#4765 Project API token ACLs not clear
Closed: Fixed a year ago by pingou. Opened 2 years ago by cverna.

What is the difference between the ACLs:

  • Change the status of a ticket
    and
  • Update an issue, status, comments, custom fields...

When selecting both ACLs and trying to use the token to set an issue status to Closed I have the following error

{'error': 'You are not allowed to view this issue', 'error_code': 'EISSUENOTALLOWED'}

This was for this API endpoint https://pagure.io//api/0/releng/failed-composes/issue/7/status


Metadata Update from @ngompa:
- Issue set to the milestone: 5.11

a year ago

Update an issue, status, comments, custom fields...

Is a super-set of:

Change the status of a ticket

You can have a "issue_update" ACL that allows to do a number of things (and grows as endpoint to act on tickets are added) of the "issue_change_status" that allows to do only this one thing.

I have been thinking to update the UI to this:

Screenshot_from_2020-05-30_22-42-18.png

Does it make things clearer? (It basically adds the ACL name at the end of the description, which is handy as it's often what tool/docs seem to use (cf the fedpkg man page)).

That definitely looks a lot better!

Commit 98d320c relates to this ticket

Let's consider this ticket close and re-open if we're not happy with 5.11.

Thanks!

Metadata Update from @pingou:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata
Attachments 1
Related Pull Requests
  • #4887 Merged a year ago