About permission evaluation for repository group owner.
toras
toras9000 at gmail.com
Sun May 7 15:37:16 UTC 2023
Hi.
Commit abc29122c7f2 has been addressed to allow repository group owner changes.
I think the owner change itself is working.
However, for non-admin users, the permission evaluation in the repository group seems to be incorrect.
For example, if you try to create a repository in that repository group as a changed owner user, you will get the error 'no
permission to create repo in xxxxxxxx'.
After a little research, it seemed to me that the repository_group_permissions() in auth.py, which is used beyond the
HasRepoGroupPermissionLevel() call, needs to be evaluated for being the owner of the repository group.
Could you please confirm this?
Additionally, I have a question regarding the permission evaluation for repository groups, separate from the issue mentioned above.
Currently, regular users cannot create repositories within a repository group unless they have administrative privileges for the
group.
I feel that requiring administrative privileges is a bit excessive.
What are your thoughts on this matter?
Thanks
--
toras9000
More information about the kallithea-general
mailing list