppose if you took control of a change (via adding your patch set to the CR) it would result in you deleting others' changes. That's a *horrible* privilege escalation!</div><div><br clear="none"></div><div>No need for a ticket, I've disabled this.</div><span class="yiv8927934248HOEnZb"><font color="#888888"></font></span><div><br clear="none"></div><div>-Chad</div></div></div>
</blockquote></div></div><br clear="none"><br clear="all"><br clear="none">-- <br clear="none"><div class="yiv8927934248gmail_signature"><div dir="ltr"><div>Jaime Crespo<br clear="none"></div><<a rel="nofollow" shape="rect" target="_blank" href="http://wikimedia.org">http://wikimedia.org</a>><br clear="none"></div></div>
</div></div></div><div class="yqt4309405581" id="yqt00332">_______________________________________________<br clear="none">QA mailing list<br clear="none"><a shape="rect" ymailto="mailto:QA@lists.wikimedia.org" href="mailto:QA@lists.wikimedia.org">QA@lists.wikimedia.org</a><br clear="none"><a shape="rect" href="https://lists.wikimedia.org/mailman/listinfo/qa" target="_blank">https://lists.wikimedia.org/mailman/listinfo/qa</a><br clear="none"></div></div>
</div>
</div></div>
</div>
</div></div></body></html>