About permission evaluation for repository group owner.

toras toras9000 at gmail.com
Tue May 9 14:04:50 UTC 2023


Hi.


Thank you for confirming.

 > I propose https://kallithea-scm.org/repos/kallithea-incoming/changeset/dee1b60bad29621882eb769eb5bc8707647ccf1d .

As far as I have tried, I believe this change fixes the new owner to operate correctly. (Both from the web and from the API.)


 > I propose https://kallithea-scm.org/repos/kallithea-incoming/changeset/bf7369172810fb1a9452af767a2168edba3dc2f3

I believe that this change is also necessary to properly remove permissions from the previous owner.


 > Do you see other problems related to these changes? Any other places where the code makes incorrect assumptions on repo groups
 > and owner / permissions?

Related to the second issue, there seems to be a problem that "the owner (non-super user) of a group cannot set permissions for 
himself/herself".
In the permission settings screen, the owner cannot set the following write permissions for himself/herself.
Any attempt to do so fails with the message 'Cannot revoke permission for yourself as admin'.
I think this is part of the behavior that remains from when we were handling explicitly granting administrative privileges to 
groups.

However, some groups can be modified, and there may be conditions under which the above failure occurs.
This may be the case for groups created by ordinary users themselves.


 > If you edit a repository group, the permissions tab will describe it as "Write" as "(Add repos)". Admin access should not be
 > necessary. Please verify that you really see the behaviour you describe.
 > (For some reason, repo group creation is more constrained in than repo creation... but that's yet another story.)

My apologies.
I meant to write "repository groups" instead of "repository" but I was wrong.

Sometimes I wonder why, because I want to create a group with the following structure, but cannot do so with only write permission.

personals         <- Create by admin.
   + userA_group   <- Create by userA.
   + userB_group   <- Create by userB.


Thanks

-- 
toras9000


More information about the kallithea-general mailing list