Hi
You are right. Kallithea has some bugs around API permission handling.
It is not using the "create top-level repositories" permissions correctly.
This problem is related to the
"This will also give all users API access to create repositories
everywhere. That might change in future versions."
note, even though you see the opposite problem.
This behaviour is kind of intentional -
https://kallithea-scm.org/repos/kallithea/changeset/6620542597d3 - and
with some awareness in the test suite -
https://kallithea-scm.org/repos/kallithea-incoming/changeset/975f5769be08
... but doesn't match what hg.create.repositoryactually means:
https://kallithea-scm.org/repos/kallithea/changeset/8aad6a324739#kallitheamodeldbpy_n1676
I propose
https://kallithea-scm.org/repos/kallithea/pull-request/303/_/api_permission_check
to fix this.
/Mads
On 1/2/21 7:20 PM, toras wrote:
Hi
I have doubts about the behavior of 'create_repo' in Kallithea's API,
so I will post it.
The version of kallithea I'm using is 0.6.3.
A 'create_repo' request to a repository group for which the account
has write permissions also appears to fail if top-level repository
creation is disabled.
The same request succeeds when I enable the create top-level
repository setting.
Regardless of top-level settings, I can use that account to create
repositories from the web into repository groups.
I didn't understand if the explanation of 'Note' on the setting screen
means "Failed even if I have write permission".
For the time being, the situation I tried is described below.
The request was made like this.
```
curl http://localhost:5000/_admin/api -X POST -H
'content-type:text/plain' --data-binary
'{"id":1,"api_key":"0ae8322ce787f08771c6b3570765318fb0360ad6","method":"create_repo","args":{"repo_name":"grp/test",
"repo_type":"git"}}'
```
The response in case of failure is like this.
```
{"id": 1, "result": null, "error": "Internal server error"}
```
The console output of kallithea at that time looks like the following.
```
2021-01-02 17:25:23.087 DEBUG [JSONRPC] Trying to find JSON-RPC
method: create_repo
2021-01-02 17:25:23.087 INFO [JSONRPC] IP: 127.0.0.1 Request to
/_admin/api time: 0.012s
2021-01-02 17:25:23.127 ERROR [JSONRPC] Encountered unhandled
exception: Traceback (most recent call last):
File
"/home/kallithea/.local/lib/python3.6/site-packages/kallithea/controllers/api/__init__.py",
line 225, in _rpc_call
raw_response = getattr(self, action)(**rpc_args)
File "", line 2, in create_repo
File
"/home/kallithea/.local/lib/python3.6/site-packages/kallithea/lib/auth.py",
line 664, in __wrapper
raise HTTPForbidden()
webob.exc.HTTPForbidden: Access was denied to this resource.
```
# I rely on translation tools. I'm sorry if there is a strange sentence.
Thanks
toras9000
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general