About permission evaluation for repository group owner.

toras toras9000 at gmail.com
Sun May 7 15:37:16 UTC 2023


Hi.


Commit abc29122c7f2 has been addressed to allow repository group owner changes.
I think the owner change itself is working.
However, for non-admin users, the permission evaluation in the repository group seems to be incorrect.

For example, if you try to create a repository in that repository group as a changed owner user, you will get the error 'no 
permission to create repo in xxxxxxxx'.
After a little research, it seemed to me that the repository_group_permissions() in auth.py, which is used beyond the 
HasRepoGroupPermissionLevel() call, needs to be evaluated for being the owner of the repository group.
Could you please confirm this?


Additionally, I have a question regarding the permission evaluation for repository groups, separate from the issue mentioned above.
Currently, regular users cannot create repositories within a repository group unless they have administrative privileges for the 
group.
I feel that requiring administrative privileges is a bit excessive.
What are your thoughts on this matter?



Thanks

--
toras9000




More information about the kallithea-general mailing list