On 07/06/17 02:28, Stephen Finucane wrote:
On Tue, 2017-06-06 at 21:10 +1000, Daniel Axtens wrote:
Hi,
One thing that has come up in discussions around CI and Patchwork is
permissions for the checks API.
What permissions are required for a user to create a check?
I can't find anything in the docs to tell me for sure.
I know that admin permissions are sufficient, and I have been
unreliably informed that maintainership is sufficient.
At the moment, we rely on the 'Patch.is_editable' property to determine
this. That property allows edits to patches if the user is
authenticated and is either (a) the submitter of the patch, (b) the
delegate of the patch, (c) a project maintainer, or (d) a superuser.
What actually is required? We probably want to make this reasonably
granular so that, for example, the 0-day bot can be given the ability
to create checks without needing people to trust them with any other
rights.
We could probably loosen the above conditions: checks are associated
with a user and, since we merged '6c0bbe1' and '3fc11fea', it is
possible to distinguish which checks a user belongs to. Personally, I
would like to use Django Admin's groups or permissions to tag users
with CI permissions but this is a good chunk of work and smells of
YAGNI. Something even simpler, like letting any registered user create
a check, could do the job?
I'm a little bit uncomfortable with allowing anyone to create checks -
the kernel in particular is a large enough project to have contributors
who might be well-meaning but will go around contributing unhelpfully
and just irritating maintainers. Some of those "contributors" may
discover that they can now post checks which label minor static analysis
warnings as failures...
Maybe that's a problem to solve when we start seeing it, but on the
other hand we can expect to be stuck with people running 2.0 for a
considerable length of time.
Russell was talking to mpe today to get the perspective of someone who
maintains a fairly important patchwork project, he wasn't overly
concerned if we required the user to be a maintainer for the time being,
it's a bit annoying to have to ask the patchwork admin to add a new
maintainer though.
--
Andrew Donnellan OzLabs, ADL Canberra
[email protected] IBM Australia Limited
_______________________________________________
Patchwork mailing list
[email protected]
https://lists.ozlabs.org/listinfo/patchwork
