On Mon, Dec 10, 2012 at 11:05:15AM -0700, Ken Dreyer wrote:
> Context: I've got an intranet Gitorious instance set up, with a couple
> self-managed teams.
>
> I just had some users lose access to some repos when they transferred
> the repos to a team. Even though these users were members of the group
> which was the "Owner", the users still had no admin rights to the
> repo. I had to explicitly add the team in the committership table in
> MySQL.
>
Ken,
The permission model in Gitorious uses a fancy join table to connect a
user/team and a repository, this "table" is represented in the
Committership class. For each committership (the connection between a
user/team and a repository), there's a permissions property (similar
to Unix file permissions) which determine what the user/team is
allowed to do with the repository.
> Should a "group owner" for a repo mean that everyone in the group
> implicitly has admin rights on that repo? I'm wondering if this is a
> bug or if it's intentional.
Now onwards to your question :-)
I would agree with you that a group owner should have admin rights to
that repository. Transferring ownership to a group involves calling
`change_owner_to!` on the Repository class, which *should* cause a
comittership to be created (`committerships.create_for_owner!`), which
would set up a committership with all permissions:
# app/models/committership.rb
def self.create_for_owner!(an_owner)
cs = new({:committer => an_owner})
cs.permissions = (CAN_REVIEW | CAN_COMMIT | CAN_ADMIN)
cs.save!
cs
end
However, there's an if clause around that call: `unless
committerships.any?{|c|c.committer == another_owner}` which means that
if the new owner already has access to the repository, a new
committership is not created. Could this be what happened on your
server? Whether it is or not, I would suggest that we change it to
either create a new committership or change the permissions to the
existing one, but I'd like to know if that was the cause or you found
another bug.
Cheers,
- Marius
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
