#2426 hide private repos in ssh too
Closed 4 years ago by pingou. Opened 4 years ago by stbuehler.
stbuehler/pagure hide-private-repos-in-ssh  into  master

file modified
+1 -1
@@ -126,7 +126,7 @@ 

                  repos = ''

  

              config.append('repo %s%s' % (repos, project.fullname))

-             if repos not in ['tickets/', 'requests/']:

+             if not project.private and repos not in ['tickets/', 'requests/']:

                  config.append('  R   = @all')

              if project.committer_groups:

                  config.append('  RW+ = @%s' % ' @'.join(

@all shouldn't have access to private repos, otherwise every user sees all private repositories.

  • didn't check "my changes" for pep8 - there are already over 1400 errors.
  • didn't run the unit tests, that is what CI is for.

didn't check "my changes" for pep8 - there are already over 1400 errors.

This feels a tad exagerated, flake8 returns 0 errors on master and pep8 itself lists 62.

Someone this doesn't make me want to run the tests for you...

$ dpkg -l python-pep8 | grep ii
ii  python-pep8    1.7.0-4      all          Python PEP 8 code style checker - Python
$ python /usr/lib/python2.7/dist-packages/pep8.py . | wc -l
1408

Try running it against the pagure folder

In that case I can report that this patch didn't change the list of warnings (on my system).

CVE-2017-1002151 has been assigned to this issue.

Alright so the tests are all passing which means this change isn't being tested.

Let's fix this.

This is the test I came up with:

+    def test_write_gitolite_project_test_private(self):
+        """ Test the write_gitolite_acls function of pagure.lib.git with
+        a postconf set """
+
+        with open(self.outputconf, 'w') as stream:
+            pass
+
+        # Make the test project private
+        project = pagure.lib._get_project(self.session, 'test')
+        project.private = True
+        self.session.add(project)
+        self.session.commit()
+
+        # Re-generate the gitolite config just for this project
+        helper = pagure.lib.git_auth.get_git_auth_helper('gitolite3')
+        helper.write_gitolite_acls(
+            self.session,
+            self.outputconf,
+            project=project,
+        )
+        self.assertTrue(os.path.exists(self.outputconf))
+
+        with open(self.outputconf) as stream:
+            data = stream.read().decode('utf-8')
+
+        exp = u"""@grp2  = foo
+@grp  = pingou
+# end of groups
+
+repo test
+  RW+ = pingou
+
+repo docs/test
+  RW+ = pingou
+
+repo tickets/test
+  RW+ = pingou
+
+repo requests/test
+  RW+ = pingou
+
+# end of body
+"""
+        print data
+        self.assertEqual(data, exp)
+

If someone can review this, I'll merge the PR manually.

We should probably also have a non-private project and make sure that that gets created correctly as well in the same run.

Pull-Request has been closed by pingou

4 years ago
Metadata