What do I mean? Well, Gerrit is a code review tool. But the default setup of the tool is to allow you to accept your own reviews and submit them directly - you can push for review, +2, and then submit.
I mean, this blows my mind. Why on earth would this be allowed, by default, in a code review tool? I know some projects might see a good reason for it - I found a few discussions about them on the Issue 308 that discusses this very topic. Two people saying "I do this" seems to make it the default behaviour.
So in my case, it was important that I could set this on the Permissions Project - it happens across all our projects. So the example from the Gerrit Cookbook - which uses Prolog (that hurt my brain the last time I tried to learn it at University) only allows you to do it on a per project basis. So I needed a submit_filter rather than a submit_rule.
So to put this somewhere so I don't forget it or lose it, here is my series of commands:
git clone ....
git fetch origin refs/meta/config
git branch refs/meta/config
git checkout refs/meta/config
git add rules.pl
git commit -a -m "your message"
git push origin HEAD:refs/meta/config
in rules.pl you put:
In =.. [submit | Ls],
Out =.. [submit | R].
add_non_author_approval(S1, S2) :-
gerrit:commit_label(label('Code-Review', 2), R),
R \= A, !,
S2 = [label('Non-Author-Code-Review', ok(R)) | S1].
add_non_author_approval(S1, [label('Non-Author-Code-Review', need(_)) | S1]).
PS this is about preventing gerrit users from moderating their own commits or reviews and allowing them to submit. Just in case this sentence makes it easier for Google Search to find it.