Re: Behavior of create_repo API as a general user

2021-01-17 Thread toras 

Thank you for the feature fixes and notifications.
I will try it after the next version is released.

Thanks


toras9000

On 2021/01/16 6:25, Mads Kiilerich wrote:
This has now been fixed in the stable branch and will be included in the 
next release - no matter if it will be 0.6.4 or 0.7 .


Thanks for the report.

/Mads



___
kallithea-general mailing list
kallithea-general@sfconservancy.org
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general

Re: Behavior of create_repo API as a general user

2021-01-15 Thread Mads Kiilerich 
This has now been fixed in the stable branch and will be included in the 
next release - no matter if it will be 0.6.4 or 0.7 .


Thanks for the report.

/Mads


On 1/3/21 2:38 AM, toras wrote:

Hi

Thank you for your answer.

I understand that it is a process of changing the interpretation of 
this setting value.

I'm looking forward to future versions including behavior fixes.

Thanks


toras9000

On 2021/01/03 7:49, Mads Kiilerich wrote:

Hi

You are right. Kallithea has some bugs around API permission 
handling. It is not

using the "create top-level repositories" permissions correctly.

This problem is related to the
"This will also give all users API access to create repositories 
everywhere.

That might change in future versions."
note, even though you see the opposite problem.

This behaviour is kind of intentional -
https://kallithea-scm.org/repos/kallithea/changeset/6620542597d3 - 
and with some

awareness in the test suite -
https://kallithea-scm.org/repos/kallithea-incoming/changeset/975f5769be08 
...

but doesn't match what hg.create.repositoryactually means:
https://kallithea-scm.org/repos/kallithea/changeset/8aad6a324739#kallitheamodeldbpy_n1676 



I propose
https://kallithea-scm.org/repos/kallithea/pull-request/303/_/api_permission_check 
to

fix this.

/Mads




___
kallithea-general mailing list
kallithea-general@sfconservancy.org
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general

Re: Behavior of create_repo API as a general user

2021-01-02 Thread Mads Kiilerich 

Hi

You are right. Kallithea has some bugs around API permission handling. 
It is not using the "create top-level repositories" permissions correctly.


This problem is related to the
"This will also give all users API access to create repositories 
everywhere. That might change in future versions."

note, even though you see the opposite problem.

This behaviour is kind of intentional - 
https://kallithea-scm.org/repos/kallithea/changeset/6620542597d3 - and 
with some awareness in the test suite - 
https://kallithea-scm.org/repos/kallithea-incoming/changeset/975f5769be08 
... but doesn't match what hg.create.repositoryactually means: 
https://kallithea-scm.org/repos/kallithea/changeset/8aad6a324739#kallitheamodeldbpy_n1676


I propose 
https://kallithea-scm.org/repos/kallithea/pull-request/303/_/api_permission_check 
to fix this.


/Mads


On 1/2/21 7:20 PM, toras wrote:

Hi

I have doubts about the behavior of 'create_repo' in Kallithea's API, 
so I will post it.

The version of kallithea I'm using is 0.6.3.

A 'create_repo' request to a repository group for which the account 
has write permissions also appears to fail if top-level repository 
creation is disabled.
The same request succeeds when I enable the create top-level 
repository setting.
Regardless of top-level settings, I can use that account to create 
repositories from the web into repository groups.


I didn't understand if the explanation of 'Note' on the setting screen 
means "Failed even if I have write permission".


For the time being, the situation I tried is described below.

The request was made like this.
```
curl http://localhost:5000/_admin/api -X POST -H 
'content-type:text/plain' --data-binary 
'{"id":1,"api_key":"0ae8322ce787f08771c6b3570765318fb0360ad6","method":"create_repo","args":{"repo_name":"grp/test", 
"repo_type":"git"}}'

```

The response in case of failure is like this.
```
{"id": 1, "result": null, "error": "Internal server error"}
```

The console output of kallithea at that time looks like the following.
```
2021-01-02 17:25:23.087 DEBUG [JSONRPC] Trying to find JSON-RPC 
method: create_repo
2021-01-02 17:25:23.087 INFO  [JSONRPC] IP: 127.0.0.1 Request to 
/_admin/api time: 0.012s
2021-01-02 17:25:23.127 ERROR [JSONRPC] Encountered unhandled 
exception: Traceback (most recent call last):
  File 
"/home/kallithea/.local/lib/python3.6/site-packages/kallithea/controllers/api/__init__.py", 
line 225, in _rpc_call

    raw_response = getattr(self, action)(**rpc_args)
  File "", line 2, in create_repo
  File 
"/home/kallithea/.local/lib/python3.6/site-packages/kallithea/lib/auth.py", 
line 664, in __wrapper

    raise HTTPForbidden()
webob.exc.HTTPForbidden: Access was denied to this resource.
```

# I rely on translation tools. I'm sorry if there is a strange sentence.


Thanks


toras9000

___
kallithea-general mailing list
kallithea-general@sfconservancy.org
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general



___
kallithea-general mailing list
kallithea-general@sfconservancy.org
https://lists.sfconservancy.org/mailman/listinfo/kallithea-general