From ef60c2e8dab9ad4b9e9a45e0368656b074c128fb Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: Apr 06 2020 07:10:05 +0000
Subject: [PATCH 1/3] new policy for dist-repo


Fixes: https://pagure.io/koji/issue/1660

---

diff --git a/hub/kojihub.py b/hub/kojihub.py
index 4390079..062f05e 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -11816,7 +11816,13 @@ class RootExports(object):
 
     def distRepo(self, tag, keys, **task_opts):
         """Create a dist-repo task. returns task id"""
-        context.session.assertPerm('dist-repo')
+        if not context.session.hasPerm('dist-repo') and not context.session.hasPerm('admin'):
+            policy_data = {
+                'tag': tag,
+                'keys': keys,
+            }
+            assert_policy('dist_repo', policy_data)
+
         repo_id, event_id = dist_repo_init(tag, keys, task_opts)
         task_opts['event'] = event_id
         # cancel potentially running distRepos
diff --git a/tests/test_hub/test_dist_repo.py b/tests/test_hub/test_dist_repo.py
index f685908..536a899 100644
--- a/tests/test_hub/test_dist_repo.py
+++ b/tests/test_hub/test_dist_repo.py
@@ -85,14 +85,16 @@ class TestDistRepoInit(unittest.TestCase):
 
 class TestDistRepo(unittest.TestCase):
 
+    @mock.patch('kojihub.assert_policy')
     @mock.patch('kojihub.dist_repo_init')
     @mock.patch('kojihub.make_task')
-    def test_DistRepo(self, make_task, dist_repo_init):
+    def test_DistRepo(self, make_task, dist_repo_init, assert_policy):
         session = kojihub.context.session = mock.MagicMock()
         session.user_id = 123
         # It seems MagicMock will not automatically handle attributes that
         # start with "assert"
-        session.assertPerm = mock.MagicMock()
+        session.hasPerm = mock.MagicMock()
+        session.hasPerm.return_value = False
         dist_repo_init.return_value = ('repo_id', 'event_id')
         make_task.return_value = 'task_id'
         exports = kojihub.RootExports()
@@ -101,7 +103,8 @@ class TestDistRepo(unittest.TestCase):
 
         ret = exports.distRepo('tag', 'keys')
 
-        session.assertPerm.assert_called_once_with('dist-repo')
+        session.hasPerm.has_calls(mock.call('dist_repo'), mock.call('admin'))
+        assert_policy.assert_called_once_with('dist-repo', {'tag': 'tag', 'keys': 'keys'})
         dist_repo_init.assert_called_once()
         make_task.assert_called_once()
         self.assertEquals(ret, make_task.return_value)

From fefdbdca4291c38bbc77436487e8f3f162e0958b Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: Apr 06 2020 07:10:05 +0000
Subject: [PATCH 2/3] fix typo


---

diff --git a/tests/test_hub/test_dist_repo.py b/tests/test_hub/test_dist_repo.py
index 536a899..2cf1060 100644
--- a/tests/test_hub/test_dist_repo.py
+++ b/tests/test_hub/test_dist_repo.py
@@ -104,7 +104,7 @@ class TestDistRepo(unittest.TestCase):
         ret = exports.distRepo('tag', 'keys')
 
         session.hasPerm.has_calls(mock.call('dist_repo'), mock.call('admin'))
-        assert_policy.assert_called_once_with('dist-repo', {'tag': 'tag', 'keys': 'keys'})
+        assert_policy.assert_called_once_with('dist_repo', {'tag': 'tag', 'keys': 'keys'})
         dist_repo_init.assert_called_once()
         make_task.assert_called_once()
         self.assertEquals(ret, make_task.return_value)

From 0df16ef967043b68fa54a63cf918ca9a50305913 Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: Apr 06 2020 07:21:12 +0000
Subject: [PATCH 3/3] drop "keys" field


---

diff --git a/hub/kojihub.py b/hub/kojihub.py
index 062f05e..99be038 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -11817,12 +11817,7 @@ class RootExports(object):
     def distRepo(self, tag, keys, **task_opts):
         """Create a dist-repo task. returns task id"""
         if not context.session.hasPerm('dist-repo') and not context.session.hasPerm('admin'):
-            policy_data = {
-                'tag': tag,
-                'keys': keys,
-            }
-            assert_policy('dist_repo', policy_data)
-
+            assert_policy('dist_repo', {'tag': tag})
         repo_id, event_id = dist_repo_init(tag, keys, task_opts)
         task_opts['event'] = event_id
         # cancel potentially running distRepos
diff --git a/tests/test_hub/test_dist_repo.py b/tests/test_hub/test_dist_repo.py
index 2cf1060..92e34bf 100644
--- a/tests/test_hub/test_dist_repo.py
+++ b/tests/test_hub/test_dist_repo.py
@@ -104,7 +104,7 @@ class TestDistRepo(unittest.TestCase):
         ret = exports.distRepo('tag', 'keys')
 
         session.hasPerm.has_calls(mock.call('dist_repo'), mock.call('admin'))
-        assert_policy.assert_called_once_with('dist_repo', {'tag': 'tag', 'keys': 'keys'})
+        assert_policy.assert_called_once_with('dist_repo', {'tag': 'tag'})
         dist_repo_init.assert_called_once()
         make_task.assert_called_once()
         self.assertEquals(ret, make_task.return_value)