From 9ef57c0f822eeb3b62c0d320abb1f47a2c45f539 Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: Apr 07 2020 10:27:56 +0000
Subject: new policy for dist-repo


Fixes: https://pagure.io/koji/issue/1660

---

diff --git a/hub/kojihub.py b/hub/kojihub.py
index 0f289e8..68c06f5 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -11829,7 +11829,13 @@ class RootExports(object):
 
     def distRepo(self, tag, keys, **task_opts):
         """Create a dist-repo task. returns task id"""
-        context.session.assertPerm('dist-repo')
+        if not context.session.hasPerm('dist-repo') and not context.session.hasPerm('admin'):
+            policy_data = {
+                'tag': tag,
+                'keys': keys,
+            }
+            assert_policy('dist_repo', policy_data)
+
         repo_id, event_id = dist_repo_init(tag, keys, task_opts)
         task_opts['event'] = event_id
         # cancel potentially running distRepos
diff --git a/tests/test_hub/test_dist_repo.py b/tests/test_hub/test_dist_repo.py
index f685908..536a899 100644
--- a/tests/test_hub/test_dist_repo.py
+++ b/tests/test_hub/test_dist_repo.py
@@ -85,14 +85,16 @@ class TestDistRepoInit(unittest.TestCase):
 
 class TestDistRepo(unittest.TestCase):
 
+    @mock.patch('kojihub.assert_policy')
     @mock.patch('kojihub.dist_repo_init')
     @mock.patch('kojihub.make_task')
-    def test_DistRepo(self, make_task, dist_repo_init):
+    def test_DistRepo(self, make_task, dist_repo_init, assert_policy):
         session = kojihub.context.session = mock.MagicMock()
         session.user_id = 123
         # It seems MagicMock will not automatically handle attributes that
         # start with "assert"
-        session.assertPerm = mock.MagicMock()
+        session.hasPerm = mock.MagicMock()
+        session.hasPerm.return_value = False
         dist_repo_init.return_value = ('repo_id', 'event_id')
         make_task.return_value = 'task_id'
         exports = kojihub.RootExports()
@@ -101,7 +103,8 @@ class TestDistRepo(unittest.TestCase):
 
         ret = exports.distRepo('tag', 'keys')
 
-        session.assertPerm.assert_called_once_with('dist-repo')
+        session.hasPerm.has_calls(mock.call('dist_repo'), mock.call('admin'))
+        assert_policy.assert_called_once_with('dist-repo', {'tag': 'tag', 'keys': 'keys'})
         dist_repo_init.assert_called_once()
         make_task.assert_called_once()
         self.assertEquals(ret, make_task.return_value)