<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">Hi</div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">You are right. Kallithea has some bugs
      around API permission handling. It is not using the "create
      top-level repositories" permissions correctly.</div>
    <div class="moz-cite-prefix"></div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">This problem is related to the</div>
    <div class="moz-cite-prefix">"<span class="help-block">This will
        also give all users API access to create repositories
        everywhere. That might change in future versions."</span></div>
    <div class="moz-cite-prefix"><span class="help-block">note, even
        though you see the opposite problem.</span></div>
    <br>
    <div class="moz-cite-prefix"><span class="help-block">This behaviour
        is kind of intentional -
        <a class="moz-txt-link-freetext" href="https://kallithea-scm.org/repos/kallithea/changeset/6620542597d3">https://kallithea-scm.org/repos/kallithea/changeset/6620542597d3</a>
        - and with some awareness in the test suite -
<a class="moz-txt-link-freetext" href="https://kallithea-scm.org/repos/kallithea-incoming/changeset/975f5769be08">https://kallithea-scm.org/repos/kallithea-incoming/changeset/975f5769be08</a>
        ... but doesn't match what </span>hg.create.repository<span
        class="help-block"></span><span class="help-block"> actually
        means:
<a class="moz-txt-link-freetext" href="https://kallithea-scm.org/repos/kallithea/changeset/8aad6a324739#kallitheamodeldbpy_n1676">https://kallithea-scm.org/repos/kallithea/changeset/8aad6a324739#kallitheamodeldbpy_n1676</a></span><span
        class="help-block"><br>
      </span></div>
    <div class="moz-cite-prefix"><span class="help-block"><br>
      </span></div>
    <div class="moz-cite-prefix"><span class="help-block">I propose
<a class="moz-txt-link-freetext" href="https://kallithea-scm.org/repos/kallithea/pull-request/303/_/api_permission_check">https://kallithea-scm.org/repos/kallithea/pull-request/303/_/api_permission_check</a>
        to fix this.<br>
      </span></div>
    <div class="moz-cite-prefix"><span class="help-block"><br>
      </span></div>
    <div class="moz-cite-prefix"><span class="help-block">/Mads</span></div>
    <div class="moz-cite-prefix"><span class="help-block"><br>
      </span></div>
    <div class="moz-cite-prefix"><br>
    </div>
    <div class="moz-cite-prefix">On 1/2/21 7:20 PM, toras wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:91829be0-78be-7dec-3bd0-87809cafea3a@gmail.com">Hi
      <br>
      <br>
      I have doubts about the behavior of 'create_repo' in Kallithea's
      API, so I will post it.
      <br>
      The version of kallithea I'm using is 0.6.3.
      <br>
      <br>
      A 'create_repo' request to a repository group for which the
      account has write permissions also appears to fail if top-level
      repository creation is disabled.
      <br>
      The same request succeeds when I enable the create top-level
      repository setting.
      <br>
      Regardless of top-level settings, I can use that account to create
      repositories from the web into repository groups.
      <br>
      <br>
      I didn't understand if the explanation of 'Note' on the setting
      screen means "Failed even if I have write permission".
      <br>
      <br>
      For the time being, the situation I tried is described below.
      <br>
      <br>
      The request was made like this.
      <br>
      ```
      <br>
      curl <a class="moz-txt-link-freetext" href="http://localhost:5000/_admin/api">http://localhost:5000/_admin/api</a> -X POST -H
      'content-type:text/plain' --data-binary
'{"id":1,"api_key":"0ae8322ce787f08771c6b3570765318fb0360ad6","method":"create_repo","args":{"repo_name":"grp/test",
      "repo_type":"git"}}'
      <br>
      ```
      <br>
      <br>
      The response in case of failure is like this.
      <br>
      ```
      <br>
      {"id": 1, "result": null, "error": "Internal server error"}
      <br>
      ```
      <br>
      <br>
      The console output of kallithea at that time looks like the
      following.
      <br>
      ```
      <br>
      2021-01-02 17:25:23.087 DEBUG [JSONRPC] Trying to find JSON-RPC
      method: create_repo
      <br>
      2021-01-02 17:25:23.087 INFO  [JSONRPC] IP: 127.0.0.1 Request to
      /_admin/api time: 0.012s
      <br>
      2021-01-02 17:25:23.127 ERROR [JSONRPC] Encountered unhandled
      exception: Traceback (most recent call last):
      <br>
        File
"/home/kallithea/.local/lib/python3.6/site-packages/kallithea/controllers/api/__init__.py",
      line 225, in _rpc_call
      <br>
          raw_response = getattr(self, action)(**rpc_args)
      <br>
        File "<decorator-gen-73>", line 2, in create_repo
      <br>
        File
"/home/kallithea/.local/lib/python3.6/site-packages/kallithea/lib/auth.py",
      line 664, in __wrapper
      <br>
          raise HTTPForbidden()
      <br>
      webob.exc.HTTPForbidden: Access was denied to this resource.
      <br>
      ```
      <br>
      <br>
      # I rely on translation tools. I'm sorry if there is a strange
      sentence.
      <br>
      <br>
      <br>
      Thanks
      <br>
      <br>
      ----
      <br>
      toras9000
      <br>
      <br>
      _______________________________________________
      <br>
      kallithea-general mailing list
      <br>
      <a class="moz-txt-link-abbreviated" href="mailto:kallithea-general@sfconservancy.org">kallithea-general@sfconservancy.org</a>
      <br>
      <a class="moz-txt-link-freetext" href="https://lists.sfconservancy.org/mailman/listinfo/kallithea-general">https://lists.sfconservancy.org/mailman/listinfo/kallithea-general</a>
      <br>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>