Behavior of create_repo API as a general user
Mads Kiilerich
mads at kiilerich.com
Fri Jan 15 21:25:52 UTC 2021
This has now been fixed in the stable branch and will be included in the
next release - no matter if it will be 0.6.4 or 0.7 .
Thanks for the report.
/Mads
On 1/3/21 2:38 AM, toras wrote:
> Hi
>
> Thank you for your answer.
>
> I understand that it is a process of changing the interpretation of
> this setting value.
> I'm looking forward to future versions including behavior fixes.
>
> Thanks
>
> ----
> toras9000
>
> On 2021/01/03 7:49, Mads Kiilerich wrote:
>> Hi
>>
>> You are right. Kallithea has some bugs around API permission
>> handling. It is not
>> using the "create top-level repositories" permissions correctly.
>>
>> This problem is related to the
>> "This will also give all users API access to create repositories
>> everywhere.
>> That might change in future versions."
>> note, even though you see the opposite problem.
>>
>> This behaviour is kind of intentional -
>> https://kallithea-scm.org/repos/kallithea/changeset/6620542597d3 -
>> and with some
>> awareness in the test suite -
>> https://kallithea-scm.org/repos/kallithea-incoming/changeset/975f5769be08
>> ...
>> but doesn't match what hg.create.repositoryactually means:
>> https://kallithea-scm.org/repos/kallithea/changeset/8aad6a324739#kallitheamodeldbpy_n1676
>>
>>
>> I propose
>> https://kallithea-scm.org/repos/kallithea/pull-request/303/_/api_permission_check
>> to
>> fix this.
>>
>> /Mads
>>
>>
More information about the kallithea-general
mailing list