pagure-dist-git

Clone
Source Code
GIT

#154 [Draft] Allow all repo admins to set bzoverride and monitoring
Opened 2 years ago by gotmax23. Modified 2 years ago
gotmax23/pagure-dist-git bz_override_admins  into  master

Merge
file modified
+5 -8 
@@ -58,15 +58,11 @@ 
 

      _check_token(repo, project_token=False)
 

  

      is_site_admin = pagure.utils.is_admin()
 

-     admins = [u.username for u in repo.get_project_users("admin")]
 

      # Only allow the main admin, the admins of the project, and Pagure site
 

      # admins to modify projects' monitoring, even if the user has the right
 

      # ACLs on their token
 

-     if (
 

-         flask.g.fas_user.username not in admins
 

-         and flask.g.fas_user.username != repo.user.username
 

-         and not is_site_admin
 

-     ):
 

+     if (pagure.utils.is_repo_admin(repo, flask.g.fas_user.username) and not
 

+             is_site_admin):
 

          raise pagure.exceptions.APIError(
 

              401, error_code=APIERROR.EMODIFYPROJECTNOTALLOWED
 

          )
 
@@ -694,9 +690,10 @@ 
 

      repo = _get_repo(repo, namespace=namespace)
 

  

      is_site_admin = pagure.utils.is_admin()
 

-     # Only allow the main admin and Pagure site admins to modify projects'
 

+     # Only allow project admins and Pagure site admins to modify projects'
 

      # monitoring, even if the user has the right ACLs on their token
 

-     if flask.g.fas_user.username != repo.user.username and not is_site_admin:
 

+     if (not pagure.utils.is_repo_admin(repo, flask.g.fas_user.username) and not
 

+             is_site_admin):
 

          raise pagure.exceptions.APIError(
 

              401, error_code=APIERROR.EMODIFYPROJECTNOTALLOWED
 

          )

See the commit messages for more explanation.

This is a draft, because I haven't yet set up a Pagure instance to test this.

/cc @zlopez re. monitoring changes

Perhaps, we should open this up to anyone who has at least contributor access. @kevin, any thoughts here?

Well, that gets more tricky... I mean, if we have a way to tell the contributor has epel* access, we could let them set the epel override? But then what to do with someone who is a collaborator and only has say 'epel7', but the package has epel8/9 too?

Its probibly best to stick with admins at least for now.

Its probibly best to stick with admins at least for now.

I think that makes sense. Whether or not to allow committers or collaborators to change the bzoverrides is worth a larger discussion. Expanding who can set the monitoring status is more reasonable, but I think we should leave this for now.
Metadata
None
No Tags
Changes Summary 1
+5 -8
file changed
pagure_distgit/plugin.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.